From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andi Kleen Subject: Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared Date: Tue, 12 Oct 2021 14:18:01 -0700 Message-ID: References: <20211009003711.1390019-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20211009003711.1390019-17-sathyanarayanan.kuppuswamy@linux.intel.com> <20211009070132-mutt-send-email-mst@kernel.org> <8c906de6-5efa-b87a-c800-6f07b98339d0@linux.intel.com> <20211011075945-mutt-send-email-mst@kernel.org> <9d0ac556-6a06-0f2e-c4ff-0c3ce742a382@linux.intel.com> <20211011142330-mutt-send-email-mst@kernel.org> <4fe8d60a-2522-f111-995c-dcbefd0d5e31@linux.intel.com> <20211012165705-mutt-send-email-mst@kernel.org> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Content-Language: en-US In-Reply-To: <20211012165705-mutt-send-email-mst@kernel.org> List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: "Michael S. Tsirkin" Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Peter Zijlstra , Andy Lutomirski , Bjorn Helgaas , Richard Henderson , Thomas Bogendoerfer , James E J Bottomley , Helge Deller , "David S . Miller" , Arnd Bergmann , Jonathan Corbet , Paolo Bonzini , David Hildenbrand , Andrea Arcangeli , Josh Poimboeuf , Peter H Anvin > Interesting. VT-d tradeoffs ... what are they? The connection to the device is not encrypted and also not authenticated. This is different that even talking to the (untrusted) host through shared memory where you at least still have a common key. > Allowing hypervisor to write into BIOS looks like it will > trivially lead to code execution, won't it? This is not about BIOS code executing. While the guest firmware runs it is protected of course. This is for BIOS structures like ACPI tables that are mapped by Linux. While AML can run byte code it can normally not write to arbitrary memory. The risk is more that all the Linux code dealing with this hasn't been hardened to deal with malicious input. -Andi