[RFC PATCH 01/12] dma-buf: Introduce dma_buf_get_pfn_unlocked() kAPI
Christian König
christian.koenig at amd.com
Wed Jan 15 09:38:00 UTC 2025
Am 10.01.25 um 21:54 schrieb Jason Gunthorpe:
> [SNIP]
>>> I don't fully understand your use case, but I think it's quite likely
>>> that we already have that working.
> In Intel CC systems you cannot mmap secure memory or the system will
> take a machine check.
>
> You have to convey secure memory inside a FD entirely within the
> kernel so that only an importer that understands how to handle secure
> memory (such as KVM) is using it to avoid machine checking.
>
> The patch series here should be thought of as the first part of this,
> allowing PFNs to flow without VMAs. IMHO the second part of preventing
> machine checks is not complete.
>
> In the approach I have been talking about the secure memory would be
> represented by a p2p_provider structure that is incompatible with
> everything else. For instance importers that can only do DMA would
> simply cleanly fail when presented with this memory.
That's a rather interesting use case, but not something I consider
fitting for the DMA-buf interface.
See DMA-buf in meant to be used between drivers to allow DMA access on
shared buffers.
What you try to do here instead is to give memory in the form of a file
descriptor to a client VM to do things like CPU mapping and giving it to
drivers to do DMA etc...
As far as I can see this memory is secured by some kind of MMU which
makes sure that even the host CPU can't access it without causing a
machine check exception.
That sounds more something for the TEE driver instead of anything
DMA-buf should be dealing with.
Regards,
Christian.
>
> Jason
More information about the dri-devel
mailing list