Re: [RFC PATCH 00/30] Host side (KVM/VFIO/IOMMUFD) support for TDISP using TSM
From: Alexey Kardashevskiy
Date: Fri Jun 20 2025 - 21:07:58 EST
On 11/6/25 11:55, Alexey Kardashevskiy wrote:
Hi,
Is there a QEMU tree using this somewhere?
Ping? Thanks,
Also it would be nice to have this tree pushed somewhere, saves time. Thanks,
On 29/5/25 15:34, Xu Yilun wrote:
This series is the generic host side (KVM/VFIO/IOMMUFD) support for the
whole life cycle of private device assignment. It follows the
previously discussed flow chart [1], aim to better illustrate the
overall flow of private device assignment, find out and narrow down the
gaps of different vendors, and reach some common directions.
This series is based on Dan's Core TSM infrastructure series [2]. To
give a clear overview of what components are needed, it also includes
some existing WIP patchsets in community.
This series has 3 sections:
Patch 1 - 11 deal with the private MMIO mapping in KVM MMU via DMABUF.
Leverage Jason & Vivek's latest VFIO dmabuf series [3], see Patch 2 - 4.
The concern for get_pfn() kAPI [4] is not addressed so are marked as
HACK, will investigate later.
Patch 12 - 22 is about TSM Bind/Unbind/Guest request management in VFIO
& IOMMUFD. Picks some of Shameer's patch in [5], see Patch 12 & 14.
Patch 23 - 30 is a solution to meet the TDX specific sequence
enforcement on various device Unbind cases, including converting device
back to shared, hot unplug, TD destroy. Start with a tdx_tsm driver
prototype and finally implement the Unbind enforcement inside the
driver. To be honest it is still awkward to me, but I need help.
This series don't include the VMEXIT handle for GHCI/GHCB calls for
Bind/Unbind/Guest request, cause it involves vendor specific code. The
general idea is KVM should just pass these calls to QEMU, QEMU parses
out the command and call the newly introduced VFIO/IOMMUFD IOCTLs.
With additional TDX Connect specific patches (not published), passed
engineering test for trusted DMA in TD.
[1]: https://lore.kernel.org/all/aCYsNSFQJZzHVOFI@yilunxu-OptiPlex-7050/
[2]: https://lore.kernel.org/all/20250516054732.2055093-1-dan.j.williams@xxxxxxxxx/
[3]: https://lore.kernel.org/kvm/20250307052248.405803-1-vivek.kasireddy@xxxxxxxxx/
[4]: https://lore.kernel.org/all/20250107142719.179636-1-yilun.xu@xxxxxxxxxxxxxxx/
[5]: https://lore.kernel.org/all/20250319173202.78988-3-shameerali.kolothum.thodi@xxxxxxxxxx/
> Alexey Kardashevskiy (1):
iommufd/vdevice: Add TSM Guest request uAPI
Dan Williams (2):
coco/tdx_tsm: Introduce a "tdx" subsystem and "tsm" device
coco/tdx_tsm: TEE Security Manager driver for TDX
Shameer Kolothum (2):
iommufd/device: Associate a kvm pointer to iommufd_device
iommu/arm-smmu-v3-iommufd: Pass in kvm pointer to viommu_alloc
Vivek Kasireddy (3):
vfio: Export vfio device get and put registration helpers
vfio/pci: Share the core device pointer while invoking feature
functions
vfio/pci: Allow MMIO regions to be exported through dma-buf
Wu Hao (1):
coco/tdx_tsm: Add connect()/disconnect() handlers prototype
