search

riscv-non-isa / riscv-ap-tee

This repo holds the work area and revisions of the non-ISA specification created by the RISC-V AP-TEE TG. This specification defines the programming interfaces (ABI) to support the Confidential VM Extension (CoVE) confidential computing architecture for RISC-V application-processor platforms.
https://jira.riscv.org/browse/RVG-76
Creative Commons Attribution 4.0 International
49 stars 19 forks source link

[Qualcomm feedback] Chapter 8.1.1. TVM-defined Shared memory regions #63

Closed rsahita closed 6 months ago

rsahita commented 7 months ago

Reference: link

The calling TVM vCPU is considered blocked until the assignment-change is completed. Attempts to run it with sbi_covh_run_tvm_vcpu() will fail. Any guest page faults taken by other TVM vCPUs in the invalidated pages continue to be reported to the host.

How can it be blocked if the host is supposed to continue the TVM execution after the pages have been reclaimed? Also considering they'll be mapped as shared only on page-fault, which can happen only if the TVM is running to cause it.

rsahita commented 6 months ago

The TVM vcpu is blocked until the host completes the conversion to shared memory - this sequence where the TVM vcpu gets blocked is triggered by the TVM via the sbi_covg_share_memory_region - and happens in two parts - invalidation of references to confidential memory (and address translation cache flushes if any) and second, the addition of the mapping to shared memory - the host may run the TVM vcpu after the first part, and lazily handle the fault for the second part. also the reclamation is of the confidential pages, and the shared memory pages provided by the host may be unique from those pages so that host has the option to service the request on the TVM synchronously or asynchronously.

The language may be a bit confusing here - I will clarify the description as above. cc @ozkoyuncu

rsahita commented 6 months ago

addressed by PR #67