Re: [RFC PATCH] /dev/mem: Disable /dev/mem under TDX guest
From: Nikolay Borisov
Date: Tue Mar 18 2025 - 10:21:44 EST
On 18.03.25 г. 15:27 ч., Kirill A. Shutemov wrote:
On Tue, Mar 18, 2025 at 02:53:34PM +0200, Nikolay Borisov wrote:
I think we need to think wider. What about applying a subset of LOCKDOWN_*
in all coco guests by default. Many of them are relevant for the guest security.
How do you envision this to work, by introducing another
CONFIG_LOCK_DOWN_KERNEL_FORCE_COCO or some such ? Will it be opt-in or
mandatory?
I think cc_platform_has(CC_ATTR_xxx) should enabled some subset of
LOCKDOWN_*. No need in new config options.
Care to suggest which ones should be included? The way lockdown works at
the moment is that it only supports 2 levels (check lock_kernel_down()
and lockdown_is_locked_down()) at which you can lockdown - INTEGRITY_MAX
and CONFIDENTIALITY_MAX, where each level includes everything below it.
So by choosing integrity max you get:
19 LOCKDOWN_MODULE_SIGNATURE,
18 LOCKDOWN_DEV_MEM,
17 LOCKDOWN_EFI_TEST,
16 LOCKDOWN_KEXEC,
15 LOCKDOWN_HIBERNATION,
14 LOCKDOWN_PCI_ACCESS,
13 LOCKDOWN_IOPORT,
12 LOCKDOWN_MSR,
11 LOCKDOWN_ACPI_TABLES,
10 LOCKDOWN_DEVICE_TREE,
9 LOCKDOWN_PCMCIA_CIS,
8 LOCKDOWN_TIOCSSERIAL,
7 LOCKDOWN_MODULE_PARAMETERS,
6 LOCKDOWN_MMIOTRACE,
5 LOCKDOWN_DEBUGFS,
4 LOCKDOWN_XMON_WR,
3 LOCKDOWN_BPF_WRITE_USER,
2 LOCKDOWN_DBG_WRITE_KERNEL,
1 LOCKDOWN_RTAS_ERROR_INJECTION,
Given this if we for example choose to lockdown the kernel for DEV_MEM,
we'll also get the MODULE_SIGNATURE lockdown as well. I find this
somewhat inflexible as we might have to rejuggle the current ordering.
Should we decide to follow the lockdown route this means the owner of the
coco guest will have the ability to disable it and a misbehaving userspace
process will still be able to induce an EPT violation.
Sure. It can shoot itself in the foot.