Re: [PATCH v3 2/2] x86/devmem: Drop /dev/mem access for confidential guests

On 4/17/25 12:12, Dan Williams wrote: ...

• /*

• * Enforce encrypted mapping consistency and avoid unaccepted
  

• * memory conflicts, "lockdown" /dev/mem for confidential
  

• * guests.
  

• */
  

• if (IS_ENABLED(CONFIG_STRICT_DEVMEM) &&

•    cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
  

• return -EPERM;
  

A lot of /dev/mem use seems to be poking at random hardware details like BIOS internals, ACPI tables or hardware devices. Those all have modern alternatives. So while I worry that this will make some userspace mad, I have a hard time imagining that it's _relevant_ userspace on a modern x86 CoCo platform where that userspace isn't buggy already.

Acked-by: Dave Hansen dave.hansen@linux.intel.com