Should PCI "new_id" support be disabled when kernel is locked down?

Should PCI "new_id" support be disabled when kernel is locked down?

[Ian Abbott]

Hello,

The "new_id" PCI driver sysfs attribute can be used to make an arbitrary 
PCI driver match an arbitrary PCI vendor/device ID.  That could easily 
crash the kernel or at least make it do weird things if used 
inappropriately.  Is this scenario in scope for the "lockdown" security 
module?

-- 
-=( Ian Abbott <abbotti@mev.co.uk> || Web: www.mev.co.uk )=-
-=( MEV Ltd. is a company registered in England & Wales. )=-
-=( Registered number: 02862268.  Registered address:    )=-
-=( 15 West Park Road, Bramhall, STOCKPORT, SK7 3JZ, UK. )=-

Re: Should PCI "new_id" support be disabled when kernel is locked down?

[Matthew Garrett]

On Wed, Sep 4, 2019 at 9:12 AM Ian Abbott <abbotti@mev.co.uk> wrote:
>
> Hello,
>
> The "new_id" PCI driver sysfs attribute can be used to make an arbitrary
> PCI driver match an arbitrary PCI vendor/device ID.  That could easily
> crash the kernel or at least make it do weird things if used
> inappropriately.  Is this scenario in scope for the "lockdown" security
> module?

Crashing the kernel isn't really a concern - the issue is more whether
it's possible to get a driver to perform a sufficient number of writes
to a device that it can in turn cause the device to overwrite the
kernel in a controlled manner. This seems theoretically possible, but
I think I'm inclined to leave it as is unless someone demonstrates
that it's more than theoretical.