From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 08/15] device core: Initial device trust infrastructure
Date: Sun, 05 Jul 2026 22:17:49 +0000 [thread overview]
Message-ID: <20260705221750.615B01F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-9-djbw@kernel.org>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [High] A device's operational trust level (`dev->p->trust`) is persistently mutated before probe and not reverted on failure or unbind, leaking elevated privileges.
- [High] Providing an invalid `trust=` module parameter silently bypasses the restrictive module trust policy.
- [Low] The kernel fails to compile when CONFIG_DEVICE_TRUST is disabled due to an undeclared require_trust variable.
--
commit b17dbaab0dbd4dc3c3e572b9b6cec407be3b263a
Author: Dan Williams <djbw@kernel.org>
device core: Initial device trust infrastructure
Introduce a per-device trust concept. To start, it plumbs "auto" and
"none" levels to enable a scheme of requiring explicit opt-in to operate a
device. This supports a Confidential Computing use case of operating a
limited / vetted device and driver set to bootstrap the environment.
Link: http://lore.kernel.org/2026032621-astound-mounted-07a6@gregkh
Link: https://lwn.net/Articles/865918/
> diff --git a/drivers/base/dd.c b/drivers/base/dd.c
> index 60c005223844d..f0b2d58c89a07 100644
> --- a/drivers/base/dd.c
> +++ b/drivers/base/dd.c
> @@ -857,6 +857,11 @@ static int __driver_probe_device(const struct device_driver *drv, struct device
> dev_dbg(dev, "bus: '%s': %s: matched device with driver %s\n",
> drv->bus->name, __func__, drv->name);
>
> + if (!device_trust_bind(drv, dev)) {
> + dev_dbg(dev, "not trusted to bind\n");
> + return -ENODEV;
> + }
> +
[Severity: High]
If really_probe() fails later in this function, or if the driver is unbound via
sysfs, does the device retain its newly elevated operational trust level?
When device_trust_bind() is called, it destructively overwrites dev->p->trust:
drivers/base/trust.c:device_trust_bind() {
...
if (drv_trust != DEVICE_TRUST_UNSET)
dev->p->trust = drv_trust;
...
}
Should there be a mechanism to rollback the device's trust level to its
baseline state on probe failure or driver unbind?
> pm_runtime_get_suppliers(dev);
> if (dev->parent)
> pm_runtime_get_sync(dev->parent);
> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 46dd8d25a6058..3e1fe9966d50b 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c
[ ... ]
> @@ -3375,6 +3382,11 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
> return 0;
> }
>
> + if (strcmp(param, "trust") == 0) {
> + module_driver_trust(mod, val);
> + return 0;
> + }
> +
[Severity: High]
Can a malicious or unvetted driver bypass the explicit opt-in policy
(require_trust=1) by passing an invalid trust parameter?
If an unrecognized value like "trust=garbage" is passed, device_trust_parse()
returns DEVICE_TRUST_UNSET (0). module_driver_trust() will then overwrite
mod->trust with DEVICE_TRUST_UNSET.
Because this function unconditionally returns 0 (success) without checking for
invalid input, the module load succeeds. During probe, device_trust_bind()
ignores DEVICE_TRUST_UNSET and falls back to the device's existing trust level:
drivers/base/trust.c:device_trust_bind() {
enum device_trust drv_trust = driver_trust(drv->owner);
if (drv_trust != DEVICE_TRUST_UNSET)
dev->p->trust = drv_trust;
return dev->p->trust > DEVICE_TRUST_NONE;
}
This seems to erase the restrictive DEVICE_TRUST_NONE default policy and might
allow an unvetted driver to successfully attach. Should we return an error or
reject the load on invalid trust= values?
> /* Check for magic 'dyndbg' arg */
> ret = ddebug_dyndbg_module_param_cb(param, val, modname);
[ ... ]
> @@ -3544,6 +3556,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
> goto bug_cleanup;
>
> mod->async_probe_requested = async_probe;
> + module_driver_trust_init(mod, require_trust);
>
[Severity: Low]
Does this cause a build failure when CONFIG_DEVICE_TRUST is disabled?
The require_trust variable is declared inside an #ifdef CONFIG_DEVICE_TRUST
block earlier in this file, but it is passed unconditionally here.
Since module_driver_trust_init() is defined as a static inline function in
include/linux/device/trust.h when the config is disabled, the compiler will
still evaluate its arguments, which would result in an undeclared variable
error.
> /* Module is ready to execute: parsing args may do that. */
> after_dashes = parse_args(mod->name, mod->args, mod->kp, mod->num_kp,
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=8
next prev parent reply other threads:[~2026-07-05 22:17 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17 ` sashiko-bot [this message]
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28 ` sashiko-bot
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260705221750.615B01F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=djbw@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox