[RISC-V] [tech-tee] [RISC-V] [tech-privileged] Updates on the proposal of MPU (privious sPMP)

Greg Favor

On Tue, May 4, 2021 at 1:51 AM Dong Du <dudong@...> wrote:
BTW, we would like to know more opinions from privilege group and H-extension group on how MPU/sPMP and virtualization should be used together,
  e.g., do we have any scenarios that should use paging, MPU (sPMP), and  G-stage translation together?

What combinations has the TEE group come up with so far that have justifying use cases?  Or are you searching for combinations that have justifying use cases?

If the latter (and this admittedly reflects my own biases), it seems like a stretch to have industrial use cases that implement paging and the H extension, but don't want to use paging for HS-mode, but want to use two-stage paging for VS-mode?  Or do you have use cases in mind and are trying to think about how all this stuff should interact?  I guess I'm struggling with what seems like a wide open question and with the idea that a TG should be starting from motivating use cases that it is trying to address.  (Versus coming up with a potential hammer and looking for some nails.)

Somewhat separate from that, when I look back at the following email excerpt from Nick, I have a couple of comments/questions:

A scenario we discussed at some point was a trusted hypervisor running
on HS mode, with e.g. Linux and a trusted service running on VS mode.
The trusted hypervisor is usually very small/simple and may not use
paging, so hgatp will be set to bare and it'll fallback to PMP/ePMP as
the current hypervisor spec mandates. With sPMP the hypervisor will be
able to configure its own regions and also isolate Linux from the
trusted service, without going through M-mode using PMP/ePMP, this
allows for a much more flexible / clean implementation.

>> Setting up HS-mode page tables also provides this ability to set up protected access regions without going through M-mode.  (And you can have regions of varying page sizes.)

In other words
we can use sPMP as a poor man's paging for HS mode and still use paging
for VS mode, in which case when operating on VS mode both MMU and sPMP
will be active.

>> Once one has implemented an MMU, why not use that for your "poor man's paging for HS-mode" instead of also implementing sPMP?  Plus one can then leverage existing hypervisor software (instead of working to get hypervisors to understand and use sPMP instead of page tables).