Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp982940pxb; Fri, 15 Apr 2022 17:22:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzcR5mNa4nucaBBfaN0W6JQJX18wfsTqqCnoEOtn4vi0BXmDD4dEiC7qfx5JclAVGainlbO X-Received: by 2002:a17:90a:8594:b0:1cd:5dc1:396b with SMTP id m20-20020a17090a859400b001cd5dc1396bmr6840124pjn.69.1650068530604; Fri, 15 Apr 2022 17:22:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650068530; cv=none; d=google.com; s=arc-20160816; b=tapJHNMIZH2rujDW5nhIKkh6+nm/e2XDyyG8emrJ/vxq89DdNF+ar5y8JuFI3MixDV 4gxQNfo4jhMe+PEfoJmrbqTXXXsDE6GWGPVq/j755AZbZBn4iopSRq6nTMO5GjB8qWmW 4zXjV3JamvfbtCHKAqANgNF2BB8ZCNRcVC4ZjaewdgRAPqxgX8V5TZ6suuIQXN7PEpAK Xh3tBjQcKwiJXt22Gq1rbRXF2+G3kvEKespraTHC40QlU/NOIQ3tutHLiwVZI+P133am dQK08MzBCXSOwj8e3C9LcfzvC5HN3PAktDwyCtLs42ZGWFVTzHa1b5X9JWy1NJ9a3O0W ow2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-language:content-transfer-encoding :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=tKPtQz+15frjCFqtKqOJi6EaMDFvouH7Zhy6D7XdcRQ=; b=yp+l5VXj4ZvbruI86OkbcIAh+lmkQF5M8P+7ElGUXbCuJsXM+Xg7JuwiUAgLjnAlvd 4kClvZqM7IpLeitwHjkiWyubJ0cwjeozjCDwA8/soISkt8Y7rAXJH8zOP59YCgGQsTY6 xfCJPsZZTauMcCYJy62T53G9Sj9cw2fb9ylqPN5BAGN1xaIHWsurIogSKZ/VvqOeLmFu rIL9H8he66B84Ragoirjf2zO2i80iWRyS1PdOFl4H5ha7Dkrb5PjSQAWXFVKIL2l9qeK XRDB4CPj9BbIVy4Xx2q5I+EOCJn9bAs71vD6jODMeECw2E//vwMyTfScATKdwBrn2iVX It/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iMQhO3Uy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id rm6-20020a17090b3ec600b001bd14e01fcdsi5897411pjb.187.2022.04.15.17.22.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 17:22:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=iMQhO3Uy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BC31CDFDC0; Fri, 15 Apr 2022 17:21:01 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1354949AbiDOPXa (ORCPT + 99 others); Fri, 15 Apr 2022 11:23:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242475AbiDOPX3 (ORCPT ); Fri, 15 Apr 2022 11:23:29 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 827DB5C64F for ; Fri, 15 Apr 2022 08:20:59 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id o16so9840441ljp.3 for ; Fri, 15 Apr 2022 08:20:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=tKPtQz+15frjCFqtKqOJi6EaMDFvouH7Zhy6D7XdcRQ=; b=iMQhO3UyThOnnoJuPW45l59saUXzOpnn2SSyXXhV0SO20SvDU4ozWdMEcvNk1cYhWE JJXUs8s8k7ddksgmfTzy0juYSOz3O2OPfA/xQuaDAUHQhtvtvvioZHE121kzLCXYCEIv w9OBPAWtl/2kxVdgDLFK+taJvIEqzadWKar7xfr1RhPp8OuuaOgsOIkCDBbQIf1tnNzI Okk3WO387jSJMT0Td/g756NWcFrxa+x/6s2PQEwj5758Q0xEaz3xa9LEh1SQwRoS2ucm CP0l4F/nBniNW/TODw0pTAKBtMyWrpUfJVf6RyIIXfI87N7xjLF9okkr/lJTtAiF1w7n VPxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=tKPtQz+15frjCFqtKqOJi6EaMDFvouH7Zhy6D7XdcRQ=; b=0kZ44srqxGLwFSU9gAPovxmzmHRHiiyM19zlAVgrxTyrtwt6zI1yCJRDpIEB/E+TwQ G+f+dzOyU4B1d962zOJbs8GoetclM/SNHHBNWsgkd+zpqdBjyWKab5DbztDyVImrUzuy XvQy2HnRtxb8jaJAX4jthd1U3Lib1Rl8WkJh5f9jZGmA6iBzbf7nGE8a+RL/hFXs1Pzw mpJ0TRKOmr1rTN696jFnDgmeCtaHu8b+j6Y965XYVlGXGn/8oucRi3sCLKEAsDnAdrfi L9ugmL+RXLf0mWh5IHNg7aDn6f3egLJQx7Iy+hcwmQYa+nBwlWv6grPi1G6ulCokvL5E VNvQ== X-Gm-Message-State: AOAM532jS6crZCfRYzQQzQ8mLGcY2MJPdKpYw8GbDbBhPQaHgbx+Svyh S86WaI1fWEj0HJDI4KVO0mg= X-Received: by 2002:a2e:a553:0:b0:24b:2081:2bbf with SMTP id e19-20020a2ea553000000b0024b20812bbfmr4632775ljn.414.1650036057479; Fri, 15 Apr 2022 08:20:57 -0700 (PDT) Received: from [192.168.1.7] ([212.22.223.21]) by smtp.gmail.com