Re: [RFC PATCH kernel] iommufd: Allow mapping from KVM's guest_memfd

Next message: Antoniu Miclaus: "[PATCH] iio: frequency: admv1013: fix NULL pointer dereference on str"
Previous message: syzbot: "Re: [syzbot] [netfilter?] WARNING in __nf_unregister_net_hook (9)"
In reply to: Xu Yilun: "Re: [RFC PATCH kernel] iommufd: Allow mapping from KVM's guest_memfd"
Next in thread: Xu Yilun: "Re: [RFC PATCH kernel] iommufd: Allow mapping from KVM's guest_memfd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Fri Feb 27 2026 - 08:18:30 EST

On Fri, Feb 27, 2026 at 06:35:44PM +0800, Xu Yilun wrote:

> Will cause host machine check and host restart, same as host CPU
> accessing encrypted memory. Intel TDX has no lower level privilege
> protection table so the wrong accessing will actually impact the
> memory encryption engine.

Blah, of course it does.

So Intel needs a two step synchronization to wipe the IOPTEs before
any shared private conversions and restore the right ones after.

AMD needs a nasty HW synchronization with RMP changes, but otherwise
wants to map the entire physical space.

ARM doesn't care much, I think it could safely do either approach?

These are very different behaviors so I would expect that userspace
needs to signal which of the two it wants.

It feels like we need a fairly complex dedicated synchronization logic
in iommufd coupled to the shared/private machinery in guestmemfd

Not really sure how to implement the Intel version right now, it is
sort of like a nasty version of SVA..

Jason