On Fri, Oct 08, 2021 at 05:37:11PM -0700, Kuppuswamy Sathyanarayanan wrote: > + ioremap_force_shared= [X86_64, CCG] > + Force the kernel to use shared memory mappings which do > + not use ioremap_host_shared/pcimap_host_shared to opt-in > + to shared mappings with the host. This feature is mainly > + used by a confidential guest when enabling new drivers > + without proper shared memory related changes. Please note > + that this option might also allow other non explicitly > + enabled drivers to interact with the host in confidential > + guest, which could cause other security risks. This option > + will also cause BIOS data structures to be shared with the > + host, which might open security holes. > + > io7= [HW] IO7 for Marvel-based Alpha systems > See comment before marvel_specify_io7 in > arch/alpha/kernel/core_marvel.c. The connection is quite unfortunate IMHO. Can't there be an option that unbreaks drivers *without* opening up security holes by making BIOS shared? -- MST
