From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=915k=P6=linuxfoundation.org=gregkh@kernel.org>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 22 Jan
  2019 07:38:13 -0000
Received: from mail.kernel.org ([198.145.29.99])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <SRS0=915k=P6=linuxfoundation.org=gregkh@kernel.org>)
	id 1glqdP-0006bb-Qz
	for speck@linutronix.de; Tue, 22 Jan 2019 08:38:12 +0100
Date: Tue, 22 Jan 2019 08:38:02 +0100
From: Greg KH <gregkh@linuxfoundation.org>
Subject: [MODERATED] Re: [PATCH v5 00/27] MDSv5 19
Message-ID: <20190122073802.GC7082@kroah.com>
References: <cover.1547858934.git.ak@linux.intel.com>
 <CAHk-=wgfjmE7998sVjb9ZnESkPL4i=955voabC59kFW33OvWVA@mail.gmail.com>
 <20190122011417.GQ6118@tassilo.jf.intel.com>
MIME-Version: 1.0
In-Reply-To: <20190122011417.GQ6118@tassilo.jf.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Mon, Jan 21, 2019 at 05:14:17PM -0800, speck for Andi Kleen wrote:
> The rationale for the opt-out was that it's hard and difficult to audit
> all the driver code. 

To quote Dave Jones, "kernel programming is hard, let's go shopping..."

Come on, we know what the drivers do by the "type" they are.  And if
they are "generic" (i.e. USB host controllers), then we also know that,
right?  Ask for help if you don't know what the driver type is, we have
a bunch of people here who might just know :)

> I can audit kernel/* and yes for that part opt-out would make more sense.
> 
> But with being conservative and having simple rules and don't make
> too much assumptions about unaudited code we can make
> a good case that the default policy is safe enough for near everyone
> and they don't need mds=full
> 
> I'm open to other proposals:
> 
> In theory we could have a different default for different 
> directories with some Makefile trickery, but that might be confusing?
> 
> Or could try to find some semi automated way to audit copies
> in timers in drivers/* and do opt-in, but that's likely a substantial project.

But it would be valuable information to know, right?  We are going to
have to determine this somehow eventually as these types of issues are
not going away.

> It would also need to be repeated for backports and out of tree.

Backports can deal with their own stuff, as can out-of-tree crap, if
they actually care.

thanks,

greg k-h