Re: [PATCH v2 19/31] iommu/vt-d: Reserve the MSB domain ID bit for the TDX module

Next message: Johannes Berg: "Re: [PATCH] wifi: mac80211: check ieee80211_rx_data_set_link return in pubsta MLO path"
Previous message: syzbot: "Re: [syzbot] [i2c?] [usb?] WARNING: ODEBUG bug in i2c_device_remove (2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xu Yilun

Date: Wed Apr 22 2026 - 02:25:21 EST

> Here we need more words to explain the strategy here.
>
> The comment says "When IOMMU is *enabled*...", but the code here
> just checks the static capability. It's probably a design choice that you
> don't want to add complexity on recycling DIDs when TDX connect
> is actually enabled, but it's worth a note here.

Yes, that's the rationale. I'll add it to comments.

>
> btw in patch23 commit msg:
>
> "
> There is no dedicated way to enumerate which IOMMU devices support
> trusted operations. The host has to call TDH.IOMMU.SETUP on all IOMMU
> devices and tell their trusted capability by the return value.
> "
>
> which implies that ecap_tdxc() alone doesn't really report the capability?

Ah, good catch. Let me explain:

ecap_tdxc does report the capability. This bit is special cause both
trusted part & untrusted part access it.

For IOMMU driver (which now handles the untrusted part), it can directly
query to this bit and decide what to do.

But for tdx-host driver which handles the trusted part, it shouldn't
speculate into the IOMMU for capability enumeration. TDX Module has more
concerns about trusted capability, including the related I/O stack
capabilities e.g. SPDM/IDE cap... So in patch23 I actually mean we
don't have an enumeration SEAMCALL for trusted capability, I will
refactor that message:

There is no dedicated *SEAMCALL* to enumerate which IOMMU devices support
trusted operations...

>
> anyway all of those need a better explanation here...