Re: [PATCH] ptp: Add vDSO-style vmclock support
From: David Woodhouse
Date: Thu Jul 25 2024 - 06:00:33 EST
On Thu, 2024-07-25 at 01:54 -0400, Michael S. Tsirkin wrote:
> one other thing worth mentioning is that this design can't work
> with confidential computing setups. By comparison, mapping e.g. a
> range in a PCI BAR would work for these setups.
Why so? This is just like mapping a PCI BAR, isn't it? It's cacheable
MMIO space, *not* part of the encrypted guest RAM ranges. It just
happens to be discovered through the _CRS of an ACPI device, not the
BAR of a PCI device.
> Is there a reason this functionality is not interesting for
> confidential VMs?
It is. In fact, that was one of the reasons for doing it as mappable
MMIO space, instead of having the guest allocate a portion of its own
RAM and invoke a hypervisor enlightenment to populate it. (Although the
latter *can* work with CC too, as demonstrated by e.g. ptp_kvm).
Attachment:
smime.p7s
Description: S/MIME cryptographic signature