Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Forget about trust for the moment.  Let's say the goal is to prevent
the kernel from creating any bindings other that those in some small
"allowed" set.  To fully specify one of the allowed bindings, you
would have to provide both a device ID and a driver name.  But in
practice this isn't necessary, since a device with a given ID will
bind to only one driver in almost all cases, and hence giving just
the device ID is enough.

So to do what they want, all that's needed is to forbid any bindings
except where the device ID is "allowed".  Or to put it another way,
where the device's authorized flag (which can be initialized based on
the device ID) is set.

(The opposite approach, in which the drivers are "allowed" rather
than the device IDs, apparently has already been discussed and
rejected.  I'm not convinced that was a good decision, but...)

Does this seem like a fair description of the situation?

Yes. That's roughly what the patchkit under discussion implements.


-Andi

_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linuxfoundation.org/mailman/listinfo/virtualization



[Index of Archives]     [KVM Development]     [Libvirt Development]     [Libvirt Users]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux