[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH V1 3/6] xen/virtio: Add option to restrict memory access under Xen
On 25.04.22 23:25, Borislav Petkov wrote: On Mon, Apr 25, 2022 at 11:38:36PM +0300, Oleksandr wrote:diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index efd8205..d06bc7a 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -72,6 +72,19 @@ enum cc_attr { * Examples include TDX guest & SEV. */ CC_ATTR_GUEST_UNROLL_STRING_IO, + + /** + * @CC_ATTR_GUEST_MEM_ACCESS_RESTRICTED: Restricted memory access to + * Guest memory is active + * + * The platform/OS is running as a guest/virtual machine and uses + * the restricted access to its memory. This attribute is set if either + * Guest memory encryption or restricted memory access using Xen grant + * mappings is active. + * + * Examples include Xen guest and SEV.Wait, whaaat? The cc_platform* stuff is for *confidential computing* guests to check different platform aspects. From quickly skimming over this, this looks like a misuse to me. Christoph suggested (rather firmly) this would be the way to go. Why can't you query this from the hypervisor just like you do your other querying about what is supported, etc? Hypercalls, CPUID, whatever... This is needed on guest side at a rather hypervisor independent place. So a capability of some sort seems appropriate. Another suggestion of mine was to have a callback (or flag) in struct x86_hyper_runtime for that purpose. Juergen Attachment:
OpenPGP_0xB0DE9DD628BF132F.asc Attachment:
OpenPGP_signature
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |