Re: [PATCH 1/4] iommu/amd: Introduce Protection-domain flag VFIO

[Tom Lendacky]

On 1/20/23 13:55, Kalra, Ashish wrote:
> On 1/20/2023 11:50 AM, Jason Gunthorpe wrote:
> > On Fri, Jan 20, 2023 at 11:01:21AM -0600, Kalra, Ashish wrote:
> >
> > > We basically get the RMP #PF from the IOMMU because there is a page size
> > > mismatch between the RMP table and the IOMMU page table. The RMP table's
> > > large page entry has been smashed to 4K PTEs to handle page state 
> > > change to
> > > shared on 4K mappings, so this change has to be synced up with the IOMMU
> > > page table, otherwise there is now a page size mismatch between RMP table
> > > and IOMMU page table which causes the RMP #PF.
> >
> > I understand that, you haven't answered my question:
> >
> > Why is the IOMMU being programmed with pages it cannot access in the
> > first place?
>
> I believe the IOMMU page tables are setup as part of device pass-through 
> to be able to do DMA to all of the guest memory, but i am not an IOMMU 
> expert, so i will let Suravee elaborate on this.

Right. And what I believe Jason is saying is, that for SNP, since we know 
we can only DMA into shared pages, there is no need to setup the initial 
IOMMU page tables for all of guest memory. Instead, wait and set up IOMMU 
mappings when we do a page state change to shared and remove any mappings 
when we do a page state change to private.

Thanks,
Tom

> Thanks,
> Ashish
>
> > Don't do that is the obvious solution there, and preserves huge page
> > IO performance.
> >
> > Jason