On Fri, Jan 29, 2021 at 04:24:32PM -0800, Ben Widawsky wrote:
For drivers that moderate access to the underlying hardware it is
sometimes desirable to allow userspace to bypass restrictions. Once
userspace has done this, the driver can no longer guarantee the sanctity
of either the OS or the hardware. When in this state, it is helpful for
kernel developers to be made aware (via this taint flag) of this fact
for subsequent bug reports.
- Hardware xyzzy accepts 2 commands, waldo and fred.
- The xyzzy driver provides an interface for using waldo, but not fred.
- quux is convinced they really need the fred command.
- xyzzy driver allows quux to frob hardware to initiate fred.
Would it not be easier to _not_ frob the hardware for fred-operation?
Aka not implement it or just disallow in the first place?
- kernel gets tainted.
- turns out fred command is borked, and scribbles over memory.
- developers laugh while closing quux's subsequent bug report.
Yeah good luck with that theory in-the-field. The customer won't
care about this and will demand a solution for doing fred-operation.
Just easier to not do fred-operation in the first place,no?