Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1049232pxb; Sat, 16 Oct 2021 00:00:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxtdy+0DKZiRR5ButLa9YtzxZgEN9tDMlNc9KzTL4PKx/8tntZB4X6XV6yoF/EiSXwuNCxl X-Received: by 2002:a17:906:f2d0:: with SMTP id gz16mr12723213ejb.102.1634367620491; Sat, 16 Oct 2021 00:00:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634367620; cv=none; d=google.com; s=arc-20160816; b=hJ4u0WSIlZFvakzwoVRJrjdLNQBAAjEf0+Ggs/cJ6EkxL+e7mIrN8RCS2gHeJkWbEn 9DXNF+evLCl249SP4y8HAUYCHI6eN1qro3kyLECMWLIqlicxGCtxIO+lFYPdLeWtuPRH JET/dzTEJThGfmlO1cpLT/vaEOEpfBWKuxIGegN53AkeoWhCNRWt0DviLbv5n0g+eyoP 4UwAd+IYCMGKj/gMP1BdcFcATMSFuOQ9egzDWHqkt4wkXbMYi35rggcjWDxspYje7+6F /7UwyBB6GjkLyq2FpDeeh+Rfk8zTRqyyuZnSmZFtpQm3YRxtr57tkGMGtBVXGxOyA/k4 2r9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=9gDlw6Y6EeTbngeapU8nEFgBenZoUJOHaIjmF+i7KVQ=; b=njzhaKQtOh7DUuyX7DZgVlmlbgvU+JQvWV2OnjeCKj1zTqECiZ436G8J5vaKji/qPE a8FExD5h5fieQgecvnPbL8tt5pWeUhUVXJ8kTRzoHDnJmCv5RAcPB6muc68YK07HTSpl nNFOSiD9ghTsMi2GrFHXW5OXNXLRJNw3NUh0d8KduKMj54Ojn0OzWZAFDll3jjAY7l08 8qQq9aYQl9M2evXybaI9/Q0vHK/Z2VGc9AMwuSnnOGZUSnbLNsYlAPNB0oqsVhOcWm8L M1MkzAJ+m9thWip3KG3eD9iGq8YmcblwGWbf3y/97f1OMDi6qEZJneBvZrf2+nvTNW2Y M3cQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ga33si13344335ejc.669.2021.10.15.23.59.57; Sat, 16 Oct 2021 00:00:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236481AbhJONgZ (ORCPT + 99 others); Fri, 15 Oct 2021 09:36:25 -0400 Received: from mga09.intel.com ([134.134.136.24]:19798 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234697AbhJONgY (ORCPT ); Fri, 15 Oct 2021 09:36:24 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10137"; a="227805464" X-IronPort-AV: E=Sophos;i="5.85,375,1624345200"; d="scan'208";a="227805464" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Oct 2021 06:34:18 -0700 X-IronPort-AV: E=Sophos;i="5.85,375,1624345200"; d="scan'208";a="461566038" Received: from akleen-mobl1.amr.corp.intel.com (HELO [10.212.163.167]) ([10.212.163.167]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Oct 2021 06:34:17 -0700 Message-ID: Date: Fri, 15 Oct 2021 06:34:17 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared Content-Language: en-US To: "Michael S. Tsirkin" Cc: linux-kernel@vger.kernel.org, Kuppuswamy Sathyanarayanan References: <20211009070132-mutt-send-email-mst@kernel.org> <8c906de6-5efa-b87a-c800-6f07b98339d0@linux.intel.com> <20211011075945-mutt-send-email-mst@kernel.org> <9d0ac556-6a06-0f2e-c4ff-0c3ce742a382@linux.intel.com> <20211011142330-mutt-send-email-mst@kernel.org> <4fe8d60a-2522-f111-995c-dcbefd0d5e31@linux.intel.com> <20211012165705-mutt-send-email-mst@kernel.org> <20211012171846-mutt-send-email-mst@kernel.org> <20211015024923-mutt-send-email-mst@kernel.org> From: Andi Kleen In-Reply-To: <20211015024923-mutt-send-email-mst@kernel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org cutting down the insane cc list. On 10/14/2021 11:57 PM, Michael S. Tsirkin wrote: > On Thu, Oct 14, 2021 at 10:50:59PM -0700, Andi Kleen wrote: >>> I thought you basically create an OperationRegion of SystemMemory type, >>> and off you go. Maybe the OSPM in Linux is clever and protects >>> some memory, I wouldn't know. >> >> I investigated this now, and it looks like acpi is using ioremap_cache(). We >> can hook into that and force non sharing. It's probably safe to assume that >> this is not used on real IO devices. >> >> I think there are still some other BIOS mappings that use just plain >> ioremap() though. >> >> >> -Andi > Hmm don't you mean the reverse? If you make ioremap shared then OS is > protected from malicious ACPI? Nope > If you don't make it shared then > malicious ACPI can poke at arbitrary OS memory. When it's private it's protected and when it's shared it can be attacked > > For BIOS I suspect there's no way around it, it needs to be > audited since it's executable. The guest BIOS is attested and trusted. The original ACPI tables by the BIOS are attested and trusted too. Just if we map the ACPI tables temporarily shared then an evil hypervisor could modify them during that time window. -Andi