with ESMTPSA id p25-20020a056512313900b0046f4f252ebfsm175823lfd.226.2022.04.15.08.20.55 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 15 Apr 2022 08:20:56 -0700 (PDT) Subject: Re: [RFC PATCH 2/6] virtio: add option to restrict memory access under Xen To: "H. Peter Anvin" Cc: xen-devel@lists.xenproject.org, x86@kernel.org, linux-kernel@vger.kernel.org, Juergen Gross , Dave Hansen , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Boris Ostrovsky , Stefano Stabellini , Julien Grall , Oleksandr Tyshchenko , Christoph Hellwig , "Michael S. Tsirkin" , linux-arm-kernel@lists.infradead.org References: <1649963973-22879-1-git-send-email-olekstysh@gmail.com> <1649963973-22879-3-git-send-email-olekstysh@gmail.com> <5A795507-715D-494B-B56B-B12E5BE348A4@zytor.com> From: Oleksandr Message-ID: <6b3ceb42-5848-4a1b-61d7-f37c4a18d725@gmail.com> Date: Fri, 15 Apr 2022 18:20:55 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <5A795507-715D-494B-B56B-B12E5BE348A4@zytor.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 14.04.22 22:43, H. Peter Anvin wrote: Hello Peter > On April 14, 2022 12:19:29 PM PDT, Oleksandr Tyshchenko wrote: >> From: Juergen Gross >> >> In order to support virtio in Xen guests add a config option enabling >> the user to specify whether in all Xen guests virtio should be able to >> access memory via Xen grant mappings only on the host side. >> >> This applies to fully virtualized guests only, as for paravirtualized >> guests this is mandatory. >> >> This requires to switch arch_has_restricted_virtio_memory_access() > >from a pure stub to a real function on x86 systems (Arm systems are >> not covered by now). >> >> Add the needed functionality by providing a special set of DMA ops >> handling the needed grant operations for the I/O pages. >> >> Signed-off-by: Juergen Gross >> --- >> arch/x86/mm/init.c | 15 ++++ >> arch/x86/mm/mem_encrypt.c | 5 -- >> arch/x86/xen/Kconfig | 9 +++ >> drivers/xen/Kconfig | 20 ++++++ >> drivers/xen/Makefile | 1 + >> drivers/xen/xen-virtio.c | 177 ++++++++++++++++++++++++++++++++++++++++++++++ >> include/xen/xen-ops.h | 8 +++ >> 7 files changed, 230 insertions(+), 5 deletions(-) >> create mode 100644 drivers/xen/xen-virtio.c >> >> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c >> index d8cfce2..526a3b2 100644 >> --- a/arch/x86/mm/init.c >> +++ b/arch/x86/mm/init.c >> @@ -8,6 +8,8 @@ >> #include >> #include >> >> +#include >> + >> #include >> #include >> #include >> @@ -1065,3 +1067,16 @@ unsigned long max_swapfile_size(void) >> return pages; >> } >> #endif >> + >> +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS >> +int arch_has_restricted_virtio_memory_access(void) >> +{ >> + if (IS_ENABLED(CONFIG_XEN_PV_VIRTIO) && xen_pv_domain()) >> + return 1; >> + if (IS_ENABLED(CONFIG_XEN_HVM_VIRTIO_GRANT) && xen_hvm_domain()) >> + return 1; >> + >> + return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT); >> +} >> +EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); >> +#endif >> diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c >> index 50d2099..dda020f 100644 >> --- a/arch/x86/mm/mem_encrypt.c >> +++ b/arch/x86/mm/mem_encrypt.c >> @@ -77,8 +77,3 @@ void __init mem_encrypt_init(void) >> print_mem_encrypt_feature_info(); >> } >> >> -int arch_has_restricted_virtio_memory_access(void) >> -{ >> - return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT); >> -} >> -EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); >> diff --git a/arch/x86/xen/Kconfig b/arch/x86/xen/Kconfig >> index 85246dd..dffdffd 100644 >> --- a/arch/x86/xen/Kconfig >> +++ b/arch/x86/xen/Kconfig >> @@ -92,3 +92,12 @@ config XEN_DOM0 >> select X86_X2APIC if XEN_PVH && X86_64 >> help >> Support running as a Xen Dom0 guest. >> + >> +config XEN_PV_VIRTIO >> + bool "Xen virtio support for PV guests" >> + depends on XEN_VIRTIO && XEN_PV >> + default y >> + help >> + Support virtio for running as a paravirtualized guest. This will >> + need support on the backend side (qemu or kernel, depending on the >> + virtio device types used). >> diff --git a/drivers/xen/Kconfig b/drivers/xen/Kconfig >> index 120d32f..fc61f7a 100644 >> --- a/drivers/xen/Kconfig >> +++ b/drivers/xen/Kconfig >> @@ -335,4 +335,24 @@ config XEN_UNPOPULATED_ALLOC >> having to balloon out RAM regions in order to obtain physical memory >> space to create such mappings. >> >> +config XEN_VIRTIO >> + bool "Xen virtio support" >> + default n >> + depends on VIRTIO && DMA_OPS >> + select ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS >> + help >> + Enable virtio support for running as Xen guest. Depending on the >> + guest type this will require special support on the backend side >> + (qemu or kernel, depending on the virtio device types used). >> + >> +config XEN_HVM_VIRTIO_GRANT >> + bool "Require virtio for fully virtualized guests to use grant mappings" >> + depends on XEN_VIRTIO && X86_64 >> + default y >> + help >> + Require virtio for fully virtualized guests to use grant mappings. >> + This will avoid the need to give the backend the right to map all >> + of the guest memory. This will need support on the backend side >> + (qemu or kernel, depending on the virtio device types used). >> + >> endmenu >> diff --git a/drivers/xen/Makefile b/drivers/xen/Makefile >> index 5aae66e..767009c 100644 >> --- a/drivers/xen/Makefile >> +++ b/drivers/xen/Makefile >> @@ -39,3 +39,4 @@ xen-gntalloc-y := gntalloc.o >> xen-privcmd-y := privcmd.o privcmd-buf.o >> obj-$(CONFIG_XEN_FRONT_PGDIR_SHBUF) += xen-front-pgdir-shbuf.o >> obj-$(CONFIG_XEN_UNPOPULATED_ALLOC) += unpopulated-alloc.o >> +obj-$(CONFIG_XEN_VIRTIO) += xen-virtio.o >> diff --git a/drivers/xen/xen-virtio.c b/drivers/xen/xen-virtio.c >> new file mode 100644 >> index 00000000..cfd5eda >> --- /dev/null >> +++ b/drivers/xen/xen-virtio.c >> @@ -0,0 +1,177 @@ >> +// SPDX-License-Identifier: GPL-2.0-only >> +/****************************************************************************** >> + * Xen virtio driver - enables using virtio devices in Xen guests. >> + * >> + * Copyright (c) 2021, Juergen Gross >> + */ >> + >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> +#include >> + >> +#define XEN_GRANT_ADDR_OFF 0x8000000000000000ULL >> + >> +static inline dma_addr_t grant_to_dma(grant_ref_t grant) >> +{ >> + return XEN_GRANT_ADDR_OFF | ((dma_addr_t)grant << PAGE_SHIFT); >> +} >> + >> +static inline grant_ref_t dma_to_grant(dma_addr_t dma) >> +{ >> + return (grant_ref_t)((dma & ~XEN_GRANT_ADDR_OFF) >> PAGE_SHIFT); >> +} >> + >> +/* >> + * DMA ops for Xen virtio frontends. >> + * >> + * Used to act as a kind of software IOMMU for Xen guests by using grants as >> + * DMA addresses. >> + * Such a DMA address is formed by using the grant reference as a frame >> + * number and setting the highest address bit (this bit is