Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest

From: Kuppuswamy, Sathyanarayanan
Date: Thu Sep 30 2021 - 11:18:59 EST

Next message: Kees Cook: "Re: [PATCH v2 0/6] wchan: Fix ORC support and leaky fallback"
Previous message: Alan Stern: "Re: [PATCH] r8152: stop submitting rx for -EPROTO"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/30/21 6:36 AM, Dan Williams wrote:

And in particular, not all virtio drivers are hardened -
I think at this point blk and scsi drivers have been hardened - so
treating them all the same looks wrong.

My understanding was that they have been audited, Sathya?

Yes, AFAIK, it has been audited. Andi also submitted some patches
related to it. Andi, can you confirm.

We also authorize the virtio at PCI ID level. And currently we allow
console, block and net virtio PCI devices.

{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_NET) },
{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_BLOCK) },
{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_CONSOLE) },

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Next message: Kees Cook: "Re: [PATCH v2 0/6] wchan: Fix ORC support and leaky fallback"
Previous message: Alan Stern: "Re: [PATCH] r8152: stop submitting rx for -EPROTO"
In reply to: Greg Kroah-Hartman: "Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]