Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstraction
From: Tom Lendacky
Date: Wed Jun 02 2021 - 14:19:18 EST
On 6/1/21 4:14 PM, Kuppuswamy Sathyanarayanan wrote:
> Add a generic way to check if we run with an encrypted guest,
> without requiring x86 specific ifdefs. This can then be used in
> non architecture specific code.
>
> protected_guest_has() is used to check for protected guest
> feature flags.
>
> Originally-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> ---
> Changes since RFC v2-fix-v1:
> * Changed the title from "tdx: Introduce generic protected_guest
> abstraction" to "x86: Introduce generic protected guest"
> * Removed usage of ARCH_HAS_PROTECTED_GUEST and directly called TDX
> and AMD specific xx_protected_guest_has() variants from
> linux/protected_guest.h.
> * Added support for amd_protected_guest_has() helper function.
> * Removed redundant is_tdx_guest() check in tdx_protected_guest_has()
> function.
> * Fixed commit log to reflect the latest changes.
...
>
> +bool amd_protected_guest_has(unsigned long flag)
> +{
> + switch (flag) {
> + case VM_MEM_ENCRYPT:
> + case VM_MEM_ENCRYPT_ACTIVE:
> + return true;
> + }
> +
> + return false;
> +}
> +EXPORT_SYMBOL_GPL(amd_protected_guest_has);
This certainly doesn't capture all of the situations where true would need
to be returned. For example, SEV, but not SEV-ES, requires that string I/O
be unrolled, etc.
Thanks,
Tom