On Fri, Oct 08, 2021 at 05:37:11PM -0700, Kuppuswamy Sathyanarayanan wrote:

+	ioremap_force_shared= [X86_64, CCG]
+			Force the kernel to use shared memory mappings which do
+			not use ioremap_host_shared/pcimap_host_shared to opt-in
+			to shared mappings with the host. This feature is mainly
+			used by a confidential guest when enabling new drivers
+			without proper shared memory related changes. Please note
+			that this option might also allow other non explicitly
+			enabled drivers to interact with the host in confidential
+			guest, which could cause other security risks. This option
+			will also cause BIOS data structures to be shared with the
+			host, which might open security holes.
+
 	io7=		[HW] IO7 for Marvel-based Alpha systems
 			See comment before marvel_specify_io7 in
 			arch/alpha/kernel/core_marvel.c.

The connection is quite unfortunate IMHO.
Can't there be an option
that unbreaks drivers *without* opening up security holes by
making BIOS shared?

-- 
MST

_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization