Re: [PATCH 08/26] x86/tdx: Handle in-kernel MMIO

From: Borislav Petkov
Date: Fri Jan 07 2022 - 08:46:50 EST


On Wed, Jan 05, 2022 at 06:43:11PM +0300, Kirill A. Shutemov wrote:
> Not encrypted, saved/restored by TDX module. But yes, cannot be exposed
> (without guest intend).
>
> I talk here about *why* the traditional way to handle MMIO -- on VMM side
> -- doesn't work for TDX. It's not safe with untrusted VMM.

Lemme see if I understand this correctly: TDX module saves/restores
guest registers so a malicious hypervisor cannot access them? And that's
why you can't do the traditional way MMIO is done?

> readX()/writeX() helpers limit the range of instructions which can trigger
> MMIO. It makes MMIO instruction emulation feasible. Raw access to MMIO
> region allows compiler to generate whatever instruction it wants.
> Supporting all possible instructions is a task of a different scope.

Yap, please add that to the commit message.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette