On 30/5/25 00:09, Jason Gunthorpe wrote:
On Thu, May 29, 2025 at 07:13:54PM +0530, Aneesh Kumar K.V wrote:
Jason Gunthorpe <jgg@xxxxxxxxxx> writes:
On Wed, May 28, 2025 at 01:42:25PM -0300, Jason Gunthorpe wrote:
+int iommufd_vdevice_tsm_bind_ioctl(struct iommufd_ucmd *ucmd)
+{
+ struct iommu_vdevice_id *cmd = ucmd->cmd;
+ struct iommufd_vdevice *vdev;
+ int rc = 0;
+
+ vdev = container_of(iommufd_get_object(ucmd->ictx, cmd->vdevice_id,
+ IOMMUFD_OBJ_VDEVICE),
+ struct iommufd_vdevice, obj);
+ if (IS_ERR(vdev))
+ return PTR_ERR(vdev);
+
+ rc = tsm_bind(vdev->dev, vdev->viommu->kvm, vdev->id);
Yeah, that makes alot of sense now, you are passing in the KVM for the
VIOMMU and both the vBDF and pBDF to the TSM layer, that should be
enough for it to figure out what to do. The only other data would be
the TSM's VIOMMU handle..
Actually it should also check that the viommu type is compatible with
the TSM, somehow.
The way I imagine this working is userspace would create a
IOMMU_VIOMMU_TYPE_TSM_VTD (for example) viommu object which will do a
TSM call to setup the secure vIOMMU
Then when you create a VDEVICE against the IOMMU_VIOMMU_TYPE_TSM_VTD
it will do a TSM call to create the secure vPCI function attached to
the vIOMMU and register the vBDF. [1]
Don’t we create the vdevice before the guest starts?
Yes, vdevice/vPCI creation is before the guest start.
sorry but I still need clarification :)
vPCI == passed through PCI function (ethernet nic, etc), visible in guest's "lspci"
vdevice == slice (say, AMD's DTE/sDTE) of viommu device (say, AMD vIOMMU PCI device) to handle a specific vPCI
is that right?
If I understand correctly, we expect tsm_bind to be triggered by the
guest’s request—specifically, when it writes to
/sys/bus/pci/devices/X/tsm/connect.
Yes, vdevice creation does not set the device to T=1.
If the device is T=1/0 mode is a dynamic choice controlled by the
guest.
vPCI device creation is controlled by the hypervisor and is done
before starting the VM.
I am asking (again) because with PCIe hotplug it is not done before starting the VM. Thanks,
It just informs the TSM that a vPCI function
exists, should the TSM need to know that, which it usually will if
a secure vIOMMU is involved.
Jason
--
Alexey
