On Wed, Jul 30, 2025 at 11:09:35AM +0100, Suzuki K Poulose wrote: > > > It is unclear whether devices would need to perform DMA to shared > > > (unencrypted) memory while operating in this mode, as TLPs with T=1 > > > are generally expected to target private memory. > > > > PCI SIG supports it, kernel should support it. > > ACK. On Arm CCA, the device can access shared IPA, with T=1 transaction > as long as the mapping is active in the Stage2 managed by RMM. Right, I expect that the T=0 SMMU S2 translation is a perfect subset of the T=1 S2 rmm translation. At most pages that are not available to T=0 should be removed when making the subset. I'm not sure what the plan is here on ARM though, do you expect to pre-load the entire T=0 SMMU S2 with the shared IPA aliases and rely on the GPT for protection or will the hypervisor dynamically change the T=0 SMMU S2 after each shared/private change? Same question for the RMM S2? The first option sounds fairly appealing, IMHO > Rather than mapping the entire memory from the host, it would be ideal > if the Coco vms have some sort of a callback to "make sure the DMA > wouldn't fault for a device". Isn't that a different topic? For right now we expect that all pages are pinned and loaded into both S2s. Upon any private/shared conversion the pages should be reloaded into the appropriate S2s if required. The VM never needs to tell the hypervisor that it wants to do DMA. There are all sorts of options here to relax this but exploring them it an entirely different project that CCA, IMHO. Jason
