Re: [PATCH v4 11/15] pci: Add pci_iomap_shared{,_range}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 8/30/2021 1:59 PM, Michael S. Tsirkin wrote:

Or we can add _audited to the name. ioremap_shared_audited?
But it's not the mapping that has to be done in handled special way.
It's any data we get from device, not all of it coming from IO, e.g.
there's DMA and interrupts that all have to be validated.
Wouldn't you say that what is really wanted is just not running
unaudited drivers in the first place?


Yes.



And we've been avoiding that drivers can self declare auditing, we've been
trying to have a separate centralized list so that it's easier to enforce
and avoids any cut'n'paste mistakes.

-Andi
Now I'm confused. What is proposed here seems to be basically that,
drivers need to declare auditing by replacing ioremap with
ioremap_shared.

Auditing is declared on the device model level using a central allow list.

But this cannot do anything to initcalls that run before probe, that's why an extra level of defense of ioremap opt-in is useful. But it's not the primary mechanism to declare a driver audited, that's the allow list. The ioremap is just another mechanism to avoid having to touch a lot of legacy drivers.

If we agree on that then the original proposed semantics of "ioremap_shared" may be acceptable?

-Andi






[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux