On Thu, Jul 18, 2024 at 05:49:14AM -0700, Christoph Hellwig wrote: > On Thu, Jul 18, 2024 at 01:45:11PM +0100, Matthew Wilcox wrote: > > On Thu, Jul 18, 2024 at 08:40:27AM -0400, Mary Strodl wrote: > > > On Wed, Jul 17, 2024 at 08:04:01PM -0700, Christoph Hellwig wrote: > > > > NAK to a driver creating random writable and exectutable memory: > > > > > > Is there a better way to do what I'm trying to do? Or some way to > > > expose this functionality with more guard rails so that it's a > > > little bit safer? > > > > No, there is no way to do what you're trying to do. > > IFF it is absolutely required to run BIOS provided executable code, > the best way to do that is in a separate userspace process. That does work, but I would assume that since this BIOS exists to communicate with the hardware that it'd need various special privileges and that running in ring 3 would not work. Ultimately, better off running the whole thing inside a VM and passing the device through to the guest. Or ignoring the BIOS entirely and implementing direct access to the hardware. But neither of these approaches is "a way to do what I'm trying to do", they're entirely different approaches to making this hardware work.
