Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests

From: Dave Hansen
Date: Tue Apr 08 2025 - 17:20:43 EST

Next message: Brian Norris: "Re: [RFC] PCI: pwrctrl and link-up dependencies"
Previous message: Andrew Morton: "Re: [PATCH] MAINTAINERS: add memory advice section"
In reply to: Tom Lendacky: "Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests"
Next in thread: Dan Williams: "Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/8/25 06:43, Tom Lendacky wrote:
>> Tom/Boris, do you see a problem blocking access to /dev/mem for SEV
>> guests?
> Not sure why we would suddenly not allow that.

Both TDX and SEV-SNP have issues with allowing access to /dev/mem.
Disallowing access to the individually troublesome regions can fix
_part_ of the problem. But suddenly blocking access is guaranteed to fix
*ALL* the problems forever.

Or, maybe we just start returning 0's for all reads and throw away all
writes. That is probably less likely to break userspace that doesn't
know what it's doing in the first place.

Next message: Brian Norris: "Re: [RFC] PCI: pwrctrl and link-up dependencies"
Previous message: Andrew Morton: "Re: [PATCH] MAINTAINERS: add memory advice section"
In reply to: Tom Lendacky: "Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests"
Next in thread: Dan Williams: "Re: [RFC PATCH] x86/sev: Disallow userspace access to BIOS region for SEV-SNP guests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]