Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp2825783pxb;
        Tue, 12 Oct 2021 14:22:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwe1JhyAxmuOsPdNVIIsOubZvL3+qupNTKKezNtb5ivQiMHawdBi8WRNghE3Qki1dN2cyIs
X-Received: by 2002:a05:6402:141:: with SMTP id s1mr3146096edu.317.1634073778031;
        Tue, 12 Oct 2021 14:22:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1634073778; cv=none;
        d=google.com; s=arc-20160816;
        b=mGleziBeI/WgSbAc7/MPD7BQKt0wXhm8k21/S5+/bhQFyaqJvZz9m3GRgotNSFSSc/
         HCRjtJduGKlEd3HILYuevH9yQPOIRijrTWilX7SdRbmVFn+SLyIr6jAHqRRwBny/2kv6
         AonW9HxhKLOUvnGVFdTwm7lXhDuUHymm7GCe80gk8qPDc8LskBvhqX42z1tWRRjVRaUK
         g3SC8KpOkdiyZbdtgr/1Jrc/0QVtV35cIGwq2HuMuN1WdTZJgaEn8lZHEN3zk1dgjp8U
         PVnXra1Qp2EpY5Sylq6Jz5fkg9d5yJCSZdUzYX4vexx75oej8jQ1edJT8Tp9CIyP38F2
         LSsg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id;
        bh=AsC7uHrqHr8nIM5bnrTH+dSBt0YkDpkf7Ea1fAsIGh8=;
        b=U5P5kRWxONwmyGC3/KXDj0BBhTXRHM8OY/hen/l/P8W2avnQkXI4eyYbuF8LQOLXBd
         LpDILrqKZQK4ZToBdYSFFUUIkeYotf2euSgarGYgxkZQm9A8YPuVOcdd0i/XnHWfRy9C
         j1U06dgM+UbPN3F+LeurvFKE8V5JiZ68QtcIMAHFTQ+EJYHcTOPElFApogyORp9Vk/MJ
         dPxYaWlwSYgvGxtqNCKkk9fBbrpxJt+nWNAyyO9Q7Y76l6K7m5XR1ED9P0cqJQr3eVX2
         c338fxRq8aEhqfrDaMiTda9Sl3ehKoBuuxELsiuvzuiWzVFEeEx6eCXwx/LrDiJ3mGWg
         mFfQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l1si25493992ejo.68.2021.10.12.14.22.33;
        Tue, 12 Oct 2021 14:22:58 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235535AbhJLVUI (ORCPT <rfc822;lowstz@gmail.com> + 99 others);
        Tue, 12 Oct 2021 17:20:08 -0400
Received: from mga04.intel.com ([192.55.52.120]:54542 "EHLO mga04.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233223AbhJLVUG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Oct 2021 17:20:06 -0400
X-IronPort-AV: E=McAfee;i="6200,9189,10135"; a="226046695"
X-IronPort-AV: E=Sophos;i="5.85,368,1624345200"; 
   d="scan'208";a="226046695"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Oct 2021 14:18:04 -0700
X-IronPort-AV: E=Sophos;i="5.85,368,1624345200"; 
   d="scan'208";a="562831872"
Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.209.115.208]) ([10.209.115.208])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Oct 2021 14:18:02 -0700
Message-ID: <c09c961d-f433-4a68-0b38-208ffe8b36c7@linux.intel.com>
Date:   Tue, 12 Oct 2021 14:18:01 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.2.0
Subject: Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of
 ioremap_host_shared
Content-Language: en-US
To:     "Michael S. Tsirkin" <mst@redhat.com>
Cc:     Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Peter Zijlstra <peterz@infradead.org>,
        Andy Lutomirski <luto@kernel.org>,
        Bjorn Helgaas <bhelgaas@google.com>,
        Richard Henderson <rth@twiddle.net>,
        Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
        James E J Bottomley <James.Bottomley@hansenpartnership.com>,
        Helge Deller <deller@gmx.de>,
        "David S . Miller" <davem@davemloft.net>,
        Arnd Bergmann <arnd@arndb.de>,
        Jonathan Corbet <corbet@lwn.net>,
        Paolo Bonzini <pbonzini@redhat.com>,
        David Hildenbrand <david@redhat.com>,
        Andrea Arcangeli <aarcange@redhat.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Peter H Anvin <hpa@zytor.com>,
        Dave Hansen <dave.hansen@intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Dan Williams <dan.j.williams@intel.com>,
        Kirill Shutemov <kirill.shutemov@linux.intel.com>,
        Sean Christopherson <seanjc@google.com>,
        Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
        x86@kernel.org, linux-kernel@vger.kernel.org,
        linux-pci@vger.kernel.org, linux-alpha@vger.kernel.org,
        linux-mips@vger.kernel.org, linux-parisc@vger.kernel.org,
        sparclinux@vger.kernel.org, linux-arch@vger.kernel.org,
        linux-doc@vger.kernel.org,
        virtualization@lists.linux-foundation.org
References: <20211009003711.1390019-1-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20211009003711.1390019-17-sathyanarayanan.kuppuswamy@linux.intel.com>
 <20211009070132-mutt-send-email-mst@kernel.org>
 <8c906de6-5efa-b87a-c800-6f07b98339d0@linux.intel.com>
 <20211011075945-mutt-send-email-mst@kernel.org>
 <9d0ac556-6a06-0f2e-c4ff-0c3ce742a382@linux.intel.com>
 <20211011142330-mutt-send-email-mst@kernel.org>
 <4fe8d60a-2522-f111-995c-dcbefd0d5e31@linux.intel.com>
 <20211012165705-mutt-send-email-mst@kernel.org>
From:   Andi Kleen <ak@linux.intel.com>
In-Reply-To: <20211012165705-mutt-send-email-mst@kernel.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> Interesting. VT-d tradeoffs ... what are they?

The connection to the device is not encrypted and also not authenticated.

This is different that even talking to the (untrusted) host through 
shared memory where you at least still have a common key.

> Allowing hypervisor to write into BIOS looks like it will
> trivially lead to code execution, won't it?

This is not about BIOS code executing. While the guest firmware runs it 
is protected of course. This is for BIOS structures like ACPI tables 
that are mapped by Linux. While AML can run byte code it can normally 
not write to arbitrary memory.

The risk is more that all the Linux code dealing with this hasn't been 
hardened to deal with malicious input.

-Andi