Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared

From: Michael S. Tsirkin
Date: Tue Oct 12 2021 - 17:00:05 EST

Next message: David Laight: "RE: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent()"
Previous message: Suren Baghdasaryan: "Re: [PATCH v10 3/3] mm: add anonymous vma name refcounting"
In reply to: Andi Kleen: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Next in thread: Andi Kleen: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 12, 2021 at 10:55:20AM -0700, Andi Kleen wrote:
>
> > I mean ... it's already wide spread.
>
>
> I meant wide spread usage with confidential guests.
>
> > If we support it with TDX
> > it will be used with TDX.
>
> It has some security trade offs. The main reason to use TDX is security.
> Also when people take the VT-d tradeoffs they might be ok with the BIOS
> trade offs too.
>
> -Andi

Interesting. VT-d tradeoffs ... what are they?
Allowing hypervisor to write into BIOS looks like it will
trivially lead to code execution, won't it?

--
MST

Next message: David Laight: "RE: [PATCH] tpm: ibmvtpm: Make use of dma_alloc_coherent()"
Previous message: Suren Baghdasaryan: "Re: [PATCH v10 3/3] mm: add anonymous vma name refcounting"
In reply to: Andi Kleen: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Next in thread: Andi Kleen: "Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]