Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp561261pxb; Thu, 30 Sep 2021 11:52:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwz8YPhdmaZ3NzlqcAqAnTAlf0y3JgwhifRIjSOI5vNSg5+1C0C+98X3Z5j58pxQr93SjYj X-Received: by 2002:a17:902:e547:b0:13e:564c:bf4d with SMTP id n7-20020a170902e54700b0013e564cbf4dmr5603983plf.5.1633027924239; Thu, 30 Sep 2021 11:52:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633027924; cv=none; d=google.com; s=arc-20160816; b=khr8LQyK1XwbVKMl/TLdw2EIyNVgqDuRz/tV8quReTke6u1jjJI75Ck5YOJSz2Ckhg kQznNzL1NUscJCY33iqFpuvTgRUVj/ppwKKA7Nb4e8tmAb/VJG+/7hgyCER2+YelO2WH QSVkHeM7BJH9omD+6TRQ+8L3iSaeVHvD2GJcKfEvFNyhnIey9ixKclbivLYEsUR+kYNI QCPvgXj11NC9bw4yGirkubGXZLUCNQpOPVktPk9LtVmAmMr4haMiHzhGzrNFPCaer/bC +W9wJKxo2OQ9FK958KsfzGIIJ3wMv40tYi3WeL86QRWt0ri4JiZ+GdILEl7RfGQWuU7r FWeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=7u+Em9byyPnY2KxPfhG/oY9qjXzhfF93ll7xRa3GunU=; b=sTT6bQb5aDJrXVFx1R8BzfuhQfttzRFA1w8tLj0RJgdlf/VxFsmSGg5tAKeH+K5HhS U5I6wpnBs45YD9ycyHSImkaVV6nBsiszAwRf0QR9Ho842ObRptN/nDeDc2VaBhhzgT3Z mCafiPtS/R6zl6o4liGh/FLhdN7kk/N0u9uZDdGOM5FtyBT1oj4mQhAPJcw6nSZuNL7t PnSVtK0HehlSr+MAz3LPPc0O+nR9feqxlNOytlEGXQEXLiKQ2SosONwdjsZkKI7BOz1F WSmHv9eGFUO1xmYIXJjyN0iZjJ6vlTG85es3SGRU5epz4vvadtPzOjRwYW4M1oHfINoi asVQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m15si5495226plx.14.2021.09.30.11.51.50; Thu, 30 Sep 2021 11:52:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245571AbhI3PUh (ORCPT + 99 others); Thu, 30 Sep 2021 11:20:37 -0400 Received: from mga01.intel.com ([192.55.52.88]:46943 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245624AbhI3PUb (ORCPT ); Thu, 30 Sep 2021 11:20:31 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10123"; a="247750991" X-IronPort-AV: E=Sophos;i="5.85,336,1624345200"; d="scan'208";a="247750991" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2021 08:18:21 -0700 X-IronPort-AV: E=Sophos;i="5.85,336,1624345200"; d="scan'208";a="479978381" Received: from rnmathur-mobl1.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.212.105.173]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2021 08:18:21 -0700 Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest To: Dan Williams , "Michael S. Tsirkin" Cc: Greg Kroah-Hartman , Borislav Petkov , X86 ML , Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Andi Kleen , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux PCI , USB list , virtualization@lists.linux-foundation.org References: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930065953-mutt-send-email-mst@kernel.org> From: "Kuppuswamy, Sathyanarayanan" Message-ID: <6d1e2701-5095-d110-3b0a-2697abd0c489@linux.intel.com> Date: Thu, 30 Sep 2021 08:18:18 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/30/21 6:36 AM, Dan Williams wrote: >> And in particular, not all virtio drivers are hardened - >> I think at this point blk and scsi drivers have been hardened - so >> treating them all the same looks wrong. > My understanding was that they have been audited, Sathya? Yes, AFAIK, it has been audited. Andi also submitted some patches related to it. Andi, can you confirm. We also authorize the virtio at PCI ID level. And currently we allow console, block and net virtio PCI devices. { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_NET) }, { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_BLOCK) }, { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_CONSOLE) }, -- Sathyanarayanan Kuppuswamy Linux Kernel Developer