All of lore.kernel.org
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 08/15] device core: Initial device trust infrastructure
Date: Sun, 05 Jul 2026 22:17:49 +0000	[thread overview]
Message-ID: <20260705221750.615B01F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-9-djbw@kernel.org>

Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [High] A device's operational trust level (`dev->p->trust`) is persistently mutated before probe and not reverted on failure or unbind, leaking elevated privileges.
- [High] Providing an invalid `trust=` module parameter silently bypasses the restrictive module trust policy.
- [Low] The kernel fails to compile when CONFIG_DEVICE_TRUST is disabled due to an undeclared require_trust variable.
--

commit b17dbaab0dbd4dc3c3e572b9b6cec407be3b263a
Author: Dan Williams <djbw@kernel.org>

device core: Initial device trust infrastructure
    
Introduce a per-device trust concept. To start, it plumbs "auto" and
"none" levels to enable a scheme of requiring explicit opt-in to operate a
device. This supports a Confidential Computing use case of operating a
limited / vetted device and driver set to bootstrap the environment.
    
Link: http://lore.kernel.org/2026032621-astound-mounted-07a6@gregkh
Link: https://lwn.net/Articles/865918/

> diff --git a/drivers/base/dd.c b/drivers/base/dd.c
> index 60c005223844d..f0b2d58c89a07 100644
> --- a/drivers/base/dd.c
> +++ b/drivers/base/dd.c
> @@ -857,6 +857,11 @@ static int __driver_probe_device(const struct device_driver *drv, struct device
>  	dev_dbg(dev, "bus: '%s': %s: matched device with driver %s\n",
>  		drv->bus->name, __func__, drv->name);
>  
> +	if (!device_trust_bind(drv, dev)) {
> +		dev_dbg(dev, "not trusted to bind\n");
> +		return -ENODEV;
> +	}
> +

[Severity: High]
If really_probe() fails later in this function, or if the driver is unbound via
sysfs, does the device retain its newly elevated operational trust level?

When device_trust_bind() is called, it destructively overwrites dev->p->trust:

drivers/base/trust.c:device_trust_bind() {
        ...
        if (drv_trust != DEVICE_TRUST_UNSET)
                dev->p->trust = drv_trust;
        ...
}

Should there be a mechanism to rollback the device's trust level to its
baseline state on probe failure or driver unbind?

>  	pm_runtime_get_suppliers(dev);
>  	if (dev->parent)
>  		pm_runtime_get_sync(dev->parent);

> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 46dd8d25a6058..3e1fe9966d50b 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c

[ ... ]

> @@ -3375,6 +3382,11 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
>  		return 0;
>  	}
>  
> +	if (strcmp(param, "trust") == 0) {
> +		module_driver_trust(mod, val);
> +		return 0;
> +	}
> +

[Severity: High]
Can a malicious or unvetted driver bypass the explicit opt-in policy
(require_trust=1) by passing an invalid trust parameter?

If an unrecognized value like "trust=garbage" is passed, device_trust_parse()
returns DEVICE_TRUST_UNSET (0). module_driver_trust() will then overwrite
mod->trust with DEVICE_TRUST_UNSET.

Because this function unconditionally returns 0 (success) without checking for
invalid input, the module load succeeds. During probe, device_trust_bind()
ignores DEVICE_TRUST_UNSET and falls back to the device's existing trust level:

drivers/base/trust.c:device_trust_bind() {
        enum device_trust drv_trust = driver_trust(drv->owner);

        if (drv_trust != DEVICE_TRUST_UNSET)
                dev->p->trust = drv_trust;
        return dev->p->trust > DEVICE_TRUST_NONE;
}

This seems to erase the restrictive DEVICE_TRUST_NONE default policy and might
allow an unvetted driver to successfully attach. Should we return an error or
reject the load on invalid trust= values?

>  	/* Check for magic 'dyndbg' arg */
>  	ret = ddebug_dyndbg_module_param_cb(param, val, modname);

[ ... ]

> @@ -3544,6 +3556,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
>  		goto bug_cleanup;
>  
>  	mod->async_probe_requested = async_probe;
> +	module_driver_trust_init(mod, require_trust);
>  

[Severity: Low]
Does this cause a build failure when CONFIG_DEVICE_TRUST is disabled?

The require_trust variable is declared inside an #ifdef CONFIG_DEVICE_TRUST
block earlier in this file, but it is passed unconditionally here. 

Since module_driver_trust_init() is defined as a static inline function in
include/linux/device/trust.h when the config is disabled, the compiler will
still evaluate its arguments, which would result in an undeclared variable
error.

>  	/* Module is ready to execute: parsing args may do that. */
>  	after_dashes = parse_args(mod->name, mod->args, mod->kp, mod->num_kp,

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=8

  reply	other threads:[~2026-07-05 22:17 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17   ` sashiko-bot [this message]
2026-07-06 13:45   ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-06 13:49   ` Jason Gunthorpe
2026-07-07 13:04   ` Robin Murphy
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28   ` sashiko-bot
2026-07-06 12:42   ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55   ` Dan Williams (nvidia)
2026-07-07 12:43     ` Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260705221750.615B01F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=djbw@kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.