Re: [PATCH v1] driver: base: Add driver filter support

From: Kuppuswamy, Sathyanarayanan
Date: Thu Aug 05 2021 - 15:09:14 EST

On 8/5/21 12:01 PM, Dan Williams wrote:
What's wrong with the generic authorized proposal? The core can
default to deauthorizing devices on the platform bus, or any bus,
unless on an allow list. It's a bit more work to uplevel the local
"authorized" implementations from USB and Thunderbolt to the core, but
it's functionally identical to the "filter" approach in terms of
protection, i.e. avoiding probe of unnecessary unvetted drivers.

I have not yet read about the "authorized" model in USB and Thunderbolt.
So bear with me if my question is basic or obvious. In the case USB
authorized model, who maintains the allow list? kernel or userspace?

If we are clubbing it with the driver filter model, I think
allow list in kernel should take precedence. Agree?

Sathyanarayanan Kuppuswamy
Linux Kernel Developer