Re: [PATCH v5 16/16] x86/tdx: Add cmdline option to force use of ioremap_host_shared

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Interesting. VT-d tradeoffs ... what are they?

The connection to the device is not encrypted and also not authenticated.

This is different that even talking to the (untrusted) host through shared memory where you at least still have a common key.

Allowing hypervisor to write into BIOS looks like it will
trivially lead to code execution, won't it?

This is not about BIOS code executing. While the guest firmware runs it is protected of course. This is for BIOS structures like ACPI tables that are mapped by Linux. While AML can run byte code it can normally not write to arbitrary memory.

The risk is more that all the Linux code dealing with this hasn't been hardened to deal with malicious input.

-Andi




[Index of Archives]     [Netdev]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux