Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp609176rdb; Tue, 5 Dec 2023 14:43:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IGva7T4E7BEjknYocEwiAEWDYJYRObRCcznhPanzizPm4vjo38FVvmP4lemxS6J2QmsP0Xv X-Received: by 2002:a05:6871:758c:b0:1fa:eee5:ce67 with SMTP id nz12-20020a056871758c00b001faeee5ce67mr8123371oac.24.1701816219706; Tue, 05 Dec 2023 14:43:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701816219; cv=none; d=google.com; s=arc-20160816; b=ogChEJa39Vn7vgujQ0v9U9wSOgKw366KJtLywuIYicaWPa5+BfhWb9kzikkhMm7D8Q CDBuMJwU/445afG3X2snRWzpPXOpfC2p6szd0NRxd3/Cghyc37JTnUJQIX8msbZSKAP9 if+jYRC6sxXFivEnhhSDzrJzgkkDC0WpDFhIe65e3bTiP4inmetL/mhAFGGlvIJ/r5Ly kwPJhVMMq/OIiMyxIg21R/i3ERwH2IreVXkHOxEqnde3OMgTpdpN3sKjz4xEU7r5TIBM 1obGRpAYAOAZTbWvmZf1s/m62n4eCvRzU/ULFj36H1OnFgEcP87s+vAe5c0jBh1tH/0Z pC5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=s5PDjvnXiofAm+LfrZr5GVjzdYbiyiT62E/CMkJfzm4=; fh=YtLbtjQ/daWd3VQ3cSPMh5DHEF3cQOFBZxfPIebuEPY=; b=PVWX6zcpdhagsZ9mn1NaRQFZHlE7wOKt+6ltAhLue6h9+yIg2MBOLWRwM/tS1z7I1A JNx5F6GUoEvBAgoqAbZv56SrSvekod/D8azy/3rI1oAQfAj/RYzXaxZrvd0jy2nKSJ9y sw4i9K1VIAHVcyDLS+/6egfyEu/9Q+UdZ+b6GtVrWfLoxOtSovmBc3dcmzkWHlt3DGwe aGb8I6KGK5VSEuN7evr/ox+KFBucweMvNBN5Z+5XSxK1y7UdS81lFD5JgJfobmHzzBN6 xS3HYcGONtHp+xyJNhYOKCsDM0ef3YOrDZQPiwWJ8008GmZIAUoyWfucB41DRohMZWuP mnJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=QfZxWlKs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1]) by mx.google.com with ESMTPS id by9-20020a056a02058900b005c6818b5a24si4856073pgb.245.2023.12.05.14.43.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 05 Dec 2023 14:43:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=QfZxWlKs; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by morse.vger.email (Postfix) with ESMTP id 5EC2782072CA; Tue, 5 Dec 2023 14:43:37 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346519AbjLEWnX (ORCPT + 99 others); Tue, 5 Dec 2023 17:43:23 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346259AbjLEWnW (ORCPT ); Tue, 5 Dec 2023 17:43:22 -0500 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FDCE1A2 for ; Tue, 5 Dec 2023 14:43:28 -0800 (PST) Received: by mail-pg1-x52d.google.com with SMTP id 41be03b00d2f7-5ab94fc098cso2471049a12.1 for ; Tue, 05 Dec 2023 14:43:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; t=1701816208; x=1702421008; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=s5PDjvnXiofAm+LfrZr5GVjzdYbiyiT62E/CMkJfzm4=; b=QfZxWlKsHMlPcqy9Kt+NlA82ZbgqK7VVPUBj50xMjomFqi0DrN66LhIjiZCaiQnCmc wxlKmRlSImP4+A1h+jCW63Baq6M3r5zGaiNsVQaNY2PokzeDJGVImg1pDxQToXNv7O2x FCDL1Hdqs/fxziQB78yMWtxDAKvGOA092rBMM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701816208; x=1702421008; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=s5PDjvnXiofAm+LfrZr5GVjzdYbiyiT62E/CMkJfzm4=; b=I/UJ6yQ5OLNMSnbf4CwXklqy3SlIJOcvo5vc+/q08V7rZN/OdQBCTt985Usizu6+yc Et9Mk9l47b91+ElI8hbuyGRW8l3bQA9WRo9NszAX73EwItzWhZapVjGDxCbflToRVv5B byM5hapsRbCtUoeCSV0puKWX3P6auyP4iDgM4mbKwwY7XfUQQPNr0Zrey88iwOhX5iSr wbTYuXoJqVqhBfjMToy4RZ2TvYf8guwtLnKZFEtp6YckxJENIBvUzYujf9/FhMFxbXsK JsdEUBZ3b7+VdOzcF7l9gTML/qOAniJ25IFldGhcX0z161PLMoD89NvCAo3N+h7qEOrU Un8Q== X-Gm-Message-State: AOJu0YxwC0qoxnaCy6LItGf1PqjAdgWji9JgAjZNrk+okZhndbU6wgPy rxD4/k4rPBQqHpf9jOvTsqInBX+MxX6WUbWjx+BsYbPT8WGnnMj4fBeE1h4IHVX/0x9PM8wpV0q oGTeL5XBfnwMMnvYQhKAFjJ8uongOg5o= X-Received: by 2002:a05:6a20:1608:b0:18c:b6:ab4f with SMTP id l8-20020a056a20160800b0018c00b6ab4fmr4318468pzj.48.1701816207958; Tue, 05 Dec 2023 14:43:27 -0800 (PST) MIME-Version: 1.0 References: <20231122233058.185601-8-amakhalov@vmware.com> <20231201232452.220355-1-amakhalov@vmware.com> <20231201232452.220355-7-amakhalov@vmware.com> <20231204103100.GYZW2qZE9tbGMtuVgY@fat_crate.local> <204f743d-2901-4ad2-bbcc-a7857a8644e7@broadcom.com> In-Reply-To: <204f743d-2901-4ad2-bbcc-a7857a8644e7@broadcom.com> From: Tim Merrifield Date: Tue, 5 Dec 2023 16:43:16 -0600 Message-ID: Subject: Re: [PATCH v2 6/6] x86/vmware: Add TDX hypercall support To: Alexey Makhalov Cc: Dave Hansen , Borislav Petkov , Alexey Makhalov , linux-kernel@vger.kernel.org, virtualization@lists.linux.dev, hpa@zytor.com, dave.hansen@linux.intel.co, mingo@redhat.com, tglx@linutronix.de, x86@kernel.org, netdev@vger.kernel.org, richardcochran@gmail.com, linux-input@vger.kernel.org, dmitry.torokhov@gmail.com, zackr@vmware.com, linux-graphics-maintainer@vmware.com, pv-drivers@vmware.com, namit@vmware.com, timothym@vmware.com, akaher@vmware.com, jsipek@vmware.com, dri-devel@lists.freedesktop.org, daniel@ffwll.ch, airlied@gmail.com, tzimmermann@suse.de, mripard@kernel.org, maarten.lankhorst@linux.intel.com, horms@kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Tue, 05 Dec 2023 14:43:37 -0800 (PST) Hi Dave and Alexey, Regarding VMware-specific checks, it may be beneficial to add some additional checks such as ensuring that the hypervisor vendor is VMware, r12=3D=3DVMWARE_HYPERVISOR_MAGIC, r10=3D=3DVMWARE_TDX_VENDOR_LEAF, r11=3D=3DVMWARE_TDX_HCALL_FUNC and r13 (co= mmand) is restricted to those few commands we expect to be invoked from the kernel or drivers by VMware-specific code. If we add these checks, would folks be OK with exporting this function? On Tue, Dec 5, 2023 at 3:41=E2=80=AFPM Alexey Makhalov wrote: > > > > On 12/5/23 1:24 PM, Dave Hansen wrote: > > On 12/4/23 02:31, Borislav Petkov wrote: > >> On Fri, Dec 01, 2023 at 03:24:52PM -0800, Alexey Makhalov wrote: > >>> +#ifdef CONFIG_INTEL_TDX_GUEST > >>> +/* __tdx_hypercall() is not exported. So, export the wrapper */ > >>> +void vmware_tdx_hypercall_args(struct tdx_module_args *args) > >>> +{ > >>> + __tdx_hypercall(args); > >>> +} > >>> +EXPORT_SYMBOL_GPL(vmware_tdx_hypercall_args); > >> Uuuh, lovely. I'd like to see what the TDX folks think about this > >> export first. > > > > I don't really like it much. This does a generic thing (make a TDX > > hypercall) with a specific name ("vmware_"). If you want to make an > > argument that a certain chunk of the __tdx_hypercall() space is just fo= r > > VMWare and you also add a VMWare-specific check and then export *that*, > > it might be acceptable. > > > > But I don't want random modules able to make random, unrestricted TDX > > hypercalls. That's asking for trouble. > > Considering exporting of __tdx_hypercall for random modules is not an > option, what VMware specific checks you are suggesting? > > -- > This electronic communication and the information and any files transmitt= ed > with it, or attached to it, are confidential and are intended solely for > the use of the individual or entity to whom it is addressed and may conta= in > information that is confidential, legally privileged, protected by privac= y > laws, or otherwise restricted from disclosure to anyone else. If you are > not the intended recipient or the person responsible for delivering the > e-mail to the intended recipient, you are hereby notified that any use, > copying, distributing, dissemination, forwarding, printing, or copying of > this e-mail is strictly prohibited. If you received this e-mail in error, > please return the e-mail to the sender, delete it from your computer, and > destroy any printed copy of it. --=20 This electronic communication and the information and any files transmitted= =20 with it, or attached to it, are confidential and are intended solely for=20 the use of the individual or entity to whom it is addressed and may contain= =20 information that is confidential, legally privileged, protected by privacy= =20 laws, or otherwise restricted from disclosure to anyone else. If you are=20 not the intended recipient or the person responsible for delivering the=20 e-mail to the intended recipient, you are hereby notified that any use,=20 copying, distributing, dissemination, forwarding, printing, or copying of= =20 this e-mail is strictly prohibited. If you received this e-mail in error,= =20 please return the e-mail to the sender, delete it from your computer, and= =20 destroy any printed copy of it.