Andi Kleen
2021-Oct-11 02:39 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
> The connection is quite unfortunate IMHO. > Can't there be an option > that unbreaks drivers *without* opening up security holes by > making BIOS shared?That would require new low level APIs that distinguish both cases, and a tree sweep. -Andi
Michael S. Tsirkin
2021-Oct-11 12:04 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
On Sun, Oct 10, 2021 at 07:39:55PM -0700, Andi Kleen wrote:> > > The connection is quite unfortunate IMHO. > > Can't there be an option > > that unbreaks drivers *without* opening up security holes by > > making BIOS shared? > > That would require new low level APIs that distinguish both cases, and a > tree sweep. > > > -AndiPresumably bios code is in arch/x86 and drivers/acpi, right? Up to 200 calls the majority of which is likely private ... I don't have better ideas but the current setup will just result in people making their guests vulnerable whenever they want to allow device pass-through. -- MST