diff options
Diffstat (limited to 'PCI-Lock-down-BAR-access-when-module-security-is-ena.patch')
-rw-r--r-- | PCI-Lock-down-BAR-access-when-module-security-is-ena.patch | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch index 23a514f3b..9500b96d2 100644 --- a/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch +++ b/PCI-Lock-down-BAR-access-when-module-security-is-ena.patch @@ -1,8 +1,7 @@ -From 655fbf360e1481db4f06001f893d388c15ac307f Mon Sep 17 00:00:00 2001 +From 6f756b32a45b022428e33ce20181e874c73ca82e Mon Sep 17 00:00:00 2001 From: Matthew Garrett <matthew.garrett@nebula.com> Date: Thu, 8 Mar 2012 10:10:38 -0500 -Subject: [PATCH 02/20] PCI: Lock down BAR access when module security is - enabled +Subject: [PATCH] PCI: Lock down BAR access when module security is enabled Any hardware that can potentially generate DMA has to be locked down from userspace in order to avoid it being possible for an attacker to modify @@ -18,7 +17,7 @@ Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c -index 312f23a8429c..93e6ac103dd0 100644 +index bcd10c7..a950301 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -30,6 +30,7 @@ @@ -29,7 +28,7 @@ index 312f23a8429c..93e6ac103dd0 100644 #include "pci.h" static int sysfs_initialized; /* = 0 */ -@@ -710,6 +711,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, +@@ -716,6 +717,9 @@ static ssize_t pci_write_config(struct file *filp, struct kobject *kobj, loff_t init_off = off; u8 *data = (u8 *) buf; @@ -39,7 +38,7 @@ index 312f23a8429c..93e6ac103dd0 100644 if (off > dev->cfg_size) return 0; if (off + count > dev->cfg_size) { -@@ -1004,6 +1008,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, +@@ -1007,6 +1011,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, resource_size_t start, end; int i; @@ -49,7 +48,7 @@ index 312f23a8429c..93e6ac103dd0 100644 for (i = 0; i < PCI_ROM_RESOURCE; i++) if (res == &pdev->resource[i]) break; -@@ -1105,6 +1112,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, +@@ -1106,6 +1113,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) { @@ -60,7 +59,7 @@ index 312f23a8429c..93e6ac103dd0 100644 } diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 3f155e78513f..4265ea07e3b0 100644 +index 2408abe..59f321c 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -116,6 +116,9 @@ static ssize_t proc_bus_pci_write(struct file *file, const char __user *buf, @@ -85,7 +84,7 @@ index 3f155e78513f..4265ea07e3b0 100644 ret = pci_domain_nr(dev->bus); @@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) struct pci_filp_private *fpriv = file->private_data; - int i, ret; + int i, ret, write_combine; - if (!capable(CAP_SYS_RAWIO)) + if (!capable(CAP_SYS_RAWIO) || secure_modules()) @@ -93,7 +92,7 @@ index 3f155e78513f..4265ea07e3b0 100644 /* Make sure the caller is mapping a real resource for this device */ diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c -index b91c4da68365..98f5637304d1 100644 +index b91c4da..98f5637 100644 --- a/drivers/pci/syscall.c +++ b/drivers/pci/syscall.c @@ -10,6 +10,7 @@ @@ -114,5 +113,5 @@ index b91c4da68365..98f5637304d1 100644 dev = pci_get_bus_and_slot(bus, dfn); -- -2.4.3 +2.9.2 |