Re: [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 23, 2024 at 02:26:23PM +1000, Alexey Kardashevskiy wrote:
> 
> 
> On 22/7/24 22:06, Jason Gunthorpe wrote:
> > On Mon, Jul 22, 2024 at 08:19:23PM +1000, Alexey Kardashevskiy wrote:
> >
> > > If there is vIOMMU, then the driver in the VM can decide whether it wants
> > > private or shared memory for DMA, pass that new flag to dma_map() and 1)
> > > have DMA memory allocated from the private pool (== no page state changes)
> > > and 2) have C-bit set in the vIOMMU page table (which is in the VM memory).
> > 
> > Not all HW supports a flow like that.
> 
> Fair point but still, under what imaginary circumstance a driver could
> decide to flip T=0/1 when up and running?

It seems some people are thinking they need to do T=0 stuff before
doing device attestation.

But that wasn't my point, the issue is that the translation is
different depending on T=0/1. On those implementations T=0 means "all
shared memory with no vIOMMU" and T=1 means "all memory with a
vIOMMU".

This is quite different from "the VM can decide whether it wants
private or shared memory", because it kind of can't. The entire device
is either T=0/1 and that is that.

Jason




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux