On Wed, Jul 22, 2020 at 11:02:10PM -0600, Alex Williamson wrote: > On Tue, 14 Jul 2020 07:36:07 +0100 > Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx> wrote: > > > Add blocklist of devices that by default are not probed by vfio-pci. > > Devices in this list may be susceptible to untrusted application, even > > if the IOMMU is enabled. To be accessed via vfio-pci, the user has to > > explicitly disable the blocklist. > > > > The blocklist can be disabled via the module parameter disable_blocklist. > > > > Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@xxxxxxxxx> > > --- > > drivers/vfio/pci/vfio_pci.c | 33 +++++++++++++++++++++++++++++++++ > > 1 file changed, 33 insertions(+) > > Hi Giovanni, > > I'm pretty satisfied with this series, except "blocklist" makes me > think of block devices, ie. storage, or block chains, or building block > types of things before I get to "block" as in a barrier. The other > alternative listed as a suggestion currently in linux-next is denylist, > which is the counter to an allowlist. I've already proposed changing > some other terminology in vfio.c to use the term "allowed", so > allow/deny would be my preference versus pass/block. Thanks Alex for your feedback. A new revision is on the way. Regards, -- Giovanni
