Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstraction

From: Sean Christopherson
Date: Wed Jun 02 2021 - 13:20:36 EST


On Tue, Jun 01, 2021, Kuppuswamy Sathyanarayanan wrote:
> diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h
> index 9c80c68d75b5..1492b0eb29d0 100644
> --- a/arch/x86/include/asm/mem_encrypt.h
> +++ b/arch/x86/include/asm/mem_encrypt.h
> @@ -56,6 +56,8 @@ bool sev_es_active(void);
>
> #define __bss_decrypted __section(".bss..decrypted")
>
> +bool amd_protected_guest_has(unsigned long flag);


Why call one by the vendor (amd) and the other by the technology (tdx)?
sev_protected_guest_has() seems like the more logical name, e.g. if AMD CPUs
gain a new non-SEV technology then we'll have a mess.

> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index f0c1912837c8..cbfe7479f2a3 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -71,6 +71,8 @@ u64 __tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9,
> u64 __tdx_hypercall(u64 fn, u64 r12, u64 r13, u64 r14, u64 r15,
> struct tdx_hypercall_output *out);
>
> +bool tdx_protected_guest_has(unsigned long flag);

...

> +static inline bool protected_guest_has(unsigned long flag)
> +{
> + if (is_tdx_guest())
> + return tdx_protected_guest_has(flag);
> + else if (mem_encrypt_active())

Shouldn't this be sev_active()? mem_encrypt_active() will return true for SME,
too.

> + return amd_protected_guest_has(flag);
> +
> + return false;
> +}