On Tue, Jun 03, 2025 at 12:05:42PM +0800, Xu Yilun wrote: > On Mon, Jun 02, 2025 at 01:48:57PM -0300, Jason Gunthorpe wrote: > > On Tue, Jun 03, 2025 at 12:25:21AM +0800, Xu Yilun wrote: > > > > > > Looking at your patch series, I understand the reason you need a vfio > > > > ioctl is to call pci_request_regions_exclusive—is that correct? > > > > > > The immediate reason is to unbind the TDI before unmapping the BAR. > > > > Maybe you should just do this directly, require the TSM layer to issue > > an unbind if it gets any requests to change the secure EPT? > > The TSM layer won't touch S-EPT, KVM manages S-EPT. Why not? This cross layering mess has to live someplace. If the actual issue is the KVM S-EPT interacting with TSM bind/unbind only on Intel platforms then it would be better to address it there and stop trying to dance around the problem in higher levels. > Similarly IOMMUFD/IOMMU driver manages IOMMUPT. When p2p is > involved, still need to unbind the TDI first then unmap the BAR for > IOMMUPT. Huh? I thought if the device is in T=1 mode then it's MMIO should not be in the non-secure IOMMU page table at all for Intel? Only T=1 P2P DMA should reach its MMIO and that goes through the TSM controlled IOMMU which uses the S-EPT ??? Jason
