On Wed, Nov 16, 2022 at 10:41:25AM -0800, Michael Kelley wrote:
> Current code always maps the IOAPIC as shared (decrypted) in a
> confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM
> enabled use a paravisor running in VMPL0 to emulate the IOAPIC.
"IO-APIC" I guess, in all your text.
> In such a case, the IOAPIC must be accessed as private (encrypted).
So the condition for the IO-APIC is pretty specific but the naming
CC_ATTR_EMULATED_IOAPIC too generic. Other HVs emulate IO-APICs too,
right?
If you have to be precise, the proper check should be (pseudo code):
if (cc_vendor(HYPERV) &&
SNP enabled &&
SNP features has vTOM &&
paravisor in use)
so I guess you're probably better off calling it
CC_ATTR_ACCESS_IOAPIC_ENCRYPTED
which then gets set on exactly those guests and nothing else.
I'd say.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
