On 8/19/21 4:52 AM, Christoph Hellwig wrote: > On Fri, Aug 13, 2021 at 11:59:22AM -0500, Tom Lendacky wrote: >> While the name suggests this is intended mainly for guests, it will >> also be used for host memory encryption checks in place of sme_active(). > > Which suggest that the name is not good to start with. Maybe protected > hardware, system or platform might be a better choice? > >> +static inline bool prot_guest_has(unsigned int attr) >> +{ >> +#ifdef CONFIG_AMD_MEM_ENCRYPT >> + if (sme_me_mask) >> + return amd_prot_guest_has(attr); >> +#endif >> + >> + return false; >> +} > > Shouldn't this be entirely out of line? I did it as inline originally because the presence of the function will be decided based on the ARCH_HAS_PROTECTED_GUEST config. For now, that is only selected by the AMD memory encryption support, so if I went out of line I could put in mem_encrypt.c. But with TDX wanting to also use it, it would have to be in an always built file with some #ifdefs or in its own file that is conditionally built based on the ARCH_HAS_PROTECTED_GUEST setting (they've already tried building with ARCH_HAS_PROTECTED_GUEST=y and AMD_MEM_ENCRYPT not set). To take it out of line, I'm leaning towards the latter, creating a new file that is built based on the ARCH_HAS_PROTECTED_GUEST setting. > >> +/* 0x800 - 0x8ff reserved for AMD */ >> +#define PATTR_SME 0x800 >> +#define PATTR_SEV 0x801 >> +#define PATTR_SEV_ES 0x802 > > Why do we need reservations for a purely in-kernel namespace? > > And why are you overoading a brand new generic API with weird details > of a specific implementation like this? There was some talk about this on the mailing list where TDX and SEV may need to be differentiated, so we wanted to reserve a range of values per technology. I guess I can remove them until they are actually needed. Thanks, Tom >