Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2825049pxj; Mon, 31 May 2021 11:47:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzE5WxFFkqmr4bpgUKBwguxP3Uz43nCFx63Lf0o1fmcf8gloucPkKu21csRtyuKUDihkfwB X-Received: by 2002:a50:c94a:: with SMTP id p10mr26878046edh.115.1622486839445; Mon, 31 May 2021 11:47:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622486839; cv=none; d=google.com; s=arc-20160816; b=qbSmnAkZSnzjvaxnyoD7tdHLYtzQxI/PrmoFbyYLveyHC+vJxG3bvcRHBFbK7OMPOT zxmDLqIy4quO8j/BJjdswhb97y5fGaSJc4ExTsDd03GD0SJQ5Chr+Ki9OIK7DRwOIyF7 9UKwnuj4TFywyIdMJrhkDZAmzXrkyielfj8B+yJJkgtb9cdSKLyjAXkKHDK3SjK6SMMu R0/QgTanXqr+QWPfXtb9vszyxeWPP7bUqqVOplpm1exKuRTCYN9JnC2+kTRq+Nw6CS+c M9QYt2oLtRlvXyJM8gEJ9PEgdd6LbP6rYqOC0E5q/W44jhrtY3DCy4aQMrHQWhKnra7d wfuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=pYqev5w5uNxO4H0u7Hfofi6+aPjGStA3MCFMWC39xCg=; b=ytjj8U5hofOLfLEy9YRL8dNVsBdjSBqA9vgoa41u2RjVaN4kMbwhbuM6csffF+PGxv 6SsfL5lBObkyi/nZhHpE+E6C3AepaERrFs1rzGjLncwWUd7crXMqfWVpeo5P1WYRpUOy FbZR7ptWz1gSA3yTx+27LtYTLibj8tjIL38d8Ca8nkJWiNByMC5OxIED8Jt5JP6cy1qM RF/m0MhDKTGq+xnO3cfLYUPpeEglySZbk53+XITZr6NVN+KbRP5N+cHE3q6zrNBcSbB6 e7JPVOaeI82u+oSjpvWiVuuvnEGrkAD8qJKydyNWCxr9Bkb0SFn2HpoySV/QIqjl4Dmv kO1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s25si12778940eju.101.2021.05.31.11.46.56; Mon, 31 May 2021 11:47:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231409AbhEaSrf (ORCPT + 99 others); Mon, 31 May 2021 14:47:35 -0400 Received: from mga18.intel.com ([134.134.136.126]:34493 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230289AbhEaSrZ (ORCPT ); Mon, 31 May 2021 14:47:25 -0400 IronPort-SDR: Ok0YDylm7h1mxN2s6cvVxdVELk3quZOnKrJ1p7jKXD311HMu5hIPLqusRL+TEu1btIX1rGF71B 5q02xm1eSXZg== X-IronPort-AV: E=McAfee;i="6200,9189,10001"; a="190763030" X-IronPort-AV: E=Sophos;i="5.83,238,1616482800"; d="scan'208";a="190763030" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2021 11:45:42 -0700 IronPort-SDR: fnFuQmT91kZAG44h98dzGgalB8CuzVfMS9sa3zqNAPh03psxpvr9Ux6GCASDj/UX5ac8W0Ab5q XSt/9ToNubfA== X-IronPort-AV: E=Sophos;i="5.83,238,1616482800"; d="scan'208";a="616602078" Received: from unknown (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.251.152.221]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2021 11:45:41 -0700 Subject: Re: [RFC v2 28/32] x86/tdx: Make pages shared in ioremap() To: Borislav Petkov Cc: Tom Lendacky , Sean Christopherson , Dave Hansen , Andi Kleen , Peter Zijlstra , Andy Lutomirski , Dan Williams , Tony Luck , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Raj Ashok , linux-kernel@vger.kernel.org, Brijesh Singh References: <0e233779-9c10-11df-b527-ef61e003ea35@linux.intel.com> <86b4d995-9619-81fa-5ef4-86f48ab01e96@amd.com> <96a63ddf-98f9-7095-f7bb-100bf56a4d10@linux.intel.com> From: "Kuppuswamy, Sathyanarayanan" Message-ID: <280669ec-d43a-83af-55ba-ad03411538b5@linux.intel.com> Date: Mon, 31 May 2021 11:45:38 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 5/31/21 10:55 AM, Borislav Petkov wrote: > On Mon, May 31, 2021 at 10:32:44AM -0700, Kuppuswamy, Sathyanarayanan wrote: >> I think above requirement is satisfied in following implementation. > > Well, I suggested a single protected_guest_has() function which does: > > if (AMD) > amd_protected_guest_has(...) > else if (Intel) > intel_protected_guest_has(...) > else > WARN() > > where amd_protected_guest_has() is implemented in arch/x86/kernel/sev.c > and intel_protected_guest_has() is implemented in, as far as I can > follow your paths in the diff, in arch/x86/kernel/tdx.c. > > No is_protected_guest() is_protected_guest() is a helper function added to check for VM guest type (protected or normal). Andi is going to add some security hardening code in virto and other some other generic drivers. He wants a helper function to selective enable them for all protected guests. Since these are generic drivers we need generic (non arch specific) helper call. is_protected_guest() is proposed for this purpose. We can also use protected_guest_has(VM_VIRTIO_SECURE_FIX) or something similar for this purpose. Andi, any comments? > and no ARCH_HAS_PROTECTED_GUEST. IMHO, its better to use above generic config option in common header file (linux/protected_guest.h). Any architecture that implements protected guest feature can enable it. This will help is hide arch specific config options in arch specific header file. This seems to be a cleaner solution than including ARCH specific CONFIG option options in common header file (linux/protected_guest.h) #ifdef CONFIG_ARCH_HAS_PROTECTED_GUEST #include #else blah #endif is better than #ifdef (AMD) amd_call() #endif #ifdef (INTEL) intel_call() #endif #ifdef (ARM) arm_call() #endif > > Just the above controlled by CONFIG_INTEL_TDX_GUEST or whatever > the TDX config item is gonna end up being and on the AMD side by > CONFIG_AMD_MEM_ENCRYPT. > > Thx. > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer