On 12/5/23 13:41, Alexey Makhalov wrote:
>> I don't really like it much. This does a generic thing (make a TDX
>> hypercall) with a specific name ("vmware_"). If you want to make an
>> argument that a certain chunk of the __tdx_hypercall() space is just for
>> VMWare and you also add a VMWare-specific check and then export *that*,
>> it might be acceptable.
>>
>> But I don't want random modules able to make random, unrestricted TDX
>> hypercalls. That's asking for trouble.
>
> Considering exporting of __tdx_hypercall for random modules is not an
> option, what VMware specific checks you are suggesting?
Make sure it can only be called running on VMWare guests. A check for
X86_HYPER_VMWARE seems simple enough.
Second, unless the space is *HUGE*, you want to be exporting things like
__vmware_platform() or vmware_legacy_x2apic_available(), *NOT* the
underlying hypercall functions.
We want to make sure that the interfaces are well defined and bounded.
