Andi Kleen
2021-Sep-30 19:25 UTC
[PATCH v2 4/6] virtio: Initialize authorized attribute for confidential guest
On 9/30/2021 8:18 AM, Kuppuswamy, Sathyanarayanan wrote:> > > On 9/30/21 6:36 AM, Dan Williams wrote: >>> And in particular, not all virtio drivers are hardened - >>> I think at this point blk and scsi drivers have been hardened - so >>> treating them all the same looks wrong. >> My understanding was that they have been audited, Sathya? > > Yes, AFAIK, it has been audited. Andi also submitted some patches > related to it. Andi, can you confirm. > > We also authorize the virtio at PCI ID level. And currently we allow > console, block and net virtio PCI devices. > > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_NET) }, > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_BLOCK) }, > { PCI_DEVICE(PCI_VENDOR_ID_REDHAT_QUMRANET, VIRTIO_TRANS_ID_CONSOLE) }, >The only drivers that are being audited and fuzzed are these three virtio drivers (in addition to some other x86 code outside the driver model) -Andi