RE: [PATCH RFC 0/5] mm/gup: Introduce exclusive GUP pinning

[Tian, Kevin]

> From: Jason Gunthorpe <jgg@xxxxxxxxxx>
> Sent: Tuesday, August 6, 2024 7:23 AM
> 
> On Mon, Aug 05, 2024 at 02:24:42AM +0000, Tian, Kevin wrote:
> >
> > According to [3],
> >
> > "
> >   With SNP, when pages are marked as guest-owned in the RMP table,
> >   they are assigned to a specific guest/ASID, as well as a specific GFN
> >   with in the guest. Any attempts to map it in the RMP table to a different
> >   guest/ASID, or a different GFN within a guest/ASID, will result in an RMP
> >   nested page fault.
> > "
> >
> > With that measure in place my impression is that even the CPU's GPA
> > translation can be controlled by the unsecure world in SEV-SNP.
> 
> Sure, but the GPA is the KVM S2, not the IOMMU. If there is some
> complicated way to lock down the KVM S2 then it doesn't necessarily
> apply to every IOVA to GPA translation as well.
> 
> The guest/hypervisor could have a huge number of iommu domains, where
> would you even store such granular data?
> 
> About the only thing that could possibly do is setup a S2 IOMMU
> identity translation reliably and have no support for vIOMMU - which
> doesn't sound like a sane architecture to me.
> 

According to the SEV-TIO spec there will be a new structure called
Secure Device Table to track security attributes of a TDI and also
location of guest page tables. It also puts hardware assisted
vIOMMU in the TCB then with nested translation the IOMMU S2
will always be GPA.

> It is not insurmountable, but it is going to be annoying if someone
> needs access to the private pages physical address in the iommufd
> side.
> 

Don't know much about SEV but based on my reading it appears
that it is designed with the assumption that GPA page tables (both
CPU/IOMMU S2, in nested translation) are managed by untrusted
host, for both shared and private pages.

Probably AMD folks can chime in to help confirm. 😊