Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
From: Borislav Petkov
Date: Fri Feb 10 2023 - 14:36:59 EST
On Fri, Feb 10, 2023 at 07:15:41PM +0000, Michael Kelley (LINUX) wrote:
> FWIW, I don't think the list of devices to be accessed encrypted is likely
> to grow significantly. Is one or two more possible? Perhaps. Does it
> become a list of ten? I doubt it.
What happens if the next silly HV guest scheme comes along and they do
need more and different ones?
Do I say, but but, Michael said that he doubted at the time that that
list would grow... ;-\
And then all our paths are sprinkled with
if (cc_platform_has())
and we can't change sh*t anymore out of fear that some weird guest type
will break.
> One approach is to go with the individual device attributes for now.
> If the list does grow significantly, there will probably be patterns
> or groupings that we can't discern now. We could restructure into
> larger buckets at that point based on those patterns/groupings.
There's a reason the word "platform" is in cc_platform_has(). Initially
we wanted to distinguish attributes of the different platforms. So even
if y'all don't like CC_ATTR_PARAVISOR, that is what distinguishes this
platform and it *is* one platform.
So call it CC_ATTR_SEV_VTOM as it uses that technology or whatever. But
call it like the platform, not to mean "I need this functionality".
And yes, we could do the regroupings later because, yeah, those things
are not exposed to userspace so it's not like they're cast in stone but
I fear that we will do regroupings and we will break guests.
Now if you had CC_ATTR_<PLATFORM_TYPE> then you break (or not) only that
platform.
Oh, and then there's the thing that this is kernel proper - that code
still runs on real hardware, for now, and is not only guests. And not
everything is a damn cloud.
So I don't want a zoo here and we'd have to agree to distinguish by
platform and not by different functionality required.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette