From: Xu Yilun <yilun.xu@linux.intel.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Alexey Kardashevskiy <aik@amd.com>,
x86@kernel.org, kvm@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-pci@vger.kernel.org,
linux-arch@vger.kernel.org,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Joerg Roedel <joro@8bytes.org>,
Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>,
Robin Murphy <robin.murphy@arm.com>,
Kevin Tian <kevin.tian@intel.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Dan Williams <dan.j.williams@intel.com>,
Christoph Hellwig <hch@lst.de>,
Nikunj A Dadhania <nikunj@amd.com>,
Michael Roth <michael.roth@amd.com>,
Vasant Hegde <vasant.hegde@amd.com>,
Joao Martins <joao.m.martins@oracle.com>,
Nicolin Chen <nicolinc@nvidia.com>,
Lu Baolu <baolu.lu@linux.intel.com>,
Steve Sistare <steven.sistare@oracle.com>,
Lukas Wunner <lukas@wunner.de>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Dionna Glaze <dionnaglaze@google.com>,
Yi Liu <yi.l.liu@intel.com>,
iommu@lists.linux.dev, linux-coco@lists.linux.dev,
Zhi Wang <zhiw@nvidia.com>,
"Aneesh Kumar K . V" <aneesh.kumar@kernel.org>
Subject: Re: [RFC PATCH v2 14/22] iommufd: Add TIO calls
Date: Thu, 27 Feb 2025 11:59:18 +0800 [thread overview]
Message-ID: <Z7/jFhlsBrbrloia@yilunxu-OptiPlex-7050> (raw)
In-Reply-To: <20250226131202.GH5011@ziepe.ca>
On Wed, Feb 26, 2025 at 09:12:02AM -0400, Jason Gunthorpe wrote:
> On Wed, Feb 26, 2025 at 06:49:18PM +0800, Xu Yilun wrote:
>
> > E.g. I don't think VFIO driver would expect its MMIO access suddenly
> > failed without knowing what happened.
>
> What do people expect to happen here anyhow? Do you still intend to
> mmap any of the MMIO into the hypervisor? No, right? It is all locked
Not expecting mmap the MMIO, but I switched to another way. VFIO doesn't
disallow mmap until bind, and if there is mmap on bind, bind failed.
That's my understanding of your comments.
https://lore.kernel.org/kvm/Z4Hp9jvJbhW0cqWY@yilunxu-OptiPlex-7050/#t
Another concern is about dma-buf importer (e.g. KVM) mapping the MMIO.
Recall we are working on the VFIO dma-buf solution, on bind/unbind the
MMIO accessibility is being changed and importers should be notified to
remove their mapping beforehand, and rebuild later if possible.
An immediate requirement for Intel TDX is, KVM should remove secure EPT
mapping for MMIO before unbind.
So I think device is all locked down into CC mode AFTER bind and BEFORE
unbind. It doesn't seems viommu/vdevice could control bind/unbind.
There are other bus error handling cases, like AER when TDISP/SPDM/IDE
state broken, that I don't have a clear solution now. But I cannot
imagine they could be correctly handled without pci_driver support.
> down?
>
> So perhaps the answer is that the VFIO side has to put the device into
> CC mode which disables MMAP/etc, then the viommu/vdevice iommufd
> object can control it.
>
> > Back to your concern, I don't think it is a problem. From your patch,
> > vIOMMU doesn't know the guest BDFn by nature, it is just the user
> > stores the id in vdevice via iommufd_vdevice_alloc_ioctl(). A proper
> > VFIO API could also do this work.
>
> We don't want duplication though. If the viommu/vdevice/vbdf are owned
> and lifecycle controlled by iommufd then the operations against them
> must go through iommufd and through it's locking regime.
> >
> > The implementation is basically no difference from:
> >
> > + vdev = container_of(iommufd_get_object(ucmd->ictx, cmd->vdevice_id,
> > + IOMMUFD_OBJ_VDEVICE),
> >
> > The real concern is the device owner, VFIO, should initiate the bind.
