| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200630044943.3425049-1-rajatja@google.com>
Date: Mon, 29 Jun 2020 21:49:36 -0700
From: Rajat Jain <rajatja@...gle.com>
To: David Woodhouse <dwmw2@...radead.org>,
Lu Baolu <baolu.lu@...ux.intel.com>,
Joerg Roedel <joro@...tes.org>,
Bjorn Helgaas <bhelgaas@...gle.com>,
"Rafael J. Wysocki" <rjw@...ysocki.net>,
Len Brown <lenb@...nel.org>, iommu@...ts.linux-foundation.org,
linux-kernel@...r.kernel.org, linux-pci@...r.kernel.org,
linux-acpi@...r.kernel.org, Raj Ashok <ashok.raj@...el.com>,
lalithambika.krishnakumar@...el.com,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Jean-Philippe Brucker <jean-philippe@...aro.org>,
Prashant Malani <pmalani@...gle.com>,
Benson Leung <bleung@...gle.com>,
Todd Broch <tbroch@...gle.com>,
Alex Levin <levinale@...gle.com>,
Mattias Nissler <mnissler@...gle.com>,
Rajat Jain <rajatxjain@...il.com>,
Bernie Keany <bernie.keany@...el.com>,
Aaron Durbin <adurbin@...gle.com>,
Diego Rivas <diegorivas@...gle.com>,
Duncan Laurie <dlaurie@...gle.com>,
Furquan Shaikh <furquan@...gle.com>,
Jesse Barnes <jsbarnes@...gle.com>,
Christian Kellner <christian@...lner.me>,
Alex Williamson <alex.williamson@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
oohall@...il.com, Saravana Kannan <saravanak@...gle.com>,
Suzuki K Poulose <suzuki.poulose@....com>,
Arnd Bergmann <arnd@...db.de>,
Heikki Krogerus <heikki.krogerus@...ux.intel.com>
Cc: Rajat Jain <rajatja@...gle.com>
Subject: [PATCH v2 0/7] Tighten PCI security, expose dev location in sysfs
This is a set of loosely related patches most of whom emerged out of
discussion in the following threads. In a nutshell the goal was to allow
an administrator to specify which driver he wants to allow on external
ports, and a strategy was chalked out:
https://lore.kernel.org/linux-pci/20200609210400.GA1461839@bjorn-Precision-5520/
https://lore.kernel.org/linux-pci/20200618184621.GA446639@kroah.com/
https://lore.kernel.org/linux-pci/20200627050225.GA226238@kroah.com/
* The first 3 patches tighten the PCI security using ACS, and take care
of a border case.
* The 4th patch takes care of PCI bug.
* 5th and 6th patches expose a device's location into the sysfs to allow
admin to make decision based on that.
* 7th patch is to ensure that the external devices don't bind to drivers
during boot.
Rajat Jain (7):
PCI: Keep the ACS capability offset in device
PCI: Set "untrusted" flag for truly external devices only
PCI/ACS: Enable PCI_ACS_TB for untrusted/external-facing devices
PCI: Add device even if driver attach failed
driver core: Add device location to "struct device" and expose it in
sysfs
PCI: Move pci_dev->untrusted logic to use device location instead
PCI: Add parameter to disable attaching external devices
drivers/base/core.c | 35 +++++++++++++++++++++++++++++++
drivers/iommu/intel/iommu.c | 31 ++++++++++++++++++---------
drivers/pci/ats.c | 2 +-
drivers/pci/bus.c | 13 ++++++------
drivers/pci/of.c | 2 +-
drivers/pci/p2pdma.c | 2 +-
drivers/pci/pci-acpi.c | 13 ++++++------
drivers/pci/pci-driver.c | 1 +
drivers/pci/pci.c | 34 ++++++++++++++++++++++++++----
drivers/pci/pci.h | 3 ++-
drivers/pci/probe.c | 20 +++++++++++-------
drivers/pci/quirks.c | 19 +++++++++++++----
include/linux/device.h | 42 +++++++++++++++++++++++++++++++++++++
include/linux/device/bus.h | 8 +++++++
include/linux/pci.h | 13 ++++++------
15 files changed, 191 insertions(+), 47 deletions(-)
--
2.27.0.212.ge8ba1cc988-goog
Powered by blists - more mailing lists