Re: [PATCH v3 2/2] x86/devmem: Drop /dev/mem access for confidential guests
From: Dave Hansen
Date: Thu Apr 17 2025 - 15:33:42 EST
On 4/17/25 12:12, Dan Williams wrote:
...
> + /*
> + * Enforce encrypted mapping consistency and avoid unaccepted
> + * memory conflicts, "lockdown" /dev/mem for confidential
> + * guests.
> + */
> + if (IS_ENABLED(CONFIG_STRICT_DEVMEM) &&
> + cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> + return -EPERM;
> +
A lot of /dev/mem use seems to be poking at random hardware details like
BIOS internals, ACPI tables or hardware devices. Those all have modern
alternatives. So while I worry that this will make some userspace mad, I
have a hard time imagining that it's _relevant_ userspace on a modern
x86 CoCo platform where that userspace isn't buggy already.
Acked-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>