On Fri, 21 Jun 2019, Matthew Garrett wrote: > From: David Howells <dhowe...@redhat.com> > > The testmmiotrace module shouldn't be permitted when the kernel is locked > down as it can be used to arbitrarily read and write MMIO space. This is > a runtime check rather than buildtime in order to allow configurations > where the same kernel may be run in both locked down or permissive modes > depending on local policy. > > Suggested-by: Thomas Gleixner <t...@linutronix.de> > Signed-off-by: David Howells <dhowe...@redhat.com > Signed-off-by: Matthew Garrett <mj...@google.com> > cc: Thomas Gleixner <t...@linutronix.de> > cc: Steven Rostedt <rost...@goodmis.org> > cc: Ingo Molnar <mi...@kernel.org> > cc: "H. Peter Anvin" <h...@zytor.com> > cc: x...@kernel.org Reviewed-by: Thomas Gleixner <t...@linutronix.de>
- [PATCH V34 05/29] Restrict /dev/{mem,kmem,port} when the k... Matthew Garrett
- [PATCH V34 17/29] Prohibit PCMCIA CIS storage when the ker... Matthew Garrett
- [PATCH V34 25/29] kexec: Allow kexec_file() with appropria... Matthew Garrett
- [PATCH V34 21/29] Lock down /proc/kcore Matthew Garrett
- [PATCH V34 20/29] x86/mmiotrace: Lock down the testmmiotra... Matthew Garrett
- Re: [PATCH V34 20/29] x86/mmiotrace: Lock down the te... Kees Cook
- Re: [PATCH V34 20/29] x86/mmiotrace: Lock down the te... Thomas Gleixner
- [PATCH V34 11/29] PCI: Lock down BAR access when the kerne... Matthew Garrett
- [PATCH V34 18/29] Lock down TIOCSSERIAL Matthew Garrett
- [PATCH V34 24/29] Lock down perf when in confidentiality m... Matthew Garrett
- [PATCH V34 08/29] kexec_file: split KEXEC_VERIFY_SIG into ... Matthew Garrett
- [PATCH V34 23/29] bpf: Restrict bpf when kernel lockdown i... Matthew Garrett
