Re: [PATCH 08/14] taint: add taint for direct hardware access

From: Konrad Rzeszutek Wilk
Date: Mon Feb 01 2021 - 13:23:05 EST

Next message: Jonathan Cameron: "Re: [PATCH 02/14] cxl/mem: Map memory device registers"
Previous message: Linus Torvalds: "Re: [PATCH RESEND v4 0/4] x86: fix get_nr_restart_syscall()"
Next in thread: Ben Widawsky: "Re: [PATCH 08/14] taint: add taint for direct hardware access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 29, 2021 at 04:24:32PM -0800, Ben Widawsky wrote:
> For drivers that moderate access to the underlying hardware it is
> sometimes desirable to allow userspace to bypass restrictions. Once
> userspace has done this, the driver can no longer guarantee the sanctity
> of either the OS or the hardware. When in this state, it is helpful for
> kernel developers to be made aware (via this taint flag) of this fact
> for subsequent bug reports.
>
> Example usage:
> - Hardware xyzzy accepts 2 commands, waldo and fred.
> - The xyzzy driver provides an interface for using waldo, but not fred.
> - quux is convinced they really need the fred command.
> - xyzzy driver allows quux to frob hardware to initiate fred.

Would it not be easier to _not_ frob the hardware for fred-operation?
Aka not implement it or just disallow in the first place?

> - kernel gets tainted.
> - turns out fred command is borked, and scribbles over memory.
> - developers laugh while closing quux's subsequent bug report.

Yeah good luck with that theory in-the-field. The customer won't
care about this and will demand a solution for doing fred-operation.

Just easier to not do fred-operation in the first place,no?

Next message: Jonathan Cameron: "Re: [PATCH 02/14] cxl/mem: Map memory device registers"
Previous message: Linus Torvalds: "Re: [PATCH RESEND v4 0/4] x86: fix get_nr_restart_syscall()"
Next in thread: Ben Widawsky: "Re: [PATCH 08/14] taint: add taint for direct hardware access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]