Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared

From: Andi Kleen
Date: Tue Oct 12 2021 - 17:18:06 EST

Next message: Michael S. Tsirkin: "Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range()"
Previous message: Guenter Roeck: "Re: [PATCH 5.10 00/81] 5.10.73-rc3 review"
In reply to: Michael S. Tsirkin: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Interesting. VT-d tradeoffs ... what are they?

The connection to the device is not encrypted and also not authenticated.

This is different that even talking to the (untrusted) host through shared memory where you at least still have a common key.

Allowing hypervisor to write into BIOS looks like it will
trivially lead to code execution, won't it?

This is not about BIOS code executing. While the guest firmware runs it is protected of course. This is for BIOS structures like ACPI tables that are mapped by Linux. While AML can run byte code it can normally not write to arbitrary memory.

The risk is more that all the Linux code dealing with this hasn't been hardened to deal with malicious input.

-Andi

Next message: Michael S. Tsirkin: "Re: [PATCH v5 12/16] PCI: Add pci_iomap_host_shared(), pci_iomap_host_shared_range()"
Previous message: Guenter Roeck: "Re: [PATCH 5.10 00/81] 5.10.73-rc3 review"
In reply to: Michael S. Tsirkin: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Next in thread: Michael S. Tsirkin: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]