On Fri, 21 Jun 2019, Matthew Garrett wrote: > From: David Howells <[email protected]> > > The testmmiotrace module shouldn't be permitted when the kernel is locked > down as it can be used to arbitrarily read and write MMIO space. This is > a runtime check rather than buildtime in order to allow configurations > where the same kernel may be run in both locked down or permissive modes > depending on local policy. > > Suggested-by: Thomas Gleixner <[email protected]> > Signed-off-by: David Howells <[email protected] > Signed-off-by: Matthew Garrett <[email protected]> > cc: Thomas Gleixner <[email protected]> > cc: Steven Rostedt <[email protected]> > cc: Ingo Molnar <[email protected]> > cc: "H. Peter Anvin" <[email protected]> > cc: [email protected] Reviewed-by: Thomas Gleixner <[email protected]>
- [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when the k... Matthew Garrett
- [PATCH V34 17/29] Prohibit PCMCIA CIS storage when the ker... Matthew Garrett
- [PATCH V34 25/29] kexec: Allow kexec_file() with appropria... Matthew Garrett
- [PATCH V34 21/29] Lock down /proc/kcore Matthew Garrett
- [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotra... Matthew Garrett
- Re: [PATCH V34 20/29] x86/mmiotrace: Lock down the te... Kees Cook
- Re: [PATCH V34 20/29] x86/mmiotrace: Lock down the te... Thomas Gleixner
- [PATCH V34 11/29] PCI: Lock down BAR access when the kerne... Matthew Garrett
- [PATCH V34 18/29] Lock down TIOCSSERIAL Matthew Garrett
- [PATCH V34 24/29] Lock down perf when in confidentiality m... Matthew Garrett
- [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into ... Matthew Garrett
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown i... Matthew Garrett
