Re: [RFC PATCH 08/12] vfio/pci: Create host unaccessible dma-buf for private device
From: Alexey Kardashevskiy
Date: Wed Jan 15 2025 - 07:57:37 EST
On 15/1/25 00:35, Jason Gunthorpe wrote:
On Tue, Jun 18, 2024 at 07:28:43AM +0800, Xu Yilun wrote:
is needed so the secure world can prepare anything it needs prior to
starting the VM.
OK. From Dan's patchset there are some touch point for vendor tsm
drivers to do secure world preparation. e.g. pci_tsm_ops::probe().
Maybe we could move to Dan's thread for discussion.
https://lore.kernel.org/linux-coco/173343739517.1074769.13134786548545925484.stgit@xxxxxxxxxxxxxxxxxxxxxxxxx/
I think Dan's series is different, any uapi from that series should
not be used in the VMM case. We need proper vfio APIs for the VMM to
use. I would expect VFIO to be calling some of that infrastructure.
Something like this experiment?
https://github.com/aik/linux/commit/ce052512fb8784e19745d4cb222e23cabc57792e
Thanks,
Really, I don't see a clear sense of how this will look yet. AMD
provided some patches along these lines, I have not seem ARM and Intel
proposals yet, not do I sense there is alignment.
Setting up secure vIOMMU emulation, for instance. I
I think this could be done at VM late bind time.
The vIOMMU needs to be setup before the VM boots
secure. This should all be pre-arranged as possible before starting
But our current implementation is not to prepare as much as possible,
but only necessary, so most of the secure work for vPCI function is done
at late bind time.
That's fine too, but both options need to be valid.
Jason
--
Alexey