Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
From: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Date: Thu, 30 Sep 2021 14:12:52 -0700
Cc: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>, Kuppuswamy Sathyanarayanan <knsathya@xxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, linux-pci@xxxxxxxxxxxxxxx, virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx, Andreas Noever <andreas.noever@xxxxxxxxx>, Dan Williams <dan.j.williams@xxxxxxxxx>, "Reshetova, Elena" <elena.reshetova@xxxxxxxxx>, "Rafael J . Wysocki" <rafael@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, x86@xxxxxxxxxx, Ingo Molnar <mingo@xxxxxxxxxx>, Michael Jamet <michael.jamet@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Bjorn Helgaas <bhelgaas@xxxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Mika Westerberg <mika.westerberg@xxxxxxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, linux-usb@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Yehezkel Bernat <YehezkelShB@xxxxxxxxx>
In-reply-to: <20210930204447.GA482974@rowland.harvard.edu>
References: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930010511.3387967-3-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930065807-mutt-send-email-mst@kernel.org> <YVXBNJ431YIWwZdQ@kroah.com> <20210930144305.GA464826@rowland.harvard.edu> <20210930104924-mutt-send-email-mst@kernel.org> <20210930153509.GF464826@rowland.harvard.edu> <20210930115243-mutt-send-email-mst@kernel.org> <00156941-300d-a34a-772b-17f0a9aad885@linux.intel.com> <20210930204447.GA482974@rowland.harvard.edu>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0

If all you want to do is prevent someone from loading a bunch of
drivers that you have identified as unhardened, why not just use a
modprobe blacklist?


That wouldn't help for builtin drivers, we cannot control initcalls.

This LWN article has more details on the background.

https://lwn.net/Articles/865918/

-Andi

Am I missing something?

Alan Stern

_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization

References:
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Michael S. Tsirkin
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Greg Kroah-Hartman
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Alan Stern
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Michael S. Tsirkin
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Alan Stern
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Michael S. Tsirkin
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Andi Kleen
- Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
  - From: Alan Stern

Prev by Date: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
Next by Date: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
Previous by thread: Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
Next by thread: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest
Index(es):
- Date
- Thread

[Index of Archives] [KVM Development] [Libvirt Development] [Libvirt Users] [CentOS Virtualization] [Netdev] [Ethernet Bridging] [Linux Wireless] [Kernel Newbies] [Security] [Linux for Hams] [Netfilter] [Bugtraq] [Yosemite Forum] [MIPS Linux] [ARM Linux] [Linux RAID] [Linux Admin] [Samba]