From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35F54C433F5 for ; Fri, 1 Oct 2021 15:57:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 140F3619F7 for ; Fri, 1 Oct 2021 15:57:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232064AbhJAP6i (ORCPT ); Fri, 1 Oct 2021 11:58:38 -0400 Received: from mga11.intel.com ([192.55.52.93]:12729 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355134AbhJAP6V (ORCPT ); Fri, 1 Oct 2021 11:58:21 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10124"; a="222274169" X-IronPort-AV: E=Sophos;i="5.85,339,1624345200"; d="scan'208";a="222274169" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 08:56:33 -0700 X-IronPort-AV: E=Sophos;i="5.85,339,1624345200"; d="scan'208";a="619229588" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.135.37.9]) ([10.135.37.9]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 08:56:31 -0700 Subject: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices To: Alan Stern , Greg Kroah-Hartman Cc: "Michael S. Tsirkin" , Kuppuswamy Sathyanarayanan , Borislav Petkov , x86@kernel.org, Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Dan Williams , Kuppuswamy Sathyanarayanan , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-usb@vger.kernel.org, virtualization@lists.linux-foundation.org, "Reshetova, Elena" References: <20210930065807-mutt-send-email-mst@kernel.org> <20210930103537-mutt-send-email-mst@kernel.org> <20210930105852-mutt-send-email-mst@kernel.org> <20211001155143.GB505557@rowland.harvard.edu> From: Andi Kleen Message-ID: <95b0e0c1-b0a2-944d-0b57-30360ac39a35@linux.intel.com> Date: Fri, 1 Oct 2021 08:56:31 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20211001155143.GB505557@rowland.harvard.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Forget about trust for the moment. Let's say the goal is to prevent > the kernel from creating any bindings other that those in some small > "allowed" set. To fully specify one of the allowed bindings, you > would have to provide both a device ID and a driver name. But in > practice this isn't necessary, since a device with a given ID will > bind to only one driver in almost all cases, and hence giving just > the device ID is enough. > > So to do what they want, all that's needed is to forbid any bindings > except where the device ID is "allowed". Or to put it another way, > where the device's authorized flag (which can be initialized based on > the device ID) is set. > > (The opposite approach, in which the drivers are "allowed" rather > than the device IDs, apparently has already been discussed and > rejected. I'm not convinced that was a good decision, but...) > > Does this seem like a fair description of the situation? Yes. That's roughly what the patchkit under discussion implements. -Andi From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24E33C433F5 for ; Fri, 1 Oct 2021 15:56:44 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 84D18617E1 for ; Fri, 1 Oct 2021 15:56:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 84D18617E1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 4A803425C8; Fri, 1 Oct 2021 15:56:43 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ubMZNU3RpHHW; Fri, 1 Oct 2021 15:56:42 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [IPv6:2605:bc80:3010:104::8cd3:938]) by smtp4.osuosl.org (Postfix) with ESMTPS id D9C9D425BE; Fri, 1 Oct 2021 15:56:41 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id B4AB8C000F; Fri, 1 Oct 2021 15:56:41 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 93A79C000D for ; Fri, 1 Oct 2021 15:56:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 81B93844DE for ; Fri, 1 Oct 2021 15:56:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PKelnIqjQf-A for ; Fri, 1 Oct 2021 15:56:40 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by smtp1.osuosl.org (Postfix) with ESMTPS id DEBE3843FA for ; Fri, 1 Oct 2021 15:56:39 +0000 (UTC) X-IronPort-AV: E=McAfee;i="6200,9189,10124"; a="205629710" X-IronPort-AV: E=Sophos;i="5.85,339,1624345200"; d="scan'208";a="205629710" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 08:56:32 -0700 X-IronPort-AV: E=Sophos;i="5.85,339,1624345200"; d="scan'208";a="619229588" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.135.37.9]) ([10.135.37.9]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Oct 2021 08:56:31 -0700 Subject: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices To: Alan Stern , Greg Kroah-Hartman References: <20210930065807-mutt-send-email-mst@kernel.org> <20210930103537-mutt-send-email-mst@kernel.org> <20210930105852-mutt-send-email-mst@kernel.org> <20211001155143.GB505557@rowland.harvard.edu> From: Andi Kleen Message-ID: <95b0e0c1-b0a2-944d-0b57-30360ac39a35@linux.intel.com> Date: Fri, 1 Oct 2021 08:56:31 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 MIME-Version: 1.0 In-Reply-To: <20211001155143.GB505557@rowland.harvard.edu> Content-Language: en-US Cc: Jonathan Corbet , Kuppuswamy Sathyanarayanan , Kuppuswamy Sathyanarayanan , "Michael S. Tsirkin" , Michael Jamet , linux-pci@vger.kernel.org, x86@kernel.org, virtualization@lists.linux-foundation.org, Yehezkel Bernat , linux-kernel@vger.kernel.org, Andreas Noever , Ingo Molnar , Borislav Petkov , "Reshetova, Elena" , Bjorn Helgaas , Thomas Gleixner , linux-usb@vger.kernel.org, Mika Westerberg , Dan Williams , "Rafael J . Wysocki" X-BeenThere: virtualization@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Linux virtualization List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: virtualization-bounces@lists.linux-foundation.org Sender: "Virtualization" > Forget about trust for the moment. Let's say the goal is to prevent > the kernel from creating any bindings other that those in some small > "allowed" set. To fully specify one of the allowed bindings, you > would have to provide both a device ID and a driver name. But in > practice this isn't necessary, since a device with a given ID will > bind to only one driver in almost all cases, and hence giving just > the device ID is enough. > > So to do what they want, all that's needed is to forbid any bindings > except where the device ID is "allowed". Or to put it another way, > where the device's authorized flag (which can be initialized based on > the device ID) is set. > > (The opposite approach, in which the drivers are "allowed" rather > than the device IDs, apparently has already been discussed and > rejected. I'm not convinced that was a good decision, but...) > > Does this seem like a fair description of the situation? Yes. That's roughly what the patchkit under discussion implements. -Andi _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization