On 12/5/23 23:15, Alexey Makhalov wrote:

+#ifdef CONFIG_INTEL_TDX_GUEST
+/* Export tdx hypercall and allow it only for VMware guests. */
+void vmware_tdx_hypercall_args(struct tdx_module_args *args)
+{
+	if (hypervisor_is_type(X86_HYPER_VMWARE))
+		__tdx_hypercall(args);
+}
+EXPORT_SYMBOL_GPL(vmware_tdx_hypercall_args);
+#endif

I think this is still too generic.  This still allows anything setting
X86_HYPER_VMWARE to make any TDX hypercall.

I'd *much* rather you export something like vmware_tdx_hypercall() or
even the high-level calls like hypervisor_ppn_reset_all().  The higher
level and more specialized the interface, the less likely it is to be
abused.