| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <82f9e5a9-682a-70be-e5ea-938bb742265f@linux.intel.com>
Date: Mon, 7 Jun 2021 11:01:05 -0700
From: "Kuppuswamy, Sathyanarayanan"
<sathyanarayanan.kuppuswamy@...ux.intel.com>
To: Borislav Petkov <bp@...en8.de>
Cc: Peter Zijlstra <peterz@...radead.org>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...el.com>,
Tony Luck <tony.luck@...el.com>,
Andi Kleen <ak@...ux.intel.com>,
Kirill Shutemov <kirill.shutemov@...ux.intel.com>,
Kuppuswamy Sathyanarayanan <knsathya@...nel.org>,
Dan Williams <dan.j.williams@...el.com>,
Raj Ashok <ashok.raj@...el.com>,
Sean Christopherson <seanjc@...gle.com>,
linux-kernel@...r.kernel.org,
Tom Lendacky <thomas.lendacky@....com>
Subject: Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest
abstraction
On 6/3/21 11:14 AM, Borislav Petkov wrote:
> On Tue, Jun 01, 2021 at 02:14:17PM -0700, Kuppuswamy Sathyanarayanan wrote:
snip
> diff --git a/include/linux/protected_guest.h b/include/linux/protected_guest.h
> index 6855d5b3e244..bb4b1a06b21f 100644
> --- a/include/linux/protected_guest.h
> +++ b/include/linux/protected_guest.h
> @@ -2,7 +2,9 @@
> #ifndef _LINUX_PROTECTED_GUEST_H
> #define _LINUX_PROTECTED_GUEST_H 1
>
> -#include <linux/mem_encrypt.h>
> +#include <asm/processor.h>
> +#include <asm/tdx.h>
> +#include <asm/sev.h>
>
> /* Protected Guest Feature Flags (leave 0-0xff for arch specific flags) */
>
> @@ -20,23 +22,18 @@
> #define VM_DISABLE_UNCORE_SUPPORT 0x105
>
> #if defined(CONFIG_INTEL_TDX_GUEST) || defined(CONFIG_AMD_MEM_ENCRYPT)
> -
> -#include <asm/tdx.h>
> -
Why move this header outside CONFIG_INTEL_TDX_GUEST or CONFIG_AMD_MEM_ENCRYPT ifdef?
This header only exists in x86 arch code. So it is better to protect it with x86
specific header file.
> static inline bool protected_guest_has(unsigned long flag)
> {
> if (is_tdx_guest())
> return tdx_protected_guest_has(flag);
> - else if (mem_encrypt_active())
> - return amd_protected_guest_has(flag);
> + else if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
> + return sev_protected_guest_has(flag);
>
> return false;
> }
>
> #else
> -
> static inline bool protected_guest_has(unsigned long flag) { return false; }
> -
> #endif
>
> -#endif
> +#endif /* _LINUX_PROTECTED_GUEST_H */
>
>
--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Powered by blists - more mailing lists