From: Jason Gunthorpe jgg@nvidia.com Sent: Friday, October 25, 2024 11:24 PM
On Fri, Oct 25, 2024 at 08:47:40AM +0000, Tian, Kevin wrote:
From: Jason Gunthorpe jgg@nvidia.com Sent: Tuesday, October 22, 2024 9:16 PM
On Tue, Oct 22, 2024 at 04:59:07PM +0800, Baolu Lu wrote:
Is it feasible to make vIOMMU object more generic, rather than strictly tying it to nested translation? For example, a normal paging domain
that
translates gPAs to hPAs could also have a vIOMMU object associated
with
it.
While we can only support vIOMMU object allocation uAPI for S2 paging domains in the context of this series, we could consider leaving the option open to associate a vIOMMU object with other normal paging domains that are not a nested parent?
Why? The nested parent flavour of the domain is basically free to create, what reason would be to not do that?
If the HW doesn't support it, then does the HW really need/support a VIOMMU?
Now it's agreed to build trusted I/O on top of this new vIOMMU object. format-wise probably it's free to assume that nested parent is supported on any new platform which will support trusted I/O. But I'm not sure all the conditions around allowing nested are same as for trusted I/O, e.g. for ARM nesting is allowed only for CANWBS/S2FWB. Are they always guaranteed in trusted I/O configuration?
ARM is a big ? what exactly will come, but I'm expecting that to be resolved either with continued HW support or Linux will add the cache flushing and relax the test.
Baolu did raise a good open to confirm given it will be used beyond nesting. 😊
Even CC is "nesting", it is just nested with a fixed Identity S1 in the baseline case. The S2 translation still exists and still has to be consistent with whatever the secure world is doing.
this is true. That is why I asked more from the conditions around enabling nested instead of the translation/format itself.
So, my feeling is that the S2 nested domain is mandatory for the viommu, especially for CC, it must exists. In the end there may be more options than just a nested parent.
For instance if the CC design relies on the secure world sharing the CPU and IOMMU page table we might need a new HWPT type to represent that configuration.
From a uapi perspective we seem OK here as the hwpt input could be anything. We might have to adjust some checks in the kernel someday.
yes, that could be extended in case of a need.