On Thu, Jun 20, 2024 at 04:14:23PM +0200, David Hildenbrand wrote:
- How would the device be able to grab/access "private memory", if not via the user page tables?
The approaches I'm aware of require the secure world to own the IOMMU and generate the IOMMU page tables. So we will not use a GUP approach with VFIO today as the kernel will not have any reason to generate a page table in the first place. Instead we will say "this PCI device translates through the secure world" and walk away.
The page table population would have to be done through the KVM path.
I assume when you're saying "In the patches KVM (running in EL2) will manage the IOMMUs including the page tables", this is easily solved by not relying on pinning: KVM just knows what to update and where. (which is a very different model than what VFIO does)
This is my read as well for pKVM.
IMHO pKVM is just a version of CC without requiring some of HW features to make the isolation stronger and ignoring the attestation/strong confidentiality part.
Jason