Is there a reason not to just dump that into the T=0 SMMU using 1G huge pages and never touch it again? The GPT provides protection? Sure sounds appealing.. > As for the RMM S2, the current plan is to re-use the CPU S2 managed > by RMM. Yes, but my question is if the CPU will be prepopulated > Actually it is. But might solve the problem for confidential VMs, > where the S2 mapping is kind of pinned. Not kind of pinned, it is pinned in the hypervisor.. > Population of S2 is a bit tricky for CVMs, as there are restrictions > due to : > 1) Pre-boot measurements > 2) Restrictions on modifying the S2 (at least on CCA). I haven't dug into any of this, but I'd challenge you to try to make it run fast if the guestmemfd has a full fixed address map in 1G pages and could just dump them into the RMM efficiently once during boot. Perhaps there are ways to optimize the measurements for huge amounts of zero'd memory. > Filling in the S2, with already populated S2 is complicated for CCA > (costly, but not impossible). But the easier way is for the Realm to > fault in the pages before they are used for DMA (and S2 mappings can be > pinned by the hyp as default). Hence that suggestion. I guess, but it's weird, kinda slow, and the RMM can never unfault them.. How will you reconstruct the 1G huge pages in the S2 if you are only populating on faults? Can you really fault the entire 1G page? If so why can't it be prepopulated? Jason
