On 12/5/23 23:15, Alexey Makhalov wrote:
> +#ifdef CONFIG_INTEL_TDX_GUEST
> +/* Export tdx hypercall and allow it only for VMware guests. */
> +void vmware_tdx_hypercall_args(struct tdx_module_args *args)
> +{
> + if (hypervisor_is_type(X86_HYPER_VMWARE))
> + __tdx_hypercall(args);
> +}
> +EXPORT_SYMBOL_GPL(vmware_tdx_hypercall_args);
> +#endif
I think this is still too generic. This still allows anything setting
X86_HYPER_VMWARE to make any TDX hypercall.
I'd *much* rather you export something like vmware_tdx_hypercall() or
even the high-level calls like hypervisor_ppn_reset_all(). The higher
level and more specialized the interface, the less likely it is to be
abused.
