On Tue, Nov 17, 2020 at 10:34:37AM -0600, Tom Lendacky wrote: > On 11/17/20 9:57 AM, Peter Xu wrote: > > On Tue, Nov 17, 2020 at 09:33:17AM -0600, Tom Lendacky wrote: > >> On 11/16/20 5:20 PM, Jason Gunthorpe wrote: > >>> On Mon, Nov 16, 2020 at 03:43:53PM -0600, Tom Lendacky wrote: > >>>> On 11/16/20 9:53 AM, Jason Gunthorpe wrote: > >>>>> On Thu, Nov 05, 2020 at 06:39:49PM -0500, Peter Xu wrote: > >>>>>> On Thu, Nov 05, 2020 at 12:34:58PM -0400, Jason Gunthorpe wrote: > >>>>>>> Tom says VFIO device assignment works OK with KVM, so I expect only things > >>>>>>> like DPDK to be broken. > >>>>>> > >>>>>> Is there more information on why the difference? Thanks, > >>>>> > >>>>> I have nothing, maybe Tom can explain how it works? > >>>> > >>>> IIUC, the main differences would be along the lines of what is performing > >>>> the mappings or who is performing the MMIO. > >>>> > >>>> For device passthrough using VFIO, the guest kernel is the one that ends > >>>> up performing the MMIO in kernel space with the proper encryption mask > >>>> (unencrypted). > >>> > >>> The question here is why does VF assignment work if the MMIO mapping > >>> in the hypervisor is being marked encrypted. > >>> > >>> It sounds like this means the page table in the hypervisor is ignored, > >>> and it works because the VM's kernel marks the guest's page table as > >>> non-encrypted? > >> > >> If I understand the VFIO code correctly, the MMIO area gets registered as > >> a RAM memory region and added to the guest. This MMIO region is accessed > >> in the guest through ioremap(), which creates an un-encrypted mapping, > >> allowing the guest to read it properly. So I believe the mmap() call only > >> provides the information used to register the memory region for guest > >> access and is not directly accessed by Qemu (I don't believe the guest > >> VMEXITs for the MMIO access, but I could be wrong). > > > > Thanks for the explanations. > > > > It seems fine if two dimentional page table is used in kvm, as long as the 1st > > level guest page table is handled the same way as in the host. > > > > I'm thinking what if shadow page table is used - IIUC here the vfio mmio region > > will be the same as normal guest RAM from kvm memslot pov, however if the mmio > > region is not encrypted, does it also mean that the whole guest RAM is not > > encrypted too? It's a pure question because I feel like these are two layers > > of security (host as the 1st, guest as the 2nd), maybe here we're only talking > > about host security rather than the guests, then it looks fine too. > > SEV is only supported with NPT (TDP). I see, thanks for answering (even if my question was kind of out-of-topic..). Regarding this patch, my current understanding is that the VM case worked only because the guests in the previous tests were always using kvm directly mapped MMIO accesses. However that should not be always guaranteed because qemu should be in complete control of that (e.g., qemu can switch to user-exit for all mmio accesses for a vfio-pci device anytime without guest's awareness). Logically this patch should fix that, just like the dpdk scenario where mmio regions were accessed from userspace (qemu). From that pov, I think this patch should help. Acked-by: Peter Xu <peterx@xxxxxxxxxx> Though if my above understanding is correct, it would be nice to mention some of above information in the commit messages too, though may not worth a repost. Tests will always be welcomed as suggested by Alex, of course. Thanks, -- Peter Xu
