Xu Yilun <yilun...@linux.intel.com> writes:
> When device is TSM Bound, some of its MMIO regions are controlled by
> secure firmware. E.g. TDX Connect would require these MMIO regions
> mappeed in S-EPT and never unmapped until device Unbound. Zapping bars
> irrespective of TSM Bound state may cause unexpected secure firmware
> errors. It is always safe to do TSM Unbind first, transiting the device
> to shared, then do whatever needed as before.
>
> Signed-off-by: Xu Yilun <yilun...@linux.intel.com>
> ---
> drivers/vfio/pci/vfio_pci_config.c | 4 +++
> drivers/vfio/pci/vfio_pci_core.c | 41 +++++++++++++++++++-----------
> drivers/vfio/pci/vfio_pci_priv.h | 3 +++
> 3 files changed, 33 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/vfio/pci/vfio_pci_config.c
> b/drivers/vfio/pci/vfio_pci_config.c
> index 7ac062bd5044..4ffe661c9e59 100644
> --- a/drivers/vfio/pci/vfio_pci_config.c
> +++ b/drivers/vfio/pci/vfio_pci_config.c
> @@ -590,6 +590,7 @@ static int vfio_basic_config_write(struct
> vfio_pci_core_device *vdev, int pos,
> new_mem = !!(new_cmd & PCI_COMMAND_MEMORY);
>
> if (!new_mem) {
> + vfio_pci_tsm_unbind(vdev);
> vfio_pci_zap_and_down_write_memory_lock(vdev);
> vfio_pci_dma_buf_move(vdev, true);
>
For a secure device mmio range instead of
vfio_pci_zap_and_down_write_memory_lock()
-> unmap_mapping_range() we want the vfio_pci_dma_buf_move right? Also
is that expected to get called twice as below?
vfio_pci_tsm_unbind-> pci_tsm_unbind -> tdx_tsm_unbind ->
tsm_handler->disable_mmio() -> vfio_pci_core_tsm_disable_mmio ->
vfio_pci_dma_buf_move(vdev, true);
-aneesh
