Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp662850pxb; Thu, 30 Sep 2021 14:24:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMAD5xdj0AOQSnP8RYPIkbo1Kal/HrL16aGlEm+ene6+M9mkifWisysAPcvi06tUBtEHXL X-Received: by 2002:a50:d885:: with SMTP id p5mr9835654edj.255.1633037096670; Thu, 30 Sep 2021 14:24:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633037096; cv=none; d=google.com; s=arc-20160816; b=JThZ10pWvXAH0KFj2XJOlTzlvGiZoSYbrJ8fnAKJBEx4aNULf4SwWPIK1c/ZZlfALX RMTl4qabL8PL1+TLcURDVhrP30LRBYGtoyvzU5CRKcLeHpyM6lUw3XZwysJMWPtoEJQL gO5apgedlwTus66OcNnxBiuyKJwhlEbkYlaPsZU7/947JGX60Es5Yae4uXgEficwWgIF K/8EZXWPoc7zk/JBxvkV/4Leur82j8YxVQIdvTDVB499NgvvRdSG7tYUUsAezO9GLiln 1I++OEKQnJGRhlw77PSSz7we5fKZQOIFTxDcQJe66p/2FNoTGSE0e6Z77dToePPXr1mj Di9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=LDI21oCZ4g6LQbsRlfMb/l9M9wctzQXWtROjDCcrkq8=; b=VJBZ0W2wQAGPb5o6do6yuuFmQQ49id1tR+j4USJFr8yalGCgpDMY9A4VN73XbtKbzH K6SsTvZbYh6LqcGF79LdI8X2x3w+/DG8322RopGNnU1v5GX68ww37JMWaq69sYfux8wY j+03EHlBjRxjKkzWzB1pE25hYZt4T3tgNEDE6akR31SliSQLoo9M0/hz9/8AjHqDxmKC qd0fODFUgq01KsS2KS+mBPAy1BDDgI3niw2ikzudDrtWeOuVAY91QOtYEF+Hq9q3ylUC REdDzZQxWAL8yGXQD9Je+ejy6YJbkYyCe6Cpj0Yz9sWD0i3r36RcH7eQK0vRNIGexr8t u4+w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id yd22si5275956ejb.277.2021.09.30.14.24.31; Thu, 30 Sep 2021 14:24:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346081AbhI3TFv (ORCPT + 99 others); Thu, 30 Sep 2021 15:05:51 -0400 Received: from mga05.intel.com ([192.55.52.43]:13605 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345610AbhI3TFv (ORCPT ); Thu, 30 Sep 2021 15:05:51 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10123"; a="310809738" X-IronPort-AV: E=Sophos;i="5.85,336,1624345200"; d="scan'208";a="310809738" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2021 12:04:08 -0700 X-IronPort-AV: E=Sophos;i="5.85,336,1624345200"; d="scan'208";a="480052597" Received: from rnmathur-mobl1.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.212.105.173]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2021 12:04:07 -0700 Subject: Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest To: Greg Kroah-Hartman Cc: Dan Williams , "Michael S. Tsirkin" , Borislav Petkov , X86 ML , Bjorn Helgaas , Thomas Gleixner , Ingo Molnar , Andreas Noever , Michael Jamet , Yehezkel Bernat , "Rafael J . Wysocki" , Mika Westerberg , Jonathan Corbet , Jason Wang , Andi Kleen , Kuppuswamy Sathyanarayanan , Linux Kernel Mailing List , Linux PCI , USB list , virtualization@lists.linux-foundation.org References: <20210930010511.3387967-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930010511.3387967-5-sathyanarayanan.kuppuswamy@linux.intel.com> <20210930065953-mutt-send-email-mst@kernel.org> <6d1e2701-5095-d110-3b0a-2697abd0c489@linux.intel.com> From: "Kuppuswamy, Sathyanarayanan" Message-ID: <1cfdce51-6bb4-f7af-a86b-5854b6737253@linux.intel.com> Date: Thu, 30 Sep 2021 12:04:05 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.13.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/30/21 8:23 AM, Greg Kroah-Hartman wrote: > On Thu, Sep 30, 2021 at 08:18:18AM -0700, Kuppuswamy, Sathyanarayanan wrote: >> >> >> On 9/30/21 6:36 AM, Dan Williams wrote: >>>> And in particular, not all virtio drivers are hardened - >>>> I think at this point blk and scsi drivers have been hardened - so >>>> treating them all the same looks wrong. >>> My understanding was that they have been audited, Sathya? >> >> Yes, AFAIK, it has been audited. Andi also submitted some patches >> related to it. Andi, can you confirm. > > What is the official definition of "audited"? In our case (Confidential Computing platform), the host is an un-trusted entity. So any interaction with host from the drivers will have to be protected against the possible attack from the host. For example, if we are accessing a memory based on index value received from host, we have to make sure it does not lead to out of bound access or when sharing the memory with the host, we need to make sure only the required region is shared with the host and the memory is un-shared after use properly. Elena can share more details, but it was achieved with static analysis and fuzzing. Here is a presentation she is sharing about the work at the Linux Security Summit: https://static.sched.com/hosted_files/lssna2021/b6/LSS-HardeningLinuxGuestForCCC.pdf Andi, can talk more about the specific driver changes that came out of this effort. In our case the driver is considered "hardened" / "audited" if it can handle the above scenarios. > > thanks, > > greg k-h > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer