Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest

[PATCH v2 0/6] Add device filter support · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
[PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · "Rafael J. Wysocki" <rafael@kernel.org> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Yehezkel Bernat <yehezkelshb@gmail.com> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Yehezkel Bernat <yehezkelshb@gmail.com> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 1/6] driver core: Move the "authorized" attribute from USB/Thunderbolt to core · Dan Williams <hidden> · 2021-09-30
[PATCH v2 3/6] driver core: Allow arch to initialize the authorized attribute · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
[PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Andi Kleen <hidden> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Andi Kleen <hidden> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-01
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-10-01
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Andi Kleen <hidden> · 2021-10-01
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Andi Kleen <hidden> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Alan Stern <stern@rowland.harvard.edu> · 2021-10-01
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Dan Williams <hidden> · 2021-10-01
Re: [PATCH v2 2/6] driver core: Add common support to skip probe for un-authorized devices · Andi Kleen <hidden> · 2021-09-30
[PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Michael S. Tsirkin" <mst@redhat.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Andi Kleen <hidden> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Andi Kleen <hidden> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-02
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-02
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Andi Kleen <hidden> · 2021-10-02
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-02
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Michael S. Tsirkin" <mst@redhat.com> · 2021-10-02
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-03
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-10-04
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Alan Stern <stern@rowland.harvard.edu> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Alan Stern <stern@rowland.harvard.edu> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-10-01
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Mika Westerberg <mika.westerberg@linux.intel.com> · 2021-10-04
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Dan Williams <hidden> · 2021-10-05
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2021-10-06
Re: [PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest · Andi Kleen <hidden> · 2021-09-30
[PATCH v2 6/6] PCI: Initialize authorized attribute for confidential guest · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30
[PATCH v2 5/6] x86/tdx: Add device filter support for x86 TDX guest platform · Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com> · 2021-09-30

From: "Kuppuswamy, Sathyanarayanan" <sathyanarayanan.kuppuswamy@linux.intel.com>
Date: 2021-09-30 15:18:59
Also in: linux-pci, lkml


On 9/30/21 6:36 AM, Dan Williams wrote:

quoted

And in particular, not all virtio drivers are hardened -
I think at this point blk and scsi drivers have been hardened - so
treating them all the same looks wrong.

My understanding was that they have been audited, Sathya?

Yes, AFAIK, it has been audited. Andi also submitted some patches
related to it. Andi, can you confirm.

We also authorize the virtio at PCI ID level. And currently we allow
console, block and net virtio PCI devices.

{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_NET) },
{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_BLOCK) },
{ PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_CONSOLE) },


-- 
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help