On Wed, Jun 04, 2025 at 01:31:38PM +0800, Xu Yilun wrote: > On Tue, Jun 03, 2025 at 09:14:56AM -0300, Jason Gunthorpe wrote: > > On Tue, Jun 03, 2025 at 06:50:13PM +0800, Xu Yilun wrote: > > > > > I see. But I'm not sure if it can be a better story than ioctl(VFIO_TSM_BIND). > > > You want VFIO unaware of TSM bind, e.g. try to hide pci_request/release_region(), > > > but make VFIO aware of TSM unbind, which seems odd ... > > > > request_region does not need to be done dynamically. It should be done > > once when the VFIO cdev is opened. If you need some new ioctl to put > > VFIO in a CC compatible mode then it should do all this stuff once. It > > doesn't need to be dynamic. > > But the unbind needs to be dynamic. That has nothing to do with request_region. > > I think all you want is to trigger VFIO to invalidate its MMIOs when > > bind/unbind happens. > > Trigger VFIO to passively invalidate MMIOs during unbind is a TDX > specific requirement. I still think TDX is making this too hard, the S-EPT is controled by the TSM right? Why doesn't it do the map/unmap of the MMIO as part of the bind/unbind instead of this weird thing where the vPCI function creation is split up between KVM and iommufd? > Another more general requirement is, VFIO needs to trigger unbind when > VFIO wants to actively invalidate MMIOs. e.g. before VFIO resets device. > That is the dynamic unbind thing. Alexey is right here, this is a userspace problem. VFIO should block FLR on an bound device. Userspace has to unbind as part of its FLR flow. Jason
