On 24.04.22 18:53, Oleksandr wrote:
On 23.04.22 19:40, Christoph Hellwig wrote: Hello ChristophPlease split this into one patch that creates grant-dma-ops, and another that sets up the virtio restricted access helpers.Sounds reasonable, will do: 1. grant-dma-ops.c with config XEN_GRANT_DMA_OPS 2. arch_has_restricted_virtio_memory_access() with config XEN_VIRTIO+ +#ifdef CONFIG_ARCH_HAS_RESTRICTED_VIRTIO_MEMORY_ACCESS +int arch_has_restricted_virtio_memory_access(void) +{ + return (xen_has_restricted_virtio_memory_access() || + cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)); +}So instead of hardcoding Xen here, this seems like a candidate for another cc_platform_has flag.I have a limited knowledge of x86 and Xen on x86.Would the Xen specific bits fit into Confidential Computing Platform checks? I will let Juergen/Boris comment on this.
I don't think cc_platform_has would be correct here. Xen certainly provides more isolation between guests and dom0, but "Confidential Computing" is basically orthogonal to that feature. Juergen
OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
