Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4655061img; Tue, 26 Mar 2019 13:56:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqx6HPlgL72io7i4E/rvWaIHe8aRMqqaBqfxj3wYjMKrY9AnkGttjCbYSNZkucnNhmi9Nbgm X-Received: by 2002:a17:902:70cc:: with SMTP id l12mr14870737plt.10.1553633808098; Tue, 26 Mar 2019 13:56:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553633808; cv=none; d=google.com; s=arc-20160816; b=ij33r4i1/JpFzHzZtIEdXSdwxFYGQYY+X8YlJTYdKcWJz9vjeypvxr/R3ZeQQ5FMtA ZO34vQbJY7csp1bKYFOt7O0LnA5xMYx53kfkcxyDXwiLDqKjqb7BCw8Z9yF8xe7ApYdj Sdo0lKTIFEH7T/yfTg/lKLxYlOKRuaWho1h4xs9k++kzf6NaDCxhSI47zaQJZ7F8hB+M nNKVVcHSnonWCbghsUq/RRV/NwV98rFxHRUFUhPnpqu8JnE61Jpxo5g17DrZoyqNKtpi UP/PILJ02xe/yLpFAQ4NNyCnD//FqW7RJEN9E6NlzhnlsSJ5NDUBqvDMZB+IV6S6Vumi 4i/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=boyJ3Buo2pPC9t7P96nVK4DIZZBxcZsfGGAPdiYwOqQ=; b=Q9NZlnZnfgRC3Fv8JdBY6zHjAgo2AWDhHtmtV/jf/yecSzEXcbVfLrBrVIx4G4/Gbw wD0YoSzTwFOCvNLKQpxpJhxN9TEfIWnRYFJgYv8XWdzGnOQKx7M2OolkWYZEsv+F/b4W JRuxDpAoOfooR2DMNq0AX8LY5f/uAXHDCa9TOKOxAVycTtwfrooQVVNs3tywgJSGIfOj zEChjg9iypG2R1/rb+XgTe3cNQpm/m/SJ9hBK55XNaVimb1jfMP+NjDy4fp5q55UgBYV sT98Yl3kvd5ZuZsnUx6ARYKn5P2HftgsEns7eaHMeg4hsgY2N4jYpM51bHtono2f+qYN MpQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hDVTJCYY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h4si16269118pgc.354.2019.03.26.13.56.33; Tue, 26 Mar 2019 13:56:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=hDVTJCYY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732767AbfCZUzx (ORCPT + 99 others); Tue, 26 Mar 2019 16:55:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:34824 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732742AbfCZUzw (ORCPT ); Tue, 26 Mar 2019 16:55:52 -0400 Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E12C621741 for ; Tue, 26 Mar 2019 20:55:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553633752; bh=boyJ3Buo2pPC9t7P96nVK4DIZZBxcZsfGGAPdiYwOqQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=hDVTJCYYK+ctAydkulvCscDWHwdq3eXq7tlPLUds/HghYBvTIs3KUDaUvqwgQ1ty5 dzf5BqtRWoXTxDe8XsEg889M6uL0lIZ+BoFEis26j9aX+uct6AxWbhJe4zWjGCd8yY PRn9LyIHAHkS4sCxpOVE15svTfGYh7nsRV/xNSSI= Received: by mail-wm1-f44.google.com with SMTP id o25so14097911wmf.5 for ; Tue, 26 Mar 2019 13:55:51 -0700 (PDT) X-Gm-Message-State: APjAAAVGGlC15jIS2YSh5s0JkAxRnAh+C15KKKc/vRapFmjd+4RtVu0i DJIVYt8EaF9QjKjUCWmcr5BrFG3Tt27iibA6UhVD3A== X-Received: by 2002:a05:600c:211a:: with SMTP id u26mr11751037wml.74.1553633750383; Tue, 26 Mar 2019 13:55:50 -0700 (PDT) MIME-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> <20190326182742.16950-11-matthewgarrett@google.com> In-Reply-To: <20190326182742.16950-11-matthewgarrett@google.com> From: Andy Lutomirski Date: Tue, 26 Mar 2019 13:55:39 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH V31 10/25] PCI: Lock down BAR access when the kernel is locked down To: Matthew Garrett Cc: James Morris , LSM List , LKML , David Howells , Linux API , Andrew Lutomirski , Matthew Garrett , Matthew Garrett , Bjorn Helgaas , linux-pci@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 26, 2019 at 11:28 AM Matthew Garrett wrote: > > From: Matthew Garrett > > Any hardware that can potentially generate DMA has to be locked down in > order to avoid it being possible for an attacker to modify kernel code, > allowing them to circumvent disabled module loading or module signing. > Default to paranoid - in future we can potentially relax this for > sufficiently IOMMU-isolated devices. Does this break vfio? --Andy