Andi Kleen
2021-Sep-30 17:17 UTC
[PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
>> The "it" that I referred to is the claim that no driver should be >> touching hardware in their module init call. Andi seems to think >> such drivers are worth working around with a special remap API. > Andi is wrong.While overall it's a small percentage of the total, there are still quite a few drivers that do touch hardware in init functions. Sometimes for good reasons -- they need to do some extra probing to discover something that is not enumerated -- sometimes just because it's very old legacy code that predates the modern driver model. The legacy drivers could be fixed, but nobody really wants to touch them anymore and they're impossible to test. The drivers that probe something that is not enumerated in a standard way have no choice, it cannot be implemented in a different way. So instead we're using a "firewall" the prevents these drivers from doing bad things by not allowing ioremap access unless opted in, and also do some filtering on the IO ports The device filter is still the primary mechanism, the ioremap filtering is just belts and suspenders for those odd cases. If you want we can send an exact list, we did some analysis using a patched smatch tool. -Andi
Greg Kroah-Hartman
2021-Sep-30 17:23 UTC
[PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices
On Thu, Sep 30, 2021 at 10:17:09AM -0700, Andi Kleen wrote:> > > > The "it" that I referred to is the claim that no driver should be > > > touching hardware in their module init call. Andi seems to think > > > such drivers are worth working around with a special remap API. > > Andi is wrong. > > While overall it's a small percentage of the total, there are still quite a > few drivers that do touch hardware in init functions. Sometimes for good > reasons -- they need to do some extra probing to discover something that is > not enumerated -- sometimes just because it's very old legacy code that > predates the modern driver model.Are any of them in the kernel today? PCI drivers should not be messing with this, we have had well over a decade to fix that up.> The legacy drivers could be fixed, but nobody really wants to touch them > anymore and they're impossible to test.Pointers to them?> The drivers that probe something that is not enumerated in a standard way > have no choice, it cannot be implemented in a different way.PCI devices are not enumerated in a standard way???> So instead we're using a "firewall" the prevents these drivers from doing > bad things by not allowing ioremap access unless opted in, and also do some > filtering on the IO ports The device filter is still the primary mechanism, > the ioremap filtering is just belts and suspenders for those odd cases.That's horrible, don't try to protect the kernel from itself. Just fix the drivers. If you point me at them, I will be glad to have a look and throw some interns on them. But really, you all could have fixed them up by now if Intel really cared about it :(> If you want we can send an exact list, we did some analysis using a patched > smatch tool.Please do. thanks, greg k-h