Xu Yilun (21):
HACK: dma-buf: Introduce dma_buf_get_pfn_unlocked() kAPI
fixup! vfio/pci: fix dma-buf revoke typo on reset
HACK: vfio/pci: Support get_pfn() callback for dma-buf
KVM: Support vfio_dmabuf backed MMIO region
KVM: x86/mmu: Handle page fault for vfio_dmabuf backed MMIO
KVM: x86/mmu: Handle page fault for private MMIO
vfio/pci: Export vfio dma-buf specific info for importers
KVM: vfio_dmabuf: Fetch VFIO specific dma-buf data for sanity check
fixup! iommufd/selftest: Sync iommufd_device_bind() change to selftest
fixup: iommu/selftest: Sync .viommu_alloc() change to selftest
iommufd/viommu: track the kvm pointer & its refcount in viommu core
iommufd/device: Add TSM Bind/Unbind for TIO support
iommufd/viommu: Add trusted IOMMU configuration handlers for vdev
vfio/pci: Add TSM TDI bind/unbind IOCTLs for TEE-IO support
vfio/pci: Do TSM Unbind before zapping bars
fixup! PCI/TSM: Change the guest request type definition
coco/tdx_tsm: Add bind()/unbind()/guest_req() handlers prototype
PCI/TSM: Add PCI driver callbacks to handle TSM requirements
vfio/pci: Implement TSM handlers for MMIO
iommufd/vdevice: Implement TSM handlers for trusted DMA
coco/tdx_tsm: Manage TDX Module enforced operation sequences for
Unbind
Documentation/virt/kvm/api.rst | 7 +
arch/x86/Kconfig | 1 +
arch/x86/kvm/mmu/mmu.c | 25 +-
drivers/dma-buf/dma-buf.c | 87 +++-
.../arm/arm-smmu-v3/arm-smmu-v3-iommufd.c | 1 +
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 +
drivers/iommu/iommufd/device.c | 89 +++-
drivers/iommu/iommufd/iommufd_private.h | 10 +
drivers/iommu/iommufd/main.c | 3 +
drivers/iommu/iommufd/selftest.c | 3 +-
drivers/iommu/iommufd/viommu.c | 202 ++++++++-
drivers/vfio/iommufd.c | 24 +-
drivers/vfio/pci/Makefile | 1 +
drivers/vfio/pci/vfio_pci.c | 1 +
drivers/vfio/pci/vfio_pci_config.c | 26 +-
drivers/vfio/pci/vfio_pci_core.c | 161 ++++++-
drivers/vfio/pci/vfio_pci_dmabuf.c | 411 ++++++++++++++++++
drivers/vfio/pci/vfio_pci_priv.h | 26 ++
drivers/vfio/vfio_main.c | 2 +
drivers/virt/coco/host/Kconfig | 10 +
drivers/virt/coco/host/Makefile | 3 +
drivers/virt/coco/host/tdx_tsm.c | 328 ++++++++++++++
drivers/virt/coco/host/tdx_tsm_bus.c | 70 +++
include/linux/dma-buf.h | 13 +
include/linux/iommu.h | 4 +-
include/linux/iommufd.h | 12 +-
include/linux/kvm_host.h | 25 +-
include/linux/pci-tsm.h | 19 +-
include/linux/pci.h | 3 +
include/linux/tdx_tsm_bus.h | 17 +
include/linux/vfio.h | 27 ++
include/linux/vfio_pci_core.h | 3 +
include/uapi/linux/iommufd.h | 36 ++
include/uapi/linux/kvm.h | 1 +
include/uapi/linux/vfio.h | 67 +++
virt/kvm/Kconfig | 6 +
virt/kvm/Makefile.kvm | 1 +
virt/kvm/kvm_main.c | 32 +-
virt/kvm/kvm_mm.h | 19 +
virt/kvm/vfio_dmabuf.c | 151 +++++++
40 files changed, 1868 insertions(+), 60 deletions(-)
create mode 100644 drivers/vfio/pci/vfio_pci_dmabuf.c
create mode 100644 drivers/virt/coco/host/tdx_tsm.c
create mode 100644 drivers/virt/coco/host/tdx_tsm_bus.c
create mode 100644 include/linux/tdx_tsm_bus.h
create mode 100644 virt/kvm/vfio_dmabuf.c
base-commit: 88c473f04098a0f5ac6fbaceaad2daa842006b6a
--
Alexey