>
> There is a big different, the above has correct locking, the other
> does not :)
Could you elaborate more on that? Any locking problem if we implement
bind/unbind outside iommufd. Thanks in advance.
Thanks,
Yilun
>
> Jason
next prev parent reply other threads:[~2025-02-27 4:01 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-18 11:09 [RFC PATCH v2 00/22] TSM: Secure VFIO, TDISP, SEV TIO Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 01/22] pci/doe: Define protocol types and make those public Alexey Kardashevskiy
2025-04-15 20:15 ` Bjorn Helgaas
2025-02-18 11:09 ` [RFC PATCH v2 02/22] PCI/IDE: Fixes to make it work on AMD SNP-SEV Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 03/22] PCI/IDE: Init IDs on all IDE streams beforehand Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 04/22] iommu/amd: Report SEV-TIO support Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 05/22] crypto: ccp: Enable SEV-TIO feature in the PSP when supported Alexey Kardashevskiy
2025-03-22 11:50 ` Francesco Lavra
2025-03-26 4:26 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 06/22] KVM: X86: Define tsm_get_vmid Alexey Kardashevskiy
2025-03-13 1:51 ` Dan Williams
2025-03-13 4:31 ` Alexey Kardashevskiy
2025-03-13 19:09 ` Dan Williams
2025-03-14 3:28 ` Alexey Kardashevskiy
2025-04-24 3:37 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 07/22] coco/tsm: Add tsm and tsm-host modules Alexey Kardashevskiy
2025-03-14 1:14 ` Dan Williams
2025-05-14 18:39 ` Zhi Wang
2025-05-29 5:30 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 08/22] pci/tsm: Add PCI driver for TSM Alexey Kardashevskiy
2025-04-15 20:25 ` Bjorn Helgaas
2025-02-18 11:09 ` [RFC PATCH v2 09/22] crypto/ccp: Implement SEV TIO firmware interface Alexey Kardashevskiy
2025-03-23 11:35 ` Francesco Lavra
2025-02-18 11:09 ` [RFC PATCH v2 10/22] KVM: SVM: Add uAPI to change RMP for MMIO Alexey Kardashevskiy
2025-03-15 0:08 ` Dan Williams
2025-03-27 5:00 ` Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 11/22] KVM: SEV: Add TIO VMGEXIT Alexey Kardashevskiy
2025-02-18 11:09 ` [RFC PATCH v2 12/22] iommufd: Allow mapping from guest_memfd Alexey Kardashevskiy
2025-02-18 14:16 ` Jason Gunthorpe
2025-02-18 23:35 ` Alexey Kardashevskiy
2025-02-18 23:51 ` Jason Gunthorpe
2025-02-19 0:43 ` Alexey Kardashevskiy
2025-02-19 13:35 ` Jason Gunthorpe
2025-02-19 20:23 ` Michael Roth
2025-02-19 20:37 ` Jason Gunthorpe
2025-02-19 21:30 ` Michael Roth
2025-02-20 0:57 ` Jason Gunthorpe
2025-03-13 4:51 ` Alexey Kardashevskiy
2025-03-19 17:40 ` Jason Gunthorpe
2025-02-20 2:29 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 13/22] iommufd: amd-iommu: Add vdevice support Alexey Kardashevskiy
2025-04-01 16:11 ` Jason Gunthorpe
2025-04-10 6:39 ` Alexey Kardashevskiy
2025-04-10 8:43 ` Tian, Kevin
2025-04-10 13:05 ` Jason Gunthorpe
2025-04-14 4:17 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 14/22] iommufd: Add TIO calls Alexey Kardashevskiy
2025-02-25 9:00 ` Xu Yilun
2025-02-26 0:12 ` Alexey Kardashevskiy
2025-02-26 10:49 ` Xu Yilun
2025-02-26 13:12 ` Jason Gunthorpe
2025-02-27 0:33 ` Alexey Kardashevskiy
2025-03-01 0:32 ` Jason Gunthorpe
2025-03-05 3:09 ` Alexey Kardashevskiy
2025-03-05 19:18 ` Jason Gunthorpe
2025-02-27 3:59 ` Xu Yilun [this message]
2025-03-01 0:37 ` Jason Gunthorpe
2025-03-03 5:32 ` Xu Yilun
2025-03-05 19:28 ` Jason Gunthorpe
2025-03-06 6:47 ` Xu Yilun
2025-03-06 18:26 ` Jason Gunthorpe
2025-03-07 6:49 ` Xu Yilun
2025-03-07 2:19 ` Alexey Kardashevskiy
2025-03-07 15:17 ` Jason Gunthorpe
2025-03-12 10:41 ` Suzuki K Poulose
2025-03-12 1:11 ` Xu Yilun
2025-02-26 13:08 ` Jason Gunthorpe
2025-03-15 1:11 ` Dan Williams
2025-03-17 2:32 ` Alexey Kardashevskiy
2025-04-01 15:53 ` Jason Gunthorpe
2025-03-13 11:01 ` Xu Yilun
2025-03-14 2:49 ` Alexey Kardashevskiy
2025-03-28 5:27 ` Aneesh Kumar K.V
2025-04-01 16:03 ` Jason Gunthorpe
2025-04-07 11:40 ` Aneesh Kumar K.V
2025-04-07 16:40 ` Jason Gunthorpe
2025-04-01 16:12 ` Jason Gunthorpe
2025-04-03 8:39 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 15/22] KVM: X86: Handle private MMIO as shared Alexey Kardashevskiy
2025-05-15 8:18 ` Zhi Wang
2025-05-29 5:30 ` Alexey Kardashevskiy
2025-02-18 11:10 ` [RFC PATCH v2 16/22] coco/tsm: Add tsm-guest module Alexey Kardashevskiy
2025-04-05 17:15 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 17/22] resource: Mark encrypted MMIO resource on validation Alexey Kardashevskiy
2025-04-05 18:19 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 18/22] coco/sev-guest: Implement the guest support for SEV TIO Alexey Kardashevskiy
2025-04-07 11:05 ` Francesco Lavra
2025-02-18 11:10 ` [RFC PATCH v2 19/22] RFC: pci: Add BUS_NOTIFY_PCI_BUS_MASTER event Alexey Kardashevskiy
2025-04-15 20:26 ` Bjorn Helgaas
2025-02-18 11:10 ` [RFC PATCH v2 20/22] sev-guest: Stop changing encrypted page state for TDISP devices Alexey Kardashevskiy
2025-02-27 16:01 ` Borislav Petkov
2025-02-18 11:10 ` [RFC PATCH v2 21/22] pci: Allow encrypted MMIO mapping via sysfs Alexey Kardashevskiy
2025-04-15 20:28 ` Bjorn Helgaas
2025-02-18 11:10 ` [RFC PATCH v2 22/22] pci: Define pci_iomap_range_encrypted Alexey Kardashevskiy
2025-04-15 20:30 ` Bjorn Helgaas
2025-02-27 15:48 ` [RFC PATCH v2 00/22] TSM: Secure VFIO, TDISP, SEV TIO Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z7/jFhlsBrbrloia@yilunxu-OptiPlex-7050 \
--to=yilun.xu@linux.intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=baolu.lu@linux.intel.com \
--cc=bhelgaas@google.com \
--cc=dan.j.williams@intel.com \
--cc=dionnaglaze@google.com \
--cc=hch@lst.de \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=joao.m.martins@oracle.com \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=michael.roth@amd.com \
--cc=nicolinc@nvidia.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=robin.murphy@arm.com \
--cc=seanjc@google.com \
--cc=steven.sistare@oracle.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=suzuki.poulose@arm.com \
--cc=thomas.lendacky@amd.com \
--cc=vasant.hegde@amd.com \
--cc=x86@kernel.org \
--cc=yi.l.liu@intel.com \
--cc=zhiw@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox