From: Aneesh Kumar K.V <aneesh.kumar@kernel.org>
To: Xu Yilun <yilun.xu@linux.intel.com>,
kvm@vger.kernel.org, sumit.semwal@linaro.org,
christian.koenig@amd.com, pbonzini@redhat.com, seanjc@google.com,
alex.williamson@redhat.com, jgg@nvidia.com,
dan.j.williams@intel.com, aik@amd.com,
linux-coco@lists.linux.dev
Cc: dri-devel@lists.freedesktop.org, linux-media@vger.kernel.org,
linaro-mm-sig@lists.linaro.org, vivek.kasireddy@intel.com,
yilun.xu@intel.com, yilun.xu@linux.intel.com,
linux-kernel@vger.kernel.org, lukas@wunner.de,
yan.y.zhao@intel.com, daniel.vetter@ffwll.ch, leon@kernel.org,
baolu.lu@linux.intel.com, zhenzhong.duan@intel.com,
tao1.su@intel.com, linux-pci@vger.kernel.org, zhiw@nvidia.com,
simona.vetter@ffwll.ch, shameerali.kolothum.thodi@huawei.com,
iommu@lists.linux.dev, kevin.tian@intel.com
Subject: Re: [RFC PATCH 27/30] PCI/TSM: Add PCI driver callbacks to handle TSM requirements
Date: Mon, 02 Jun 2025 18:36:37 +0530 [thread overview]
Message-ID: <yq5att4yjns2.fsf@kernel.org> (raw)
In-Reply-To: <20250529053513.1592088-28-yilun.xu@linux.intel.com>
Xu Yilun <yilun.xu@linux.intel.com> writes:
> Add optional PCI driver callbacks to notify TSM events. For now, these
> handlers may be called during pci_tsm_unbind(). By calling these
> handlers, TSM driver askes for external collaboration to finish entire
> TSM unbind flow.
>
> If platform TSM driver could finish TSM bind/unbind all by itself, don't
> call these handlers.
>
> Host may need to configure various system components according to
> platform trusted firmware's requirements. E.g. for Intel TDX Connect,
> host should do private MMIO mapping in S-EPT, trusted DMA setup, device
> ownership claiming and device TDISP state transition. Some operations are
> out of control of PCI TSM, so need collaboration by external components
> like IOMMU driver, KVM.
>
> Further more, trusted firmware may enforce executing these operations
> in a fixed sequence. E.g. Intel TDX Connect enforces the following
> sequences for TSM unbind:
>
> 1. STOP TDI via TDISP message STOP_INTERFACE
> 2. Private MMIO unmap from Secure EPT
> 3. Trusted Device Context Table cleanup for the TDI
> 4. TDI ownership reclaim and metadata free
>
> PCI TSM could do Step 1 and 4, but need KVM for Step 2 and IOMMU driver
> for Step 3. While it is possible TSM provides finer grained APIs like
> tdi_stop() & tdi_free(), and the caller ensures the sequence, it is
> better these specific enforcement could be managed in platform TSM
> driver. By introducing TSM handlers, platform TSM driver controls the
> operation sequence and notify other components to do the real work.
>
> Currently add 3 callbacks for TDX Connect. disable_mmio() is for
> VFIO to invalidate MMIO so that KVM could unmap them from S-EPT.
> recover_mmio() is to re-validate MMIO so that KVM could map them
> again for shared assigned device. disable_trusted_dma() is to cleanup
> trusted IOMMU setup.
>
> Signed-off-by: Xu Yilun <yilun.xu@linux.intel.com>
> ---
> include/linux/pci-tsm.h | 7 +++++++
> include/linux/pci.h | 3 +++
> 2 files changed, 10 insertions(+)
>
> diff --git a/include/linux/pci-tsm.h b/include/linux/pci-tsm.h
> index 737767f8a9c5..ed549724eb5b 100644
> --- a/include/linux/pci-tsm.h
> +++ b/include/linux/pci-tsm.h
> @@ -157,6 +157,13 @@ struct pci_tsm_ops {
> int (*accept)(struct pci_dev *pdev);
> };
>
> +/* pci drivers callbacks for TSM */
> +struct pci_tsm_handlers {
> + void (*disable_mmio)(struct pci_dev *dev);
> + void (*recover_mmio)(struct pci_dev *dev);
> + void (*disable_trusted_dma)(struct pci_dev *dev);
> +};
> +
> enum pci_doe_proto {
> PCI_DOE_PROTO_CMA = 1,
> PCI_DOE_PROTO_SSESSION = 2,
> diff --git a/include/linux/pci.h b/include/linux/pci.h
> index 5f37957da18f..4f768b4658e8 100644
> --- a/include/linux/pci.h
> +++ b/include/linux/pci.h
> @@ -545,6 +545,7 @@ struct pci_dev {
> #endif
> #ifdef CONFIG_PCI_TSM
> struct pci_tsm *tsm; /* TSM operation state */
> + void *trusted_dma_owner;
> #endif
> u16 acs_cap; /* ACS Capability offset */
> u8 supported_speeds; /* Supported Link Speeds Vector */
> @@ -957,6 +958,7 @@ struct module;
> * @sriov_get_vf_total_msix: PF driver callback to get the total number of
> * MSI-X vectors available for distribution to the VFs.
> * @err_handler: See Documentation/PCI/pci-error-recovery.rst
> + * @tsm_handler: Optional driver callbacks to handle TSM requirements.
> * @groups: Sysfs attribute groups.
> * @dev_groups: Attributes attached to the device that will be
> * created once it is bound to the driver.
> @@ -982,6 +984,7 @@ struct pci_driver {
> int (*sriov_set_msix_vec_count)(struct pci_dev *vf, int msix_vec_count); /* On PF */
> u32 (*sriov_get_vf_total_msix)(struct pci_dev *pf);
> const struct pci_error_handlers *err_handler;
> + struct pci_tsm_handlers *tsm_handler;
> const struct attribute_group **groups;
> const struct attribute_group **dev_groups;
> struct device_driver driver;
> --
> 2.25.1
It looks like the TSM feature is currently interacting with several
components: struct pci_driver, VFIO, iommufd, and pci_tsm_ops.
Should we consider limiting this scattering? Would it make sense to
encapsulate this logic within pci_tsm_ops?
-aneesh
next prev parent reply other threads:[~2025-06-02 13:06 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-29 5:34 [RFC PATCH 00/30] Host side (KVM/VFIO/IOMMUFD) support for TDISP using TSM Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 01/30] HACK: dma-buf: Introduce dma_buf_get_pfn_unlocked() kAPI Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 02/30] vfio: Export vfio device get and put registration helpers Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 03/30] vfio/pci: Share the core device pointer while invoking feature functions Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 04/30] vfio/pci: Allow MMIO regions to be exported through dma-buf Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 05/30] fixup! vfio/pci: fix dma-buf revoke typo on reset Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 06/30] HACK: vfio/pci: Support get_pfn() callback for dma-buf Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 07/30] KVM: Support vfio_dmabuf backed MMIO region Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 08/30] KVM: x86/mmu: Handle page fault for vfio_dmabuf backed MMIO Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 09/30] KVM: x86/mmu: Handle page fault for private MMIO Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 10/30] vfio/pci: Export vfio dma-buf specific info for importers Xu Yilun
2025-06-02 13:30 ` Jason Gunthorpe
2025-06-03 5:01 ` Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 11/30] KVM: vfio_dmabuf: Fetch VFIO specific dma-buf data for sanity check Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 12/30] iommufd/device: Associate a kvm pointer to iommufd_device Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 13/30] fixup! iommufd/selftest: Sync iommufd_device_bind() change to selftest Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 14/30] iommu/arm-smmu-v3-iommufd: Pass in kvm pointer to viommu_alloc Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 15/30] fixup: iommu/selftest: Sync .viommu_alloc() change to selftest Xu Yilun
2025-05-29 5:34 ` [RFC PATCH 16/30] iommufd/viommu: track the kvm pointer & its refcount in viommu core Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 17/30] iommufd/device: Add TSM Bind/Unbind for TIO support Xu Yilun
2025-06-02 12:43 ` Aneesh Kumar K.V
2025-06-03 6:20 ` Xu Yilun
2025-06-03 12:21 ` Jason Gunthorpe
2025-06-04 8:40 ` Aneesh Kumar K.V
2025-06-04 13:24 ` Jason Gunthorpe
2025-06-06 7:59 ` Aneesh Kumar K.V
2025-05-29 5:35 ` [RFC PATCH 18/30] iommufd/viommu: Add trusted IOMMU configuration handlers for vdev Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 19/30] vfio/pci: Add TSM TDI bind/unbind IOCTLs for TEE-IO support Xu Yilun
2025-06-01 10:45 ` Aneesh Kumar K.V
2025-06-02 14:43 ` Xu Yilun
2025-06-04 13:37 ` Aneesh Kumar K.V
2025-06-05 9:41 ` Xu Yilun
2025-06-05 15:09 ` Jason Gunthorpe
2025-06-06 3:25 ` Xu Yilun
2025-06-05 16:09 ` Aneesh Kumar K.V
2025-06-16 8:16 ` Aneesh Kumar K.V
2025-06-18 4:54 ` Xu Yilun
2025-06-05 12:03 ` Aneesh Kumar K.V
2025-06-05 15:10 ` Jason Gunthorpe
2025-06-05 16:17 ` Aneesh Kumar K.V
2025-06-05 16:33 ` Jason Gunthorpe
2025-06-06 4:26 ` Xu Yilun
2025-06-06 9:32 ` Aneesh Kumar K.V
2025-06-06 12:09 ` Jason Gunthorpe
2025-05-29 5:35 ` [RFC PATCH 20/30] vfio/pci: Do TSM Unbind before zapping bars Xu Yilun
2025-06-02 5:20 ` Aneesh Kumar K.V
2025-06-02 13:56 ` Xu Yilun
2025-06-02 14:00 ` Aneesh Kumar K.V
2025-06-03 4:50 ` Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 21/30] iommufd/vdevice: Add TSM Guest request uAPI Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 22/30] fixup! PCI/TSM: Change the guest request type definition Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 23/30] coco/tdx_tsm: Introduce a "tdx" subsystem and "tsm" device Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 24/30] coco/tdx_tsm: TEE Security Manager driver for TDX Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 25/30] coco/tdx_tsm: Add connect()/disconnect() handlers prototype Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 26/30] coco/tdx_tsm: Add bind()/unbind()/guest_req() " Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 27/30] PCI/TSM: Add PCI driver callbacks to handle TSM requirements Xu Yilun
2025-06-02 13:06 ` Aneesh Kumar K.V [this message]
2025-06-03 5:52 ` Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 28/30] vfio/pci: Implement TSM handlers for MMIO Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 29/30] iommufd/vdevice: Implement TSM handlers for trusted DMA Xu Yilun
2025-05-29 5:35 ` [RFC PATCH 30/30] coco/tdx_tsm: Manage TDX Module enforced operation sequences for Unbind Xu Yilun
2025-06-02 13:37 ` [RFC PATCH 00/30] Host side (KVM/VFIO/IOMMUFD) support for TDISP using TSM Jason Gunthorpe
2025-06-20 4:21 ` Xu Yilun
2025-06-11 1:55 ` Alexey Kardashevskiy
2025-06-21 1:07 ` Alexey Kardashevskiy
2025-06-25 10:45 ` Xu Yilun
2025-07-11 23:08 ` dan.j.williams
2025-07-15 11:09 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yq5att4yjns2.fsf@kernel.org \
--to=aneesh.kumar@kernel.org \
--cc=aik@amd.com \
--cc=alex.williamson@redhat.com \
--cc=baolu.lu@linux.intel.com \
--cc=christian.koenig@amd.com \
--cc=dan.j.williams@intel.com \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=iommu@lists.linux.dev \
--cc=jgg@nvidia.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=leon@kernel.org \
--cc=linaro-mm-sig@lists.linaro.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=shameerali.kolothum.thodi@huawei.com \
--cc=simona.vetter@ffwll.ch \
--cc=sumit.semwal@linaro.org \
--cc=tao1.su@intel.com \
--cc=vivek.kasireddy@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yilun.xu@intel.com \
--cc=yilun.xu@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.