Linux PCI subsystem development
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 08/15] device core: Initial device trust infrastructure
Date: Sun, 05 Jul 2026 22:17:49 +0000	[thread overview]
Message-ID: <20260705221750.615B01F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-9-djbw@kernel.org>

Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [High] A device's operational trust level (`dev->p->trust`) is persistently mutated before probe and not reverted on failure or unbind, leaking elevated privileges.
- [High] Providing an invalid `trust=` module parameter silently bypasses the restrictive module trust policy.
- [Low] The kernel fails to compile when CONFIG_DEVICE_TRUST is disabled due to an undeclared require_trust variable.
--

commit b17dbaab0dbd4dc3c3e572b9b6cec407be3b263a
Author: Dan Williams <djbw@kernel.org>

device core: Initial device trust infrastructure
    
Introduce a per-device trust concept. To start, it plumbs "auto" and
"none" levels to enable a scheme of requiring explicit opt-in to operate a
device. This supports a Confidential Computing use case of operating a
limited / vetted device and driver set to bootstrap the environment.
    
Link: http://lore.kernel.org/2026032621-astound-mounted-07a6@gregkh
Link: https://lwn.net/Articles/865918/

> diff --git a/drivers/base/dd.c b/drivers/base/dd.c
> index 60c005223844d..f0b2d58c89a07 100644
> --- a/drivers/base/dd.c
> +++ b/drivers/base/dd.c
> @@ -857,6 +857,11 @@ static int __driver_probe_device(const struct device_driver *drv, struct device
>  	dev_dbg(dev, "bus: '%s': %s: matched device with driver %s\n",
>  		drv->bus->name, __func__, drv->name);
>  
> +	if (!device_trust_bind(drv, dev)) {
> +		dev_dbg(dev, "not trusted to bind\n");
> +		return -ENODEV;
> +	}
> +

[Severity: High]
If really_probe() fails later in this function, or if the driver is unbound via
sysfs, does the device retain its newly elevated operational trust level?

When device_trust_bind() is called, it destructively overwrites dev->p->trust:

drivers/base/trust.c:device_trust_bind() {
        ...
        if (drv_trust != DEVICE_TRUST_UNSET)
                dev->p->trust = drv_trust;
        ...
}

Should there be a mechanism to rollback the device's trust level to its
baseline state on probe failure or driver unbind?

>  	pm_runtime_get_suppliers(dev);
>  	if (dev->parent)
>  		pm_runtime_get_sync(dev->parent);

> diff --git a/kernel/module/main.c b/kernel/module/main.c
> index 46dd8d25a6058..3e1fe9966d50b 100644
> --- a/kernel/module/main.c
> +++ b/kernel/module/main.c

[ ... ]

> @@ -3375,6 +3382,11 @@ static int unknown_module_param_cb(char *param, char *val, const char *modname,
>  		return 0;
>  	}
>  
> +	if (strcmp(param, "trust") == 0) {
> +		module_driver_trust(mod, val);
> +		return 0;
> +	}
> +

[Severity: High]
Can a malicious or unvetted driver bypass the explicit opt-in policy
(require_trust=1) by passing an invalid trust parameter?

If an unrecognized value like "trust=garbage" is passed, device_trust_parse()
returns DEVICE_TRUST_UNSET (0). module_driver_trust() will then overwrite
mod->trust with DEVICE_TRUST_UNSET.

Because this function unconditionally returns 0 (success) without checking for
invalid input, the module load succeeds. During probe, device_trust_bind()
ignores DEVICE_TRUST_UNSET and falls back to the device's existing trust level:

drivers/base/trust.c:device_trust_bind() {
        enum device_trust drv_trust = driver_trust(drv->owner);

        if (drv_trust != DEVICE_TRUST_UNSET)
                dev->p->trust = drv_trust;
        return dev->p->trust > DEVICE_TRUST_NONE;
}

This seems to erase the restrictive DEVICE_TRUST_NONE default policy and might
allow an unvetted driver to successfully attach. Should we return an error or
reject the load on invalid trust= values?

>  	/* Check for magic 'dyndbg' arg */
>  	ret = ddebug_dyndbg_module_param_cb(param, val, modname);

[ ... ]

> @@ -3544,6 +3556,7 @@ static int load_module(struct load_info *info, const char __user *uargs,
>  		goto bug_cleanup;
>  
>  	mod->async_probe_requested = async_probe;
> +	module_driver_trust_init(mod, require_trust);
>  

[Severity: Low]
Does this cause a build failure when CONFIG_DEVICE_TRUST is disabled?

The require_trust variable is declared inside an #ifdef CONFIG_DEVICE_TRUST
block earlier in this file, but it is passed unconditionally here. 

Since module_driver_trust_init() is defined as a static inline function in
include/linux/device/trust.h when the config is disabled, the compiler will
still evaluate its arguments, which would result in an undeclared variable
error.

>  	/* Module is ready to execute: parsing args may do that. */
>  	after_dashes = parse_args(mod->name, mod->args, mod->kp, mod->num_kp,

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=8

  reply	other threads:[~2026-07-05 22:17 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17   ` sashiko-bot [this message]
2026-07-06 13:45   ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-06 13:49   ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28   ` sashiko-bot
2026-07-06 12:42   ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24   ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25   ` sashiko-bot
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55   ` Dan Williams (nvidia)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260705221750.615B01F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=djbw@kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox