RE: [PATCH v11 00/20] TDX host kernel support

From: Dan Williams
Date: Thu Jun 08 2023 - 17:04:11 EST

Next message: Jeffery Miller: "[PATCH v3] Input: synaptics-rmi4 - retry reading SMBus version on resume"
Previous message: Will Deacon: "Re: [PATCH v6 12/12] iommu/arm-smmu-qcom: Add SM6350 DPU compatible"
Next in thread: Huang, Kai: "Re: [PATCH v11 00/20] TDX host kernel support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kai Huang wrote:
> Intel Trusted Domain Extensions (TDX) protects guest VMs from malicious
> host and certain physical attacks. TDX specs are available in [1].
>
> This series is the initial support to enable TDX with minimal code to
> allow KVM to create and run TDX guests. KVM support for TDX is being
> developed separately[2]. A new "userspace inaccessible memfd" approach
> to support TDX private memory is also being developed[3]. The KVM will
> only support the new "userspace inaccessible memfd" as TDX guest memory.

This memfd approach is incompatible with one of the primary ways that
new memory topologies like high-bandwidth-memory and CXL are accessed,
via a device-special-file mapping. There is already precedent for mmap()
to only be used for communicating address value and not CPU accessible
memory. See "Userspace P2PDMA with O_DIRECT NVMe devices" [1].

So before this memfd requirement becomes too baked in to the design I
want to understand if "userspace inaccessible" is the only requirement
so I can look to add that to the device-special-file interface for
"device" / "Soft Reserved" memory like HBM and CXL.

[1]: https://lore.kernel.org/all/20221021174116.7200-1-logang@xxxxxxxxxxxx/

Next message: Jeffery Miller: "[PATCH v3] Input: synaptics-rmi4 - retry reading SMBus version on resume"
Previous message: Will Deacon: "Re: [PATCH v6 12/12] iommu/arm-smmu-qcom: Add SM6350 DPU compatible"
Next in thread: Huang, Kai: "Re: [PATCH v11 00/20] TDX host kernel support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]