Re: [PATCH v5 06/14] x86/ioremap: Support hypervisor specified range to map as encrypted
From: Borislav Petkov
Date: Thu Mar 09 2023 - 07:00:11 EST
First of all,
thanks for proactively pointing that out instead of simply using what's
there and we get to find out later, only by chance.
Much appreciated. :-)
On Thu, Mar 09, 2023 at 11:12:10AM +0000, David Woodhouse wrote:
> > Right, I think we're ok with the following basic rules:
> >
> > - pure arch/x86/ code should use the x86_platform function pointers to
> > query hypervisor capabilities/peculiarities
> >
> > - cc_platform_has() should be used in generic/driver code as it
> > abstracts away the underlying platform better. IOW, querying
> > x86_platform.... in generic, platform-agnostic driver code looks weird to
> > say the least
> >
> > The hope is that those two should be enough to support most guest types
> > and not let the zoo get too much out of hand...
> >
> > Thx.
>
> In
> https://lore.kernel.org/all/20230308171328.1562857-13-usama.arif@xxxxxxxxxxxxx/
> I added an sev_es_active() helper for x86 code.
>
> Is that consistent with the vision here, or should I do something different?
So looking at sev_es_init_vc_handling() where we set that key, I'm
*thinking* that key can be removed now and the code should check
cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)
instead.
Because if some of the checks in that function below fail, the guest
will terminate anyway.
Jörg, Tom?
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette