Andi Kleen
2021-Oct-11 17:35 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
> Presumably bios code is in arch/x86 and drivers/acpi, right? > Up to 200 calls the majority of which is likely private ...Yes.> I don't have better ideas but the current setup will just > result in people making their guests vulnerable whenever they > want to allow device pass-through.Yes that's true. For current TDX our target is virtual devices only. But if pass through usage will be really wide spread we may need to revisit. -Andi
Michael S. Tsirkin
2021-Oct-11 18:28 UTC
[PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared
On Mon, Oct 11, 2021 at 10:35:18AM -0700, Andi Kleen wrote:> > > Presumably bios code is in arch/x86 and drivers/acpi, right? > > Up to 200 calls the majority of which is likely private ... > > Yes. > > > I don't have better ideas but the current setup will just > > result in people making their guests vulnerable whenever they > > want to allow device pass-through. > > > Yes that's true. For current TDX our target is virtual devices only. But if > pass through usage will be really wide spread we may need to revisit. > > > -AndiI mean ... it's already wide spread. If we support it with TDX it will be used with TDX. If we don't then I guess it won't, exposing this kind of limitation in a userspace visible way isn't great though. I guess it boils down to the fact that ioremap_host_shared is just not a great interface, users simply have no idea whether a given driver uses ioremap. -- MST