From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A121F9E8 for ; Sat, 18 Jul 2026 03:31:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1784345474; cv=none; b=HXV3bWnxRbleHRShzfLzhUKCuYh7TuVPeQ5YNrCICvul0fp9ij3HK22b2uqoaNAbdbWfX4IlPWRwrP8E+bqHHSmKarjM86efonVrcBZ+hRbrAcUqXan+2rdYIQ9Ml6NR5gSi/2OR7r2xJjILicZtGY7uSuB4gl9tcyzBP8x/QMg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1784345474; c=relaxed/simple; bh=EhOILQ2CzRfX7FpizBFZKa1aP7v+pzIVeM3zBFiukdY=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=SHWZO68SmDiGZyLp9CW4jFNJpsLe11QbgZZeDhRCtYFlM2Xtsnx8v/0YcGEVpOrJv146wx/TMtRst6FO+xdrdamAXtnThiLCx1QGP+y5KXwM9PEgB5SFM7XpNG986O40XvH5MsJP//mAkFGonNKPuvOyrQIEK/f4rOm0MgHjVqM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YNrd2oS7; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YNrd2oS7" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2cace91f112so85138295ad.0 for ; Fri, 17 Jul 2026 20:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1784345472; x=1784950272; darn=vger.kernel.org; h=content-transfer-encoding:content-type:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to :content-type; bh=3tfqyGYtLEB1OXJEi7UqI9+Wt1ooEfiwjFj9XLA9r7g=; b=YNrd2oS7fdgZHTaCb9Jh7cAWT5U5M7fNs+I126sSSjBgYGIQEg/cMXebAQRsM24uFM Agu6YKjPJXvqqOH84b1dNatOWZyqrjJg+oHM1YneIdNu473ukMBksCEds/rJn8M9IuIR sJv55eIGHwmGmUe+D2xQQZwPAiQng0SFVsW2CyAfIQz1JmUARGTtekuuDKwj5lgPUJw+ Z/dGp5LGzTNLEdvow/Irf9goEdkLWg/NfbgUnADSxnfoWBCyy7sHpDRBHf/LplxY/qp6 3nIetciliMC19Exgyy8j2Zz5i4y6PYAqkasZsQ8VSG1k3h8Ec9ngTTZdIGst2FjhT+8E O8Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1784345472; x=1784950272; h=content-transfer-encoding:content-type:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to:content-type; bh=3tfqyGYtLEB1OXJEi7UqI9+Wt1ooEfiwjFj9XLA9r7g=; b=nkt9Lf6d6VAzh7x8y5wgCLh1LIlrgwikTg+DfhcNqwni8AC+labqNBAm7zuWgyj7Hw O2VrdF/y40cEvtHQsMN/t5JyWeY+QrQgG0pnOcTY6KO8Pic/79ASVkL77+1R2JIL8716 eXl65XYdAbuUH17wb5fSyJGEYrnwIVR+BUQhXPwS1y/GCb2g33y1Z5P0oU7XHZPKcRv7 4vn5dHCxPyVQsNvSiE1NgCW3QElnKWmsPvMr+BeqnfXXo4ugi6s9kUWxlHAjbKVzkN/4 j11Id7VwY1vVR+zKb3peHMn8fx+OLa8o/VusLpIV5SRm1qDDTAC2zkJsmVq7aaURZYpE 0v4Q== X-Forwarded-Encrypted: i=1; AHgh+Rrrl3lOAn4eBOz+bEbZpSI75SpEFKzHiFk+hGpC1UVvKu+rxA8CwffSjEA3OxhcY614Hnc9qCCFATnkKmU=@vger.kernel.org X-Gm-Message-State: AOJu0YyeHfwAPhjANXrtCCl1VWFAsonda1RM4NdMNG9miSdgF+wHpDnk 1xobD3dpSdelwTYt/j9yrQpceXP7mVjCAKkZtxqGhry2jLCFBR4WNfxM X-Gm-Gg: AfdE7cnUHM8mXJaJhHmlndwbz6USvXT5FL9nRHRIYEUWeRRXnJtmQ/nPFLz79GX5lFV GBieka66QiSRxqEX9zwYyre3+Gv3lPfVKMP3o22laPTymXPmaA+RJbNlC5YSNkTsgO4CCnsUEwH JyuInjAf+hKyJaoJqQx/LRU04ufw18Pc+RQ4pY9NrJW81zA0iJay+6CTxLCsWkVnG++JwZVIuNw Mt6oCmcSX0uLtnwBgbEvRoEyHYRgkZ/q+lReHi2cEitFNYp2mSAzabtbqNQJ5mvC2xY6XAbfBUa 9ypYXaZgmtoSYfaof9ctF2Zs1uYRpOGXSV9AciFdLRF+xq6/+npZldlPLdbHB19DgBlvrrHsIHE 1M9UrLQ2PdMOvYJWxUU3xnvBg8eU4rTWXLEjA4FXCUkFWadizGaWVnTRNLcCF5m9itQzb+DsvGK /7DK53V8YDK/K7CU3ifNM= X-Received: by 2002:a05:6a21:103:b0:3c3:8315:80b7 with SMTP id adf61e73a8af0-3c3ad677c0dmr5754303637.9.1784345472452; Fri, 17 Jul 2026 20:31:12 -0700 (PDT) Received: from [192.168.86.23] ([136.25.189.61]) by smtp.gmail.com with ESMTPSA id 5a478bee46e88-3142a1e348bsm13253400eec.25.2026.07.17.20.31.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jul 2026 20:31:11 -0700 (PDT) Message-ID: <1fe328d1-edf9-4e72-a145-be74ede20e60@gmail.com> Date: Fri, 17 Jul 2026 20:31:09 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 1/4] virtio-mem: validate device-reported block size To: "Michael S. Tsirkin" , Greg Kroah-Hartman Cc: "David Hildenbrand (Arm)" , Hari Mishal , Jason Wang , Xuan Zhuo , =?UTF-8?Q?Eugenio_P=C3=A9rez?