[RFC PATCH 19/45] KVM: arm64: iommu: Add domains
Mostafa Saleh
smostafa at google.com
Wed Feb 8 04:31:15 PST 2023
On Tue, Feb 7, 2023 at 1:13 PM Mostafa Saleh <smostafa at google.com> wrote:
> I was wondering about the need for pre-allocation of the domain array.
>
> An alternative way I see:
> - We don’t pre-allocate any domain.
>
> - When the EL1 driver has a request to domain_alloc, it will allocate
> both kernel(iommu_domain) and hypervisor domains(kvm_hyp_iommu_domain).
>
> - In __pkvm_host_iommu_alloc_domain, it will take over the hyp struct
> from the kernel (via donation).
>
> - In all other hypercalls, the kernel address of kvm_hyp_iommu_domain will
> be used as domain ID, which guarantees uniqueness and O(1) access.
>
> - The hypervisor would just need to transform the address(kern_hyp_va)
> to get the domain pointer.
This actually will not work with the current sequence, as we can't
guarantee that the domain_id sent later from the host is trusted, and as
the domain points to the page table this can be dangerous, I will have a
closer look to see if we can make this work somehow.
More information about the linux-arm-kernel
mailing list