[PATCH v2 0/4] Firmware LSM hook
Leon Romanovsky
leon at kernel.org
Sun Apr 26 10:39:57 UTC 2026
On Fri, Apr 24, 2026 at 11:19:21AM -0300, Jason Gunthorpe wrote:
> On Thu, Apr 23, 2026 at 05:09:50PM +0300, Leon Romanovsky wrote:
>
> > > > Leon mentioned that different firmware revisions would have different
> > > > parameters for a given opcode, and that one would need to inspect
> > > > those parameters to properly filter the command. Is that not true, or
> > > > am I misreading or misunderstanding Leon's comments?
> > >
> > > They are ABI stable, so there will be rules about future changes that
> > > old software can follow to ignore or reject future things it doesn't
> > > understand.
> >
> > It is wishful thinking and applicable only to mlx5 devices. No one
> > promises that other devices follow same ABI rules.
>
> Well, I will definately kick them out of fwctl if they don't.
It is easy to say but harder to follow. The kernel includes many devices that
exist only in specific hyperscale environments, where the update cycle is
tightly controlled. They easily can break FW backward compatibility.
Thanks
>
> Jason
More information about the Linux-security-module-archive
mailing list