for the backend >> + * to be able to distinguish it from e.g. a mmio address). >> + * >> + * Note that for now we hard wire dom0 to be the backend domain. In order to >> + * support any domain as backend we'd need to add a way to communicate the >> + * domid of this backend, e.g. via Xenstore or via the PCI-device's config >> + * space. >> + */ >> +static void *xen_virtio_dma_alloc(struct device *dev, size_t size, >> + dma_addr_t *dma_handle, gfp_t gfp, >> + unsigned long attrs) >> +{ >> + unsigned int n_pages = PFN_UP(size); >> + unsigned int i; >> + unsigned long pfn; >> + grant_ref_t grant; >> + void *ret; >> + >> + ret = (void *)__get_free_pages(gfp, get_order(size)); >> + if (!ret) >> + return NULL; >> + >> + pfn = virt_to_pfn(ret); >> + >> + if (gnttab_alloc_grant_reference_seq(n_pages, &grant)) { >> + free_pages((unsigned long)ret, get_order(size)); >> + return NULL; >> + } >> + >> + for (i = 0; i < n_pages; i++) { >> + gnttab_grant_foreign_access_ref(grant + i, 0, >> + pfn_to_gfn(pfn + i), 0); >> + } >> + >> + *dma_handle = grant_to_dma(grant); >> + >> + return ret; >> +} >> + >> +static void xen_virtio_dma_free(struct device *dev, size_t size, void *vaddr, >> + dma_addr_t dma_handle, unsigned long attrs) >> +{ >> + unsigned int n_pages = PFN_UP(size); >> + unsigned int i; >> + grant_ref_t grant; >> + >> + grant = dma_to_grant(dma_handle); >> + >> + for (i = 0; i < n_pages; i++) >> + gnttab_end_foreign_access_ref(grant + i); >> + >> + gnttab_free_grant_reference_seq(grant, n_pages); >> + >> + free_pages((unsigned long)vaddr, get_order(size)); >> +} >> + >> +static struct page *xen_virtio_dma_alloc_pages(struct device *dev, size_t size, >> + dma_addr_t *dma_handle, >> + enum dma_data_direction dir, >> + gfp_t gfp) >> +{ >> + WARN_ONCE(1, "xen_virtio_dma_alloc_pages size %ld\n", size); >> + return NULL; >> +} >> + >> +static void xen_virtio_dma_free_pages(struct device *dev, size_t size, >> + struct page *vaddr, dma_addr_t dma_handle, >> + enum dma_data_direction dir) >> +{ >> + WARN_ONCE(1, "xen_virtio_dma_free_pages size %ld\n", size); >> +} >> + >> +static dma_addr_t xen_virtio_dma_map_page(struct device *dev, struct page *page, >> + unsigned long offset, size_t size, >> + enum dma_data_direction dir, >> + unsigned long attrs) >> +{ >> + grant_ref_t grant; >> + >> + if (gnttab_alloc_grant_references(1, &grant)) >> + return 0; >> + >> + gnttab_grant_foreign_access_ref(grant, 0, xen_page_to_gfn(page), >> + dir == DMA_TO_DEVICE); >> + >> + return grant_to_dma(grant) + offset; >> +} >> + >> +static void xen_virtio_dma_unmap_page(struct device *dev, dma_addr_t dma_handle, >> + size_t size, enum dma_data_direction dir, >> + unsigned long attrs) >> +{ >> + grant_ref_t grant; >> + >> + grant = dma_to_grant(dma_handle); >> + >> + gnttab_end_foreign_access_ref(grant); >> + >> + gnttab_free_grant_reference(grant); >> +} >> + >> +static int xen_virtio_dma_map_sg(struct device *dev, struct scatterlist *sg, >> + int nents, enum dma_data_direction dir, >> + unsigned long attrs) >> +{ >> + WARN_ONCE(1, "xen_virtio_dma_map_sg nents %d\n", nents); >> + return -EINVAL; >> +} >> + >> +static void xen_virtio_dma_unmap_sg(struct device *dev, struct scatterlist *sg, >> + int nents, enum dma_data_direction dir, >> + unsigned long attrs) >> +{ >> + WARN_ONCE(1, "xen_virtio_dma_unmap_sg nents %d\n", nents); >> +} >> + >> +static int xen_virtio_dma_dma_supported(struct