Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp352782pxb; Thu, 30 Sep 2021 07:28:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwX3qp0WcFUVCd39a32RRNXDLqbM3bytkgPuMQPthNB/Os98KinhOfozr0CdYGhHuE1yjCl X-Received: by 2002:a17:90a:b105:: with SMTP id z5mr13145623pjq.64.1633012090162; Thu, 30 Sep 2021 07:28:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633012090; cv=none; d=google.com; s=arc-20160816; b=wA+8rtjo8rph0KGyCCrzs3FbRNZxhpM3ba2zngOjzjaN0aD5qdraW+8ePF4z9Mah+R W697Rhwl6wrksMY+7T5x1eYn0pWpoIMUhjI5xQW24LgKlmeRMeeh5TYxPsgRK9RCfYZ3 6lT+lRkSgOBBi4iGbBLPLoAOK5ndFnAst0OFqd0E4j7QRb2omz9yV/0NHwtULyRygM3z vpNNN81bSmPvQXAVO8KrJfQ++TH174ZlRvoz1PF06fHCEmV3j60P5hxRcIVX0FWUwI3X qbNBItswPyL5vgOTXvRjXZN2NDjTfIl1fwjtb+68LXBfPDLmW+XSewkp7MaEiND6ot/n 0U+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=keN+btlYVBJGWOu91I+oCLYZrcd1MoxAA4HpYxaefz4=; b=TSztjpqh4Gb3nBpU1TKv/UMZNhS1VTUsJLPEYIRIXhSPTxT/AYpZgoHn/FXOV8jVCl K2oyyld+gUMoYvcEvHcdWNGdQwYyV4fKbKL7FwM6/1Fim57UvQ2FurRtXwZdoV8Aojr6 aBKZq5fBoqUq5b4hZSDTDKpKmProAg5I+bkOfaFCpx/hUBhvcHd9BXSdfE1gdU6IgcOq F4ILaAcGejtbHiQn2r0Vu5ts75VaeieJZM1BhCJRRAv05ocyTs40ThjDKu2pFK1QwiwW 5P01ookHFCXOGYxws5XYJPztP6X7YK3m9ILjC+VMj5TqBrVWl0fItY3seu+kowtHdXjZ Yo7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=e5OQUoFF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a34si3593356pgm.459.2021.09.30.07.27.56; Thu, 30 Sep 2021 07:28:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=e5OQUoFF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350270AbhI3LF2 (ORCPT + 99 others); Thu, 30 Sep 2021 07:05:28 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:58338 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350208AbhI3LF1 (ORCPT ); Thu, 30 Sep 2021 07:05:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632999825; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=keN+btlYVBJGWOu91I+oCLYZrcd1MoxAA4HpYxaefz4=; b=e5OQUoFF3Gewm8xnWcmIBTnP0b42ewR0GpgKsoedMKsC5l1SJAHZPOkg1xvH2lu7yukuxg sxNfDPKbYx/IpCu8I9j+3QoHp+N2Z8R5VyWhYr7hJUTnyTVWNekqYZPya8t7TM6HmvYp96 0Whzcp/pW5ddItPbPtNxPAYh4vQ9t0k= Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-585-BogjSOmnOwuXOw9h0jCzRA-1; Thu, 30 Sep 2021 07:03:44 -0400 X-MC-Unique: BogjSOmnOwuXOw9h0jCzRA-1 Received: by mail-ed1-f71.google.com with SMTP id r11-20020aa7cfcb000000b003d4fbd652b9so5850171edy.14 for ; Thu, 30 Sep 2021 04:03:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=keN+btlYVBJGWOu91I+oCLYZrcd1MoxAA4HpYxaefz4=; b=zC+d0iYtw8VHPvesqu6kYTNI0afbXuqHGlLBMp50U/FfFLpOZzENxjvPobM7nJCCjV iROu3vTCRV/Uh5DbDvWUcsLroT5dSaG2SVFoUS/BM9s1Jjzhx7aDpXOa4RNwnEWhNrLT 9XwhUQ5ieOhaCnGeqepwen+WtAaR+4q4Zp4VhI6HzZaKqWJ9VYFFHZ1wrXKNagD5AK5A EUk2uyCiehKxSE/G2mxZ4MGX3b2VHXZvvOXItJpvnpsZrQPwdSYaFaWuAwMC7h6XgpKe 8NyPWYqP59Vuw7BgyAnAnt7TFJXoLtpn4tfFioQxZt7GjkNS1npGxRle71YTnyxKB/KL m2iA== X-Gm-Message-State: AOAM533/fliVMEnpBKYy6jZX0PbG8MX5G76VF1MaOe6IUluS0wxHVBFT Gy+BZFrISg9xMwIFAGpEV1iE92eUhe7RHERgzbVHIOvKpKNGS6mHIbOCGel011zGZ3NDFeqtA1i jhO2l9AlR35Fto5HXWIn0a9mg X-Received: by 2002:a17:906:2e8d:: with SMTP id o13mr5757127eji.513.1632999822754; Thu, 30 Sep 2021 04:03:42 -0700 (PDT) X-Received: by 2002:a17:906:2e8d:: with SMTP id o13mr5757108eji.513.1632999822544; Thu, 30 Sep 2021 04:03:42 -0700 (PDT) Received: from redhat.com ([2.55.134.220]) by smtp.gmail.com with ESMTPSA id v8sm1291353ejy.79.2021.09.30.04.03.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Sep 2021 04:03:42 -0700 (PDT) Date: Thu, 30 Sep 2021 07:03:36 -0400 From: "Michael S. Tsirkin" To: Kuppuswamy Sathyanarayanan Cc: Greg Kroah-Hartman , Borislav Petkov , x86@kernel.org, Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Dan Williams , Andi Kleen , Kuppuswamy Sathyanarayanan , linux-kernel@vger.kernel.org, linux-pci@vger.kernel.org, linux-usb@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest Message-ID: <20210930065953-mutt-send-email-mst@kernel.org> References: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 29, 2021 at 06:05:09PM -0700, Kuppuswamy Sathyanarayanan wrote: > Confidential guest platforms like TDX have a requirement to allow > only trusted devices. By default the confidential-guest core will > arrange for all devices to default to unauthorized (via > dev_default_authorization) in device_initialize(). Since virtio > driver is already hardened against the attack from the un-trusted host, > override the confidential computing default unauthorized state > > Reviewed-by: Dan Williams > Signed-off-by: Kuppuswamy Sathyanarayanan Architecturally this all looks backwards. IIUC nothing about virtio makes it authorized or trusted. The driver is hardened, true, but this should be set at the driver not the device level. And in particular, not all virtio drivers are hardened - I think at this point blk and scsi drivers have been hardened - so treating them all the same looks wrong. > --- > drivers/virtio/virtio.c | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c > index 588e02fb91d3..377b0ccdc503 100644 > --- a/drivers/virtio/virtio.c > +++ b/drivers/virtio/virtio.c > @@ -5,6 +5,8 @@ > #include > #include > #include > +#include > +#include > #include > > /* Unique numbering for virtio devices. */ > @@ -390,6 +392,13 @@ int register_virtio_device(struct virtio_device *dev) > dev->config_enabled = false; > dev->config_change_pending = false; > > + /* > + * For Confidential guest (like TDX), virtio devices are > + * trusted. So set authorized status as true. > + */ > + if (cc_platform_has(CC_ATTR_GUEST_DEVICE_FILTER)) > + dev->dev.authorized = true; > + > /* We always start by resetting the device, in case a previous > * driver messed it up. This also tests that code path a little. */ > dev->config->reset(dev); > -- > 2.25.1