| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c5aead07-2511-43a1-8f22-1346be34af28@linux.intel.com> Date: Mon, 20 Jan 2025 12:41:04 +0800 From: Baolu Lu <baolu.lu@...ux.intel.com> To: Jason Gunthorpe <jgg@...dia.com> Cc: Alexey Kardashevskiy <aik@....com>, Xu Yilun <yilun.xu@...ux.intel.com>, kvm@...r.kernel.org, dri-devel@...ts.freedesktop.org, linux-media@...r.kernel.org, linaro-mm-sig@...ts.linaro.org, sumit.semwal@...aro.org, christian.koenig@....com, pbonzini@...hat.com, seanjc@...gle.com, alex.williamson@...hat.com, vivek.kasireddy@...el.com, dan.j.williams@...el.com, yilun.xu@...el.com, linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org, lukas@...ner.de, yan.y.zhao@...el.com, daniel.vetter@...ll.ch, leon@...nel.org, zhenzhong.duan@...el.com, tao1.su@...el.com Subject: Re: [RFC PATCH 08/12] vfio/pci: Create host unaccessible dma-buf for private device On 1/17/25 21:25, Jason Gunthorpe wrote: >> If my recollection is correct, the arm >> smmu-v3 needs it to obtain the vmid to setup the userspace event queue: > Right now it will use a VMID unrelated to KVM. BTM support on ARM will > require syncing the VMID with KVM. > > AMD and Intel may require the KVM for some reason as well. > > For CC I'm expecting the KVM fd to be the handle for the cVM, so any > RPCs that want to call into the secure world need the KVM FD to get > the cVM's identifier. Ie a "bind to cVM" RPC will need the PCI > information and the cVM's handle. > > From that perspective it does make sense that any cVM related APIs, > like "bind to cVM" would be against the VDEVICE where we have a link > to the VIOMMU which has the KVM. On the iommufd side the VIOMMU is > part of the object hierarchy, but does not necessarily have to force a > vIOMMU to appear in the cVM. Yea, from that perspective, treating the vDEVICE object as the primary focus for the uAPIs of cVMs is more reasonable. This simplifies the iommu drivers by eliminating the need to verify hardware capabilities and compatibilities within each callback. Everything could be done in one shot when allocating the vDEVICE object. > > But it also seems to me that VFIO should be able to support putting > the device into the RUN state without involving KVM or cVMs. Then, it appears that BIND ioctl should be part of VFIO uAPI. >> Intel TDX connect implementation also needs a reference to the kvm >> pointer to obtain the secure EPT information. This is crucial because >> the CPU's page table must be shared with the iommu. > I thought kvm folks were NAKing this sharing entirely? Or is the Yes, previous idea of *generic* EPT sharing was objected by the kvm folks. The primary concern, as I understand it, is that KVM has many "page non-present" tricks in EPT, which are not applicable to IOPT. Consequently, KVM must now consider IOPT requirements when sharing the EPT with the IOMMU, which presents a significant maintenance burden for the KVM folks. > secure EPT in the secure world and not directly managed by Linux? But Secure EPT is managed by the TDX module within the secure world. Crucially, KVM does not involve any such mechanisms. The firmware guarantees that any Secure EPT configuration will be applicable to Secure IOPT. This approach may alleviate concerns raised by the KVM community. > AFAIK AMD is going to mirror the iommu page table like today. > > ARM, I suspect, will not have an "EPT" under Linux control, so > whatever happens will be hidden in their secure world. Intel also does not have an EPT under Linux control. The KVM has a mirrored page table and syncs it with the secure EPT managed by firmware every time it is updated through the ABIs defined by the firmware. Thanks, baolu
Powered by blists - more mailing lists