Re: [PATCH v2 1/4] virtio-mem: validate device-reported block size
From: Michael S. Tsirkin
Date: Fri Jul 17 2026 - 06:53:25 EST
On Fri, Jul 17, 2026 at 12:46:52PM +0200, Greg Kroah-Hartman wrote:
> On Fri, Jul 17, 2026 at 06:23:57AM -0400, Michael S. Tsirkin wrote:
> > On Fri, Jul 17, 2026 at 12:15:09PM +0200, Greg Kroah-Hartman wrote:
> > > On Fri, Jul 17, 2026 at 06:10:41AM -0400, Michael S. Tsirkin wrote:
> > > > On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote:
> > > > > On Fri, Jul 17, 2026 at 04:59:32AM -0400, Michael S. Tsirkin wrote:
> > > > > > On Fri, Jul 17, 2026 at 10:39:40AM +0200, David Hildenbrand (Arm) wrote:
> > > > > > > On 7/17/26 07:48, Michael S. Tsirkin wrote:
> > > > > > > > On Thu, Jul 16, 2026 at 05:59:05PM +0200, David Hildenbrand (Arm) wrote:
> > > > > > > >>> Or do we just always trust virtio mem devices explicitly?
> > > > > > > >>
> > > > > > > >> It's hard for me to understand where we draw the line, really.
> > > > > > > >>
> > > > > > > >> But maybe MST can clarify what we care about in virtio world where the
> > > > > > > >> hypervisor is fully in charge of the device,
> > > > > > > >
> > > > > > > > Generally:
> > > > > > > > - The guest is expected to whitelist drivers (most drivers have not
> > > > > > > > been audited).
> > > > > > >
> > > > > > > But even if you audited your driver, who makes sure that we consider all ways
> > > > > > > where the device could mess with us?
> > > > > >
> > > > > > A lot of this is up to a correct setup. For example, make sure all
> > > > > > filesystems are encrypted and refuse to mount unencrypted ones.
> > > > > >
> > > > > > > Something feels off here.
> > > > > > >
> > > > > > > Handling selected out-of-spec scenarios like this feels like a band-aid. Happy
> > > > > > > to be corrected.
> > > > > >
> > > > > > Well Documentation/security/snp-tdx-threat-model.rst puts it like this:
> > > > > > It is important to note
> > > > > > that this doesn’t imply that the host or VMM are intentionally
> > > > > > malicious, but that there exists a security value in having a small CoCo
> > > > > > VM TCB.
> > > > > >
> > > > > > and
> > > > > >
> > > > > > While traditionally the host has unlimited access to guest data and can
> > > > > > leverage this access to attack the guest, the CoCo systems mitigate such
> > > > > > attacks by adding security features like guest data confidentiality and
> > > > > > integrity protection.
> > > > > >
> > > > > >
> > > > > > now, when we are talking about "mitigation" it is indeed becoming a bit
> > > > > > murky.
> > > > > >
> > > > > >
> > > > > > For me, a rule of thumb I came up with is that if the validation happens
> > > > > > to also be helful for users e.g. to work around buggy devices,
> > > > > > or maybe because we feel failing gracefully is nice because this
> > > > > > will allow to later make use of this config and old drivers will
> > > > > > fail but at least not panic, then it is good to include.
> > > > >
> > > > > Why not do what USB does? Don't trust the device until AFTER probe()
> > > > > succeeds? All of the needed checking should happen before then, as that
> > > > > is a "slow path" so lots of validation and the like can happen at that
> > > > > point.
> > > > >
> > > > > After that, during the normal data paths, after the driver is bound,
> > > > > trust it all you want as attempting to validate every single packet is
> > > > > just going to be impossible.
> > > > >
> > > > > thanks,
> > > > >
> > > > > greg k-h
> > > >
> > > > People do expect that data path validation at this point.
> > >
> > > Ok, so you want this patch :)
> > >
> > > And more, as you need to treat everything from the host as "untrusted",
> > > and it must be "verified".
> >
> > Well. First it's not me) Second it's only specific configurations -
> > for example there's no short term plan to validate filesystem code, people
> > are expected to rely on encryption. The reasons have more to do
> > with the available manpower than anything else.
>
> Sure, but again, for subsystems, you have to define your threat model as
> the LLMs are churning against the code base and coming up with lots of
> crazy ideas if a device should or should not be trusted and spitting out
> patches and reports like the ones that are in the first few patches of
> this series.
>
> So please, pick a model, let's document it, and go with that. I am
> getting directly conflicting responses here.
>
> thanks,
>
> greg k-h
Supposed to be this one:
Documentation/security/snp-tdx-threat-model.rst
what is missing?
--
MST