Re: [PATCH v1] driver: base: Add driver filter support

From: Andi Kleen
Date: Thu Aug 05 2021 - 00:46:11 EST

Next message: 张魁(Kyler): "Re: [PATCH] mm/madvise: add MADV_WILLNEED to process_madvise()"
Previous message: zhangkui: "[PATCH] process_madvise.2: Add MADV_WILLNEED to process_madvise()"
In reply to: Dan Williams: "Re: [PATCH v1] driver: base: Add driver filter support"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v1] driver: base: Add driver filter support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/4/2021 2:28 PM, Dan Williams wrote

The "hardware" in this case is virtual devices presented by the VMM to
the VM. So if a driver misbehaves in a useful way for an attacker to
exploit, they can stimulate that behavior with a custom crafted
virtual device, and that driver will autoload unaware of the threat
without this filter for vetted drivers.

Another way to see it is: the confidential guest is protected against the host, except for the places where it chooses to communicate with the host through MMIOs, port IOs, some (not all) MSRs. It's somewhat analogous to a network server in a hostile network which can be attacked through network packets. We typically use a firewall to limit the network exposure only to especially hardened network services. Each low level MMIO etc. is like a network access communicating with a hostile network. The device filter is the firewall for these vulnerable low level interactions. It reduces the hardening problem from being completely infeasible to tractable.

-Andi

Next message: 张魁(Kyler): "Re: [PATCH] mm/madvise: add MADV_WILLNEED to process_madvise()"
Previous message: zhangkui: "[PATCH] process_madvise.2: Add MADV_WILLNEED to process_madvise()"
In reply to: Dan Williams: "Re: [PATCH v1] driver: base: Add driver filter support"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH v1] driver: base: Add driver filter support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]