device *dev, u64 mask) >> +{ >> + return 1; >> +} >> + >> +static const struct dma_map_ops xen_virtio_dma_ops = { >> + .alloc = xen_virtio_dma_alloc, >> + .free = xen_virtio_dma_free, >> + .alloc_pages = xen_virtio_dma_alloc_pages, >> + .free_pages = xen_virtio_dma_free_pages, >> + .mmap = dma_common_mmap, >> + .get_sgtable = dma_common_get_sgtable, >> + .map_page = xen_virtio_dma_map_page, >> + .unmap_page = xen_virtio_dma_unmap_page, >> + .map_sg = xen_virtio_dma_map_sg, >> + .unmap_sg = xen_virtio_dma_unmap_sg, >> + .dma_supported = xen_virtio_dma_dma_supported, >> +}; >> + >> +void xen_virtio_setup_dma_ops(struct device *dev) >> +{ >> + dev->dma_ops = &xen_virtio_dma_ops; >> +} >> +EXPORT_SYMBOL_GPL(xen_virtio_setup_dma_ops); >> + >> +MODULE_DESCRIPTION("Xen virtio support driver"); >> +MODULE_AUTHOR("Juergen Gross "); >> +MODULE_LICENSE("GPL"); >> diff --git a/include/xen/xen-ops.h b/include/xen/xen-ops.h >> index a3584a3..ae3c1bc 100644 >> --- a/include/xen/xen-ops.h >> +++ b/include/xen/xen-ops.h >> @@ -221,4 +221,12 @@ static inline void xen_preemptible_hcall_end(void) { } >> >> #endif /* CONFIG_XEN_PV && !CONFIG_PREEMPTION */ >> >> +#ifdef CONFIG_XEN_VIRTIO >> +void xen_virtio_setup_dma_ops(struct device *dev); >> +#else >> +static inline void xen_virtio_setup_dma_ops(struct device *dev) >> +{ >> +} >> +#endif /* CONFIG_XEN_VIRTIO */ >> + >> #endif /* INCLUDE_XEN_OPS_H */ > Can you please encapsulate the Xen part of the test in some Xen-specific file? I assume your question is about changes to common arch/x86/mm/init.c? #ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS int arch_has_restricted_virtio_memory_access(void) {     if (IS_ENABLED(CONFIG_XEN_PV_VIRTIO) && xen_pv_domain())         return 1;     if (IS_ENABLED(CONFIG_XEN_HVM_VIRTIO_GRANT) && xen_hvm_domain())         return 1;     return cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT); } EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); If we are speaking about the whole function, then I am not sure, unfortunately. I think, if this was a purely Xen specific function (which was used by Xen guests only) I would move it somewhere to arch/x86/xen/...   (probably to arch/x86/xen/enlighten.c). As I understand (please bear in mind I am not too familiar with x86 code), so far this function was only used by SEV guests, but with current changes it is going to be used by both Xen and SEV guests, so it should be available even if Xen support is compiled out. Could you please suggest a better place to keep this stuff? If we are speaking about only Xen specific bits in that function, then definitely yes, for example, in this way: 1. arch/x86/mm/init.c or other common (non-Xen specific) location: #ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS int arch_has_restricted_virtio_memory_access(void) {     return (xen_has_restricted_virtio_memory_access() ||             cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)); } EXPORT_SYMBOL_GPL(arch_has_restricted_virtio_memory_access); #endif 2.  include/xen/xen.h or other Xen specific location: static inline int xen_has_restricted_virtio_memory_access(void) {     if (IS_ENABLED(CONFIG_XEN_PV_VIRTIO) && xen_pv_domain())         return 1;     if (IS_ENABLED(CONFIG_XEN_HVM_VIRTIO_GRANT) && xen_hvm_domain())         return 1;     return 0; } Or I misunderstood your question? -- Regards, Oleksandr Tyshchenko