On Tue, Aug 24, 2021 at 01:14:02PM -0700, Andi Kleen wrote: > > On 8/24/2021 11:55 AM, Bjorn Helgaas wrote: > > [+cc Rajat; I still don't know what "shared memory with a hypervisor > > in a confidential guest" means, > > A confidential guest is a guest which uses memory encryption to isolate > itself from the host. It doesn't trust the host. But it still needs to > communicate with the host for IO, so it has some special memory areas that > are explicitly marked shared. These are used to do IO with the host. All > their usage needs to be carefully hardened to avoid any security attacks on > the guest, that's why we want to limit this interaction only to a small set > of hardened drivers. For MMIO, the set is currently only virtio and MSI-X. Good material for the commit log next time around. Thanks! Bjorn
