| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq5ar002jlao.fsf@kernel.org>
Date: Mon, 02 Jun 2025 19:30:15 +0530
From: Aneesh Kumar K.V <aneesh.kumar@...nel.org>
To: Xu Yilun <yilun.xu@...ux.intel.com>, kvm@...r.kernel.org,
sumit.semwal@...aro.org, christian.koenig@....com,
pbonzini@...hat.com, seanjc@...gle.com, alex.williamson@...hat.com,
jgg@...dia.com, dan.j.williams@...el.com, aik@....com,
linux-coco@...ts.linux.dev
Cc: dri-devel@...ts.freedesktop.org, linux-media@...r.kernel.org,
linaro-mm-sig@...ts.linaro.org, vivek.kasireddy@...el.com,
yilun.xu@...el.com, yilun.xu@...ux.intel.com,
linux-kernel@...r.kernel.org, lukas@...ner.de, yan.y.zhao@...el.com,
daniel.vetter@...ll.ch, leon@...nel.org, baolu.lu@...ux.intel.com,
zhenzhong.duan@...el.com, tao1.su@...el.com,
linux-pci@...r.kernel.org, zhiw@...dia.com, simona.vetter@...ll.ch,
shameerali.kolothum.thodi@...wei.com, iommu@...ts.linux.dev,
kevin.tian@...el.com
Subject: Re: [RFC PATCH 20/30] vfio/pci: Do TSM Unbind before zapping bars
Xu Yilun <yilun.xu@...ux.intel.com> writes:
> When device is TSM Bound, some of its MMIO regions are controlled by
> secure firmware. E.g. TDX Connect would require these MMIO regions
> mappeed in S-EPT and never unmapped until device Unbound. Zapping bars
> irrespective of TSM Bound state may cause unexpected secure firmware
> errors. It is always safe to do TSM Unbind first, transiting the device
> to shared, then do whatever needed as before.
>
> Signed-off-by: Xu Yilun <yilun.xu@...ux.intel.com>
> ---
> drivers/vfio/pci/vfio_pci_config.c | 4 +++
> drivers/vfio/pci/vfio_pci_core.c | 41 +++++++++++++++++++-----------
> drivers/vfio/pci/vfio_pci_priv.h | 3 +++
> 3 files changed, 33 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c
> index 7ac062bd5044..4ffe661c9e59 100644
> --- a/drivers/vfio/pci/vfio_pci_config.c
> +++ b/drivers/vfio/pci/vfio_pci_config.c
> @@ -590,6 +590,7 @@ static int vfio_basic_config_write(struct vfio_pci_core_device *vdev, int pos,
> new_mem = !!(new_cmd & PCI_COMMAND_MEMORY);
>
> if (!new_mem) {
> + vfio_pci_tsm_unbind(vdev);
> vfio_pci_zap_and_down_write_memory_lock(vdev);
> vfio_pci_dma_buf_move(vdev, true);
>
For a secure device mmio range instead of vfio_pci_zap_and_down_write_memory_lock()
-> unmap_mapping_range() we want the vfio_pci_dma_buf_move right? Also
is that expected to get called twice as below?
vfio_pci_tsm_unbind-> pci_tsm_unbind -> tdx_tsm_unbind ->
tsm_handler->disable_mmio() -> vfio_pci_core_tsm_disable_mmio -> vfio_pci_dma_buf_move(vdev, true);
-aneesh
Powered by blists - more mailing lists