Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices

From: Alan Stern
Date: Thu Sep 30 2021 - 11:35:19 EST

Next message: Sameer Pujar: "Re: [PATCH 01/13] ASoC: soc-pcm: Don't reconnect an already active BE"
Previous message: Deepak Kumar Singh: "[PATCH V1 2/3] rpmsg: glink: Add support to handle signals command"
In reply to: Michael S. Tsirkin: "Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 30, 2021 at 10:58:07AM -0400, Michael S. Tsirkin wrote:
> On Thu, Sep 30, 2021 at 10:43:05AM -0400, Alan Stern wrote:
> > I don't see any point in talking about "untrusted drivers". If a
> > driver isn't trusted then it doesn't belong in your kernel. Period.
> > When you load a driver into your kernel, you are implicitly trusting
> > it (aside from limitations imposed by security modules).
>
> Trusting it to do what? Historically a ton of drivers did not
> validate input from devices they drive. Most still don't.

Trusting it to behave properly (i.e., not destroy your system, among
other things).

The fact that many drivers haven't been trustworthy is beside the
point. By loading them into your kernel, you are trusting them
regardless. In the end, you may regret having done so. :-(

Alan Stern

Next message: Sameer Pujar: "Re: [PATCH 01/13] ASoC: soc-pcm: Don't reconnect an already active BE"
Previous message: Deepak Kumar Singh: "[PATCH V1 2/3] rpmsg: glink: Add support to handle signals command"
In reply to: Michael S. Tsirkin: "Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]