From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ben Widawsky <ben.widawsky@intel.com>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Ondrej Mosnacek <omosnace@redhat.com>,
Paul Moore <paul@paul-moore.com>,
Dan Williams <dan.j.williams@intel.com>
Subject: [PATCH 5.14 22/23] cxl/pci: Fix lockdown level
Date: Fri, 10 Sep 2021 14:30:12 +0200 [thread overview]
Message-ID: <20210910122916.709969307@linuxfoundation.org> (raw)
In-Reply-To: <20210910122916.022815161@linuxfoundation.org>
From: Dan Williams <dan.j.williams@intel.com>
commit 9e56614c44b994b78fc9fcb2070bcbe3f5df0d7b upstream.
A proposed rework of security_locked_down() users identified that the
cxl_pci driver was passing the wrong lockdown_reason. Update
cxl_mem_raw_command_allowed() to fail raw command access when raw pci
access is also disabled.
Fixes: 13237183c735 ("cxl/mem: Add a "RAW" send command")
Cc: Ben Widawsky <ben.widawsky@intel.com>
Cc: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Cc: <stable@vger.kernel.org>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/163072204525.2250120.16615792476976546735.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/cxl/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/cxl/pci.c
+++ b/drivers/cxl/pci.c
@@ -568,7 +568,7 @@ static bool cxl_mem_raw_command_allowed(
if (!IS_ENABLED(CONFIG_CXL_MEM_RAW_COMMANDS))
return false;
- if (security_locked_down(LOCKDOWN_NONE))
+ if (security_locked_down(LOCKDOWN_PCI_ACCESS))
return false;
if (cxl_raw_allow_all)
next prev parent reply other threads:[~2021-09-10 12:31 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 12:29 [PATCH 5.14 00/23] 5.14.3-rc1 review Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 01/23] firmware: dmi: Move product_sku info to the end of the modalias Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 02/23] can: c_can: fix null-ptr-deref on ioctl() Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 03/23] igmp: Add ip_mc_list lock in ip_check_mc_rcu Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 04/23] Revert "r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM" Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 05/23] ALSA: usb-audio: Add registration quirk for JBL Quantum 800 Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 06/23] Bluetooth: Add additional Bluetooth part for Realtek 8852AE Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 07/23] Bluetooth: btusb: Make the CSR clone chip force-suspend workaround more generic Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 08/23] usb: host: xhci-rcar: Dont reload firmware after the completion Greg Kroah-Hartman
2021-09-10 12:29 ` [PATCH 5.14 09/23] usb: xhci-mtk: fix issue of out-of-bounds array access Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 10/23] usb: cdnsp: fix the wrong mult value for HS isoc or intr Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 11/23] usb: gadget: tegra-xudc: " Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 12/23] usb: mtu3: restore HS function when set SS/SSP Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 13/23] usb: mtu3: use @mult for HS isoc or intr Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 14/23] usb: mtu3: fix the wrong HS mult value Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 15/23] xhci: fix even more unsafe memory usage in xhci tracing Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 16/23] xhci: fix " Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 17/23] xhci: Fix failure to give back some cached cancelled URBs Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 18/23] staging: mt7621-pci: fix hang when nothing is connected to pcie ports Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 19/23] x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 20/23] PCI: Call Max Payload Size-related fixup quirks early Greg Kroah-Hartman
2021-09-10 12:30 ` [PATCH 5.14 21/23] cxl/pci: Fix debug message in cxl_probe_regs() Greg Kroah-Hartman
2021-09-10 12:30 ` Greg Kroah-Hartman [this message]
2021-09-10 12:30 ` [PATCH 5.14 23/23] cxl/acpi: Do not add DSDT disabled ACPI0016 host bridge ports Greg Kroah-Hartman
2021-09-10 20:19 ` [PATCH 5.14 00/23] 5.14.3-rc1 review Florian Fainelli
2021-09-10 20:43 ` Fox Chen
2021-09-10 23:16 ` Shuah Khan
2021-09-11 16:10 ` Justin Forbes
2021-09-11 19:36 ` Guenter Roeck
2021-09-12 0:47 ` Daniel Díaz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210910122916.709969307@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Jonathan.Cameron@huawei.com \
--cc=ben.widawsky@intel.com \
--cc=dan.j.williams@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).