Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
From: Michael S. Tsirkin
Date: Sat Oct 09 2021 - 07:04:29 EST
On Fri, Oct 08, 2021 at 05:37:11PM -0700, Kuppuswamy Sathyanarayanan wrote:
> + ioremap_force_shared= [X86_64, CCG]
> + Force the kernel to use shared memory mappings which do
> + not use ioremap_host_shared/pcimap_host_shared to opt-in
> + to shared mappings with the host. This feature is mainly
> + used by a confidential guest when enabling new drivers
> + without proper shared memory related changes. Please note
> + that this option might also allow other non explicitly
> + enabled drivers to interact with the host in confidential
> + guest, which could cause other security risks. This option
> + will also cause BIOS data structures to be shared with the
> + host, which might open security holes.
> +
> io7= [HW] IO7 for Marvel-based Alpha systems
> See comment before marvel_specify_io7 in
> arch/alpha/kernel/core_marvel.c.
The connection is quite unfortunate IMHO.
Can't there be an option
that unbreaks drivers *without* opening up security holes by
making BIOS shared?
--
MST