Re: [PATCHv3 02/32] x86/coco: Add API to handle encryption mask

[Borislav Petkov]

On Tue, Feb 22, 2022 at 02:18:31AM +0300, Kirill A. Shutemov wrote:
> On Mon, Feb 21, 2022 at 11:56:00PM +0100, Borislav Petkov wrote:
> > On Tue, Feb 22, 2022 at 01:21:49AM +0300, Kirill A. Shutemov wrote:
> > > Well, it actually going to be
> > > 
> > >  	cpa.mask_set = enc ? cc_mkenc(__pgprot(0)) : cc_mkdec(__pgprot(0));
> > >  	cpa.mask_clr = enc ? cc_mkdec(__pgprot(0)) : cc_mkenc(__pgprot(0));
> > > 
> > > as '0' is not a valid pgprot_t.
> > > 
> > > Still wonna go this path?
> > 
> > Why "still"? What's wrong with that?
> 
> IMO, it makes these statement substantially uglier.

As opposed to what you had:

+	cpa.mask_set = __pgprot(cc_get_mask(enc));
+	cpa.mask_clr = __pgprot(cc_get_mask(!enc));

?

Sorry, but cc_get_mask() - first, the name is very misleading - and then
a function argument saying what mask to return is more confusing.

The fact that each vendor chose alternating representations of what an
encrypted page means needs to be abstracted away - the API should not
ask the user of the function what mask she wants. Your functions need
to return an encrypted mask or a decripted mask, not "hey, what kind of
mask do you want".

If you want to make it even simpler, you can hide the pgprot creation
inside the function even - I'm looking at how pgprot_nx() is defined:

	cpa.mask_set = enc ? pgprot_enc(0) : pgprot_dec(0);
	cpa.mask_clr = enc ? pgprot_dec(0) : pgprot_enc(0);

Or, if you think this is still not readable enough, you carve it out
into a separate function:

	cpa_set_masks(struct cpa_data *cpa, bool enc);

and go to town there, do comments, do pgprot conversion per-hand,
whatever.

*BUT* it all depends on what your full requirements for those functions
are for how these masks are going to be used throughout the tree. So I'm
guessing a usage analysis will give you the proper design.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette