On Tue, Aug 24, 2021 at 01:14:02PM -0700, Andi Kleen
wrote:>
> On 8/24/2021 11:55 AM, Bjorn Helgaas wrote:
> > [+cc Rajat; I still don't know what "shared memory with a
hypervisor
> > in a confidential guest" means,
>
> A confidential guest is a guest which uses memory encryption to isolate
> itself from the host. It doesn't trust the host. But it still needs to
> communicate with the host for IO, so it has some special memory areas that
> are explicitly marked shared. These are used to do IO with the host. All
> their usage needs to be carefully hardened to avoid any security attacks on
> the guest, that's why we want to limit this interaction only to a small
set
> of hardened drivers. For MMIO, the set is currently only virtio and MSI-X.
Good material for the commit log next time around. Thanks!
Bjorn