On 12/5/23 23:15, Alexey Makhalov wrote:
+#ifdef CONFIG_INTEL_TDX_GUEST
+/* Export tdx hypercall and allow it only for VMware guests. */
+void vmware_tdx_hypercall_args(struct tdx_module_args *args)
+{
+ if (hypervisor_is_type(X86_HYPER_VMWARE))
+ __tdx_hypercall(args);
+}
+EXPORT_SYMBOL_GPL(vmware_tdx_hypercall_args);
+#endif
I think this is still too generic. This still allows anything setting
X86_HYPER_VMWARE to make any TDX hypercall.
I'd *much* rather you export something like vmware_tdx_hypercall() or
even the high-level calls like hypervisor_ppn_reset_all(). The higher
level and more specialized the interface, the less likely it is to be
abused.