= , virtualization@lists.linux.dev, linux-kernel@vger.kernel.org, elena.reshetova@intel.com References: <20260717014134-mutt-send-email-mst@kernel.org> <3b32a38f-0964-45b9-9529-933abedbf69b@kernel.org> <20260717044019-mutt-send-email-mst@kernel.org> <2026071746-deviation-clad-1712@gregkh> <20260717060822-mutt-send-email-mst@kernel.org> <2026071757-grout-composer-165d@gregkh> <20260717061901-mutt-send-email-mst@kernel.org> <2026071724-asleep-pedigree-ea54@gregkh> <20260717065219-mutt-send-email-mst@kernel.org> <2026071759-thermal-synopsis-7568@gregkh> <20260717085838-mutt-send-email-mst@kernel.org> Content-Language: en-US From: Carlos Bilbao In-Reply-To: <20260717085838-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hey there, On 7/17/26 06:08, Michael S. Tsirkin wrote: > On Fri, Jul 17, 2026 at 02:07:50PM +0200, Greg Kroah-Hartman wrote: >> On Fri, Jul 17, 2026 at 06:52:46AM -0400, Michael S. Tsirkin wrote: >>> On Fri, Jul 17, 2026 at 12:46:52PM +0200, Greg Kroah-Hartman wrote: >>>> On Fri, Jul 17, 2026 at 06:23:57AM -0400, Michael S. Tsirkin wrote: >>>>> On Fri, Jul 17, 2026 at 12:15:09PM +0200, Greg Kroah-Hartman wrote: >>>>>> On Fri, Jul 17, 2026 at 06:10:41AM -0400, Michael S. Tsirkin wrote: >>>>>>> On Fri, Jul 17, 2026 at 11:14:23AM +0200, Greg Kroah-Hartman wrote: >>>>>>>> On Fri, Jul 17, 2026 at 04:59:32AM -0400, Michael S. Tsirkin wrote: >>>>>>>>> On Fri, Jul 17, 2026 at 10:39:40AM +0200, David Hildenbrand (Arm) wrote: >>>>>>>>>> On 7/17/26 07:48, Michael S. Tsirkin wrote: >>>>>>>>>>> On Thu, Jul 16, 2026 at 05:59:05PM +0200, David Hildenbrand (Arm) wrote: >>>>>>>>>>>>> Or do we just always trust virtio mem devices explicitly? >>>>>>>>>>>> It's hard for me to understand where we draw the line, really. >>>>>>>>>>>> >>>>>>>>>>>> But maybe MST can clarify what we care about in virtio world where the >>>>>>>>>>>> hypervisor is fully in charge of the device, >>>>>>>>>>> Generally: >>>>>>>>>>> - The guest is expected to whitelist drivers (most drivers have not >>>>>>>>>>> been audited). >>>>>>>>>> But even if you audited your driver, who makes sure that we consider all ways >>>>>>>>>> where the device could mess with us? >>>>>>>>> A lot of this is up to a correct setup. For example, make sure all >>>>>>>>> filesystems are encrypted and refuse to mount unencrypted ones. >>>>>>>>> >>>>>>>>>> Something feels off here. >>>>>>>>>> >>>>>>>>>> Handling selected out-of-spec scenarios like this feels like a band-aid. Happy >>>>>>>>>> to be corrected. >>>>>>>>> Well Documentation/security/snp-tdx-threat-model.rst puts it like this: >>>>>>>>> It is important to note >>>>>>>>> that this doesn’t imply that the host or VMM are intentionally >>>>>>>>> malicious, but that there exists a security value in having a small CoCo >>>>>>>>> VM TCB. >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> While traditionally the host has unlimited access to guest data and can >>>>>>>>> leverage this access to attack the guest, the CoCo systems mitigate such >>>>>>>>> attacks by adding security features like guest data confidentiality and >>>>>>>>> integrity protection. >>>>>>>>> >>>>>>>>> >>>>>>>>> now, when we are talking about "mitigation" it is indeed becoming a bit >>>>>>>>> murky. >>>>>>>>> >>>>>>>>> >>>>>>>>> For me, a rule of thumb I came up with is that if the validation happens >>>>>>>>> to also be helful for users e.g. to work around buggy devices, >>>>>>>>> or maybe because we feel failing gracefully is nice because this >>>>>>>>> will allow to later make use of this config and old drivers will >>>>>>>>> fail but at least not panic, then it is good to include. >>>>>>>> Why not do what USB does? Don't trust the device until AFTER probe() >>>>>>>> succeeds? All of the needed checking should happen before then, as that >>>>>>>> is a "slow path" so lots of validation and the like can happen at that >>>>>>>> point. >>>>>>>> >>>>>>>> After that, during the normal data paths, after the driver is bound, >>>>>>>> trust it all you want as attempting to validate every single packet is >>>>>>>> just going to be impossible. >>>>>>>> >>>>>>>> thanks, >>>>>>>> >>>>>>>> greg k-h >>>>>>> People do expect that data path validation at this point. >>>>>> Ok, so you want this patch :) >>>>>> >>>>>> And more, as you need to treat everything from the host as "untrusted", >>>>>> and it must be "verified". >>>>> Well. First it's not me) Second it's only specific configurations - >>>>> for example there's no short term plan to validate filesystem code, people >>>>> are expected to rely on encryption. The reasons have more to do >>>>> with the available manpower than anything else. >>>> Sure, but again, for subsystems, you have to define your threat model as >>>> the LLMs are churning against the code base and coming up with lots of >>>> crazy ideas if a device should or should not be trusted and spitting out >>>> patches and reports like the ones that are in the first few patches of >>>> this series. >>>> >>>> So please, pick a model, let's document it, and go with that. I am >>>> getting directly conflicting responses here. >>>> >>>> thanks, >>>> >>>> greg k-h >>> Supposed to be this one: >>> Documentation/security/snp-tdx-threat-model.rst >>> >>> what is missing? >> A policy decision that needs to be made. All that document does is >> describe a bunch of different "threats" yet does not decide what to do >> about them at all from what I can tell. > That would be this section I think: > > The **Linux kernel CoCo VM security objectives** can be summarized as follows: > > it does, indeed, not go into detail about how to interact, safely, > with untrusted entities. Does it really need to be spelled out? > >> And that's just for one subset of the CoC world, right? Is that >> something that all virtio drivers need/want to care about? > What is missing, and what you seem to be asking for, is an opinionated > stance on which drivers we care about in this world? > True. > coco guys tried to annotate drivers at some point to do exactly that. > this was rejected upstream from the position that this is not > different from handling buggy hardware, and just to fix all drivers. > so it's up to users, and I guess for virtio the answer is yes > with some exceptions because we don't have a better answer right now. > >> So I don't see a real answer to the "does Linux trust the host to give >> you good data or not" question in that file, am I missing it? >> >> thanks, >> >> greg k-h > This? Note the last sentence. > > The **Linux CoCo VM attack surface** is any interface exposed from a CoCo > guest Linux kernel towards an untrusted host that is not covered by the > CoCo technology SW/HW protection. This includes any possible > side-channels, as well as transient execution side channels. Examples of > explicit (not side-channel) interfaces include accesses to port I/O, MMIO > and DMA interfaces, access to PCI configuration space, VMM-specific > hypercalls (towards Host-side VMM), access to shared memory pages, > interrupts allowed to be injected into the guest kernel by the host, as > well as CoCo technology-specific hypercalls, if present. Additionally, the > host in a CoCo system typically controls the process of creating a CoCo > guest: it has a method to load into a guest the firmware and bootloader > images, the kernel image together with the kernel command line. All of this > data should also be considered untrusted until its integrity and > authenticity is established via attestation. I'm glad you're finding this document helpful, it took us massive back-and-forth to get somewhere everyone was happy. Here's my 2 cents on this debate, if I may. I think defensive programming is always a positive, and we don't just say, "the spec disallows it". Historically, one of the biggest criticisms of coco, especially around device hardening, was that there were too many values that a malicious/buggy device could misreport, making it a losing battle. That is no longer the case with LLMs, and we have the advantage (and challenge) of open-source dev, which allows us to receive many of these fixes "for free". If others want to burn their tokens, let them :) Thanks, Carlos > > >