Re: [RFC v2-fix-v2 1/1] x86: Introduce generic protected guest abstraction

[Tom Lendacky]

On 6/1/21 4:14 PM, Kuppuswamy Sathyanarayanan wrote:
> Add a generic way to check if we run with an encrypted guest,
> without requiring x86 specific ifdefs. This can then be used in
> non architecture specific code. 
> 
> protected_guest_has() is used to check for protected guest
> feature flags.
> 
> Originally-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
> ---
> Changes since RFC v2-fix-v1:
>  * Changed the title from "tdx: Introduce generic protected_guest
>    abstraction" to "x86: Introduce generic protected guest"
>  * Removed usage of ARCH_HAS_PROTECTED_GUEST and directly called TDX
>    and AMD specific xx_protected_guest_has() variants from
>    linux/protected_guest.h.
>  * Added support for amd_protected_guest_has() helper function.
>  * Removed redundant is_tdx_guest() check in tdx_protected_guest_has()
>    function.
>  * Fixed commit log to reflect the latest changes.

...

>  
> +bool amd_protected_guest_has(unsigned long flag)
> +{
> +	switch (flag) {
> +	case VM_MEM_ENCRYPT:
> +	case VM_MEM_ENCRYPT_ACTIVE:
> +		return true;
> +	}
> +
> +	return false;
> +}
> +EXPORT_SYMBOL_GPL(amd_protected_guest_has);

This certainly doesn't capture all of the situations where true would need
to be returned. For example, SEV, but not SEV-ES, requires that string I/O
be unrolled, etc.

Thanks,
Tom