Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp247672pxb; Tue, 31 Aug 2021 20:37:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrkDDj+9wKDCr7aTtQPE38NszfTANHw8jJDkhNkb+3qYs6jZJZAVJByMMQoxeJGSu2+xxO X-Received: by 2002:a17:906:d88:: with SMTP id m8mr1438685eji.250.1630467464169; Tue, 31 Aug 2021 20:37:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630467464; cv=none; d=google.com; s=arc-20160816; b=ao2gYpiJbGrJmd5HufYp170CHXMDzcAIy/Fh+tqSuDFLyxW25o820m4WjPu/azMotQ kAPk7fbH6TBn2a4zXk0pNDUyglOJxNcKqxLRMFOumyXYyUCNG7UXOxG0YJ/vf2uY+L1w d8+3U8yXvX4a5CiJm7OmMf+AGHYIQFc0BoIrWroXFw7eV3lh2EnYnJJY+wZ3BsQYzqnf omL9tPqYHJA1APlccV5WPbz44cexI56LMjS83T+y4sNB/kxinh5CEFeVhHKrz2e6i/dm O8386k4fawKT7OOKzY1ylMzY6pp6XWgAx6Wxz4GVQeMphhY6UXc88XCf2INLsnYLtpZR h2og== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=7sTvPJuRr/12akalwST4AQ2z/t2PSsFA9sG3FvKO4ms=; b=plDdJ6g4z/C56X1xwBRAq11fjq6jQbDp7CQchh+Jr3HEcrYR4PGWlUdj8v7bs1Fqop 6xxcsXjysc9cfqaOz9S3eUbsCjyX9vr+CNfP9e2snKgbB1DhurVyVqdulNB/R3XVjYru C89Fj10WYLFzcmYGJ5PnOkPb1GK0qRSx2kwhwOKphzX5VyedQCUFPPL0X0Gd6zBdpj3I WyJlF0SdfBinUsLn1Gdr7FLdtBZiC2Ft2RhXrpgr7qJmHfoqdscsy9bcvOHr48Ol55BV pqRvB6K+SZ4RWTZEFqMq2xl0r75gEopu/U1yfVs8hL4A1MYqlthVGdpm3+C3eHLeUKPi fV5g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x15si4507328edd.328.2021.08.31.20.37.13; Tue, 31 Aug 2021 20:37:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241796AbhIADfj (ORCPT + 99 others); Tue, 31 Aug 2021 23:35:39 -0400 Received: from mga02.intel.com ([134.134.136.20]:25251 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241452AbhIADfi (ORCPT ); Tue, 31 Aug 2021 23:35:38 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10093"; a="205836477" X-IronPort-AV: E=Sophos;i="5.84,368,1620716400"; d="scan'208";a="205836477" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2021 20:34:41 -0700 X-IronPort-AV: E=Sophos;i="5.84,368,1620716400"; d="scan'208";a="531657052" Received: from zhibosun-mobl2.ccr.corp.intel.com (HELO localhost) ([10.255.31.93]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Aug 2021 20:34:32 -0700 Date: Wed, 1 Sep 2021 11:34:29 +0800 From: Yu Zhang To: Andi Kleen Cc: David Hildenbrand , Sean Christopherson , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Borislav Petkov , Andy Lutomirski , Andrew Morton , Joerg Roedel , David Rientjes , Vlastimil Babka , Tom Lendacky , Thomas Gleixner , Peter Zijlstra , Ingo Molnar , Varad Gautam , Dario Faggioli , x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, "Kirill A . Shutemov" , "Kirill A . Shutemov" , Kuppuswamy Sathyanarayanan , Dave Hansen Subject: Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory Message-ID: <20210901033429.4c2dh5cwlppjvz2h@linux.intel.com> References: <20210824005248.200037-1-seanjc@google.com> <307d385a-a263-276f-28eb-4bc8dd287e32@redhat.com> <20210827023150.jotwvom7mlsawjh4@linux.intel.com> <243bc6a3-b43b-cd18-9cbb-1f42a5de802f@redhat.com> <765e9bbe-2df5-3dcc-9329-347770dc091d@linux.intel.com> <4677f310-5987-0c13-5caf-fd3b625b4344@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20171215 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 31, 2021 at 01:39:31PM -0700, Andi Kleen wrote: > > On 8/31/2021 1:15 PM, David Hildenbrand wrote: > > On 31.08.21 22:01, Andi Kleen wrote: > > > > > > > > Thanks a lot for this summary. A question about the requirement: do > > > > > we or > > > > > do we not have plan to support assigned device to the protected VM? > > > > > > > > Good question, I assume that is stuff for the far far future. > > > > > > It is in principle possible with the current TDX, but not secure. But > > > someone might decide to do it. So it would be good to have basic support > > > at least. > > > > Can you elaborate the "not secure" part? Do you mean, making the device > > only access "shared" memory, not secure/encrypted/whatsoever? > > > Yes that's right. It can only access shared areas. Thanks, Andy & David. Actually, enabling of device assinment needs quite some effort, e.g., to guarantee only shared pages are mapped in IOMMU page table (using shared GFNs). And the buffer copying inside TD is still unavoidable, thus not much performance benefit. Maybe we should just *disable* VFIO device in TDX first. As to the fd-based private memory, enventually we will have to tolerate its impact on any place where GUP is needed in virtualization. :) B.R. Yu