Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore shared device assignment (bounce buffer device assignment) in this 22-minute conference talk that demonstrates how to assign hardware PCI devices to confidential VMs for improved I/O performance. Learn about the fundamental concepts of enabling devices to issue DMA to shared/unprotected memory, which provides performance benefits similar to normal VMs while serving as a transitional solution for Trusted Execution Environment (TEE) I/O capabilities. Discover how this technology lays the groundwork for comprehensive TEE I/O implementation, including support for technologies like TDX connect that require shared memory management during initialization and error recovery. Examine the basic support mechanisms for shared device assignment and understand future expansion directions, including handling partial unmap situations through IOMMUFD cut mapping support and changes in conversion paths brought by new guest_memfd in-place conversion modifications. Investigate the limitations of the current RamDiscardManager framework in QEMU's basic implementation and explore the need for new frameworks to support advanced functionalities like virtio-mem and live migration in confidential VMs.
