RE: [Patch v3 02/14] x86/ioapic: Gate decrypted mapping on cc_platform_has() attribute

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Borislav Petkov <bp@xxxxxxxxx> Sent: Monday, November 21, 2022 5:51 AM
> 
> On Wed, Nov 16, 2022 at 10:41:25AM -0800, Michael Kelley wrote:
> > Current code always maps the IOAPIC as shared (decrypted) in a
> > confidential VM. But Hyper-V guest VMs on AMD SEV-SNP with vTOM
> > enabled use a paravisor running in VMPL0 to emulate the IOAPIC.
> 
> "IO-APIC" I guess, in all your text.
> 
> > In such a case, the IOAPIC must be accessed as private (encrypted).
> 
> So the condition for the IO-APIC is pretty specific but the naming
> CC_ATTR_EMULATED_IOAPIC too generic. Other HVs emulate IO-APICs too,
> right?
> 
> If you have to be precise, the proper check should be (pseudo code):
> 
>  if (cc_vendor(HYPERV) &&
>      SNP enabled &&
>      SNP features has vTOM &&
>      paravisor in use)
> 
> so I guess you're probably better off calling it
> 
>   CC_ATTR_ACCESS_IOAPIC_ENCRYPTED
> 
> which then gets set on exactly those guests and nothing else.
> 
> I'd say.
> 

I'm OK with naming it very narrowly.  When/if there's a more general
case later, we can generalize to whatever degree is appropriate.

Michael




[Index of Archives]     [DMA Engine]     [Linux Coverity]     [Linux USB]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Greybus]

  Powered by Linux