[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240620143406.GJ2494510@nvidia.com>
Date: Thu, 20 Jun 2024 11:34:06 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: David Hildenbrand <david@...hat.com>
Cc: Mostafa Saleh <smostafa@...gle.com>, John Hubbard <jhubbard@...dia.com>,
Elliot Berman <quic_eberman@...cinc.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Shuah Khan <shuah@...nel.org>, Matthew Wilcox <willy@...radead.org>,
maz@...nel.org, kvm@...r.kernel.org, linux-arm-msm@...r.kernel.org,
linux-mm@...ck.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, pbonzini@...hat.com,
Fuad Tabba <tabba@...gle.com>
Subject: Re: [PATCH RFC 0/5] mm/gup: Introduce exclusive GUP pinning
On Thu, Jun 20, 2024 at 04:14:23PM +0200, David Hildenbrand wrote:
> 1) How would the device be able to grab/access "private memory", if not
> via the user page tables?
The approaches I'm aware of require the secure world to own the IOMMU
and generate the IOMMU page tables. So we will not use a GUP approach
with VFIO today as the kernel will not have any reason to generate a
page table in the first place. Instead we will say "this PCI device
translates through the secure world" and walk away.
The page table population would have to be done through the KVM path.
> I assume when you're saying "In the patches KVM (running in EL2) will manage
> the IOMMUs including the page tables", this is easily solved by not relying
> on pinning: KVM just knows what to update and where. (which is a very
> different model than what VFIO does)
This is my read as well for pKVM.
IMHO pKVM is just a version of CC without requiring some of HW
features to make the isolation stronger and ignoring the
attestation/strong confidentiality part.
Jason
Powered by blists - more mailing lists