On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote:
> On Fri, Jul 17, 2026 at 04:59:32AM -0400, Michael S. Tsirkin wrote:
> > On Fri, Jul 17, 2026 at 10:39:40AM +0200, David Hildenbrand (Arm) wrote:
> > > On 7/17/26 07:48, Michael S. Tsirkin wrote:
> > > > On Thu, Jul 16, 2026 at 05:59:05PM +0200, David Hildenbrand (Arm) wrote:
> > > >>> Or do we just always trust virtio mem devices explicitly?
> > > >>
> > > >> It's hard for me to understand where we draw the line, really.
> > > >>
> > > >> But maybe MST can clarify what we care about in virtio world where the
> > > >> hypervisor is fully in charge of the device,
> > > > 
> > > > Generally:
> > > > - The guest is expected to whitelist drivers (most drivers have not
> > > >   been audited).
> > > 
> > > But even if you audited your driver, who makes sure that we consider all 
> > > ways
> > > where the device could mess with us?
> > 
> > A lot of this is up to a correct setup. For example, make sure all
> > filesystems are encrypted and refuse to mount unencrypted ones.
> > 
> > > Something feels off here.
> > > 
> > > Handling selected out-of-spec scenarios like this feels like a band-aid. 
> > > Happy
> > > to be corrected.
> > 
> > Well Documentation/security/snp-tdx-threat-model.rst puts it like this:
> >     It is important to note
> >     that this doesn’t imply that the host or VMM are intentionally
> >     malicious, but that there exists a security value in having a small CoCo
> >     VM TCB.
> > 
> > and
> > 
> >     While traditionally the host has unlimited access to guest data and can
> >     leverage this access to attack the guest, the CoCo systems mitigate such
> >     attacks by adding security features like guest data confidentiality and
> >     integrity protection.
> > 
> > 
> > now, when we are talking about "mitigation" it is indeed becoming a bit
> > murky.
> > 
> > 
> > For me, a rule of thumb I came up with is that if the validation happens
> > to also be helful for users e.g. to work around buggy devices,
> > or maybe because we feel failing gracefully is nice because this
> > will allow to later make use of this config and old drivers will
> > fail but at least not panic, then it is good to include.
> 
> Why not do what USB does?  Don't trust the device until AFTER probe()
> succeeds?  All of the needed checking should happen before then, as that
> is a "slow path" so lots of validation and the like can happen at that
> point.
> 
> After that, during the normal data paths, after the driver is bound,
> trust it all you want as attempting to validate every single packet is
> just going to be impossible.
> 
> thanks,
> 
> greg k-h

People do expect that data path validation at this point.

-- 
MST


Reply via email to