On 12/4/23 02:31, Borislav Petkov wrote:
> On Fri, Dec 01, 2023 at 03:24:52PM -0800, Alexey Makhalov wrote:
>> +#ifdef CONFIG_INTEL_TDX_GUEST
>> +/* __tdx_hypercall() is not exported. So, export the wrapper */
>> +void vmware_tdx_hypercall_args(struct tdx_module_args *args)
>> +{
>> + __tdx_hypercall(args);
>> +}
>> +EXPORT_SYMBOL_GPL(vmware_tdx_hypercall_args);
> Uuuh, lovely. I'd like to see what the TDX folks think about this
> export first.
I don't really like it much. This does a generic thing (make a TDX
hypercall) with a specific name ("vmware_"). If you want to make an
argument that a certain chunk of the __tdx_hypercall() space is just for
VMWare and you also add a VMWare-specific check and then export *that*,
it might be acceptable.
But I don't want random modules able to make random, unrestricted TDX
hypercalls. That's asking for trouble.
