| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <73f393a9-32e4-4f39-9834-249068ca3294@intel.com> Date: Thu, 17 Apr 2025 12:33:30 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Dan Williams <dan.j.williams@...el.com>, dave.hansen@...ux.intel.com Cc: x86@...nel.org, Kees Cook <kees@...nel.org>, Ingo Molnar <mingo@...nel.org>, Naveen N Rao <naveen@...nel.org>, Vishal Annapurve <vannapurve@...gle.com>, Kirill Shutemov <kirill.shutemov@...ux.intel.com>, Nikolay Borisov <nik.borisov@...e.com>, stable@...r.kernel.org, linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev Subject: Re: [PATCH v3 2/2] x86/devmem: Drop /dev/mem access for confidential guests On 4/17/25 12:12, Dan Williams wrote: ... > + /* > + * Enforce encrypted mapping consistency and avoid unaccepted > + * memory conflicts, "lockdown" /dev/mem for confidential > + * guests. > + */ > + if (IS_ENABLED(CONFIG_STRICT_DEVMEM) && > + cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) > + return -EPERM; > + A lot of /dev/mem use seems to be poking at random hardware details like BIOS internals, ACPI tables or hardware devices. Those all have modern alternatives. So while I worry that this will make some userspace mad, I have a hard time imagining that it's _relevant_ userspace on a modern x86 CoCo platform where that userspace isn't buggy already. Acked-by: Dave Hansen <dave.hansen@...ux.intel.com>
Powered by blists - more mailing lists