| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 08 Jul 2022 13:34:20 +1200
From: Kai Huang <kai.huang@...el.com>
To: isaku.yamahata@...el.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Cc: isaku.yamahata@...il.com, Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH v7 101/102] Documentation/virtual/kvm: Document on Trust
Domain Extensions(TDX)
> +
> +- Wrapping kvm x86_ops: The current choice
> + Introduce dedicated file for arch/x86/kvm/vmx/main.c (the name,
> + main.c, is just chosen to show main entry points for callbacks.) and
> + wrapper functions around all the callbacks with
> + "if (is-tdx) tdx-callback() else vmx-callback()".
> +
> + Pros:
> + - No major change in common x86 KVM code. The change is (mostly)
> + contained under arch/x86/kvm/vmx/.
> + - When TDX is disabled(CONFIG_INTEL_TDX_HOST=n), the overhead is
> + optimized out.
> + - Micro optimization by avoiding function pointer.
> + Cons:
> + - Many boiler plates in arch/x86/kvm/vmx/main.c.
> +
> +Alternative:
> +- Introduce another callback layer under arch/x86/kvm/vmx.
> + Pros:
> + - No major change in common x86 KVM code. The change is (mostly)
> + contained under arch/x86/kvm/vmx/.
> + - clear separation on callbacks.
> + Cons:
> + - overhead in VMX even when TDX is disabled(CONFIG_INTEL_TDX_HOST=n).
> +
Why putting "Alternative" in the documentation? You may put it to the cover
letter so people can judge whether the design is reasonable, but it should not
be in the documentation.
--
Thanks,
-Kai
Powered by blists - more mailing lists