On Fri, Mar 18, 2022 at 02:23:57AM +0000, Tian, Kevin wrote: > Yes, that is another major part work besides the iommufd work. And > it is not compatible with KVM features which rely on the dynamic > manner of EPT. Though It is a bit questionable whether it's worthy of > doing so just for saving memory footprint while losing other capabilities, > it is a requirement for some future security extension in Intel trusted > computing architecture. And KVM has been pinning pages for SEV/TDX/etc. > today thus some facilities can be reused. But I agree it is not a simple > task thus we need start discussion early to explore various gaps in > iommu and kvm. Yikes. IMHO this might work better going the other way, have KVM import the iommu_domain and use that as the KVM page table than vice versa. The semantics are a heck of a lot clearer, and it is really obvious that alot of KVM becomes disabled if you do this. Jason
