Re: [PATCH kernel 7/9] coco/sev-guest: Implement the guest support for SEV TIO (phase2)

Next message: Sherry Sun: "RE: [PATCH V5 02/12] PCI: host-generic: Add common helpers for parsing Root Port properties"
Previous message: Ackerley Tng: "Re: [RFC PATCH v1 0/7] Open HugeTLB allocation routine for more generic use"
In reply to: Borislav Petkov: "Re: [PATCH kernel 7/9] coco/sev-guest: Implement the guest support for SEV TIO (phase2)"
Next in thread: Borislav Petkov: "Re: [PATCH kernel 7/9] coco/sev-guest: Implement the guest support for SEV TIO (phase2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexey Kardashevskiy

Date: Wed Feb 25 2026 - 22:40:29 EST

On 25/2/26 17:00, Borislav Petkov wrote:

On February 25, 2026 5:37:50 AM UTC, Alexey Kardashevskiy <aik@xxxxxxx> wrote:

Implement the SEV-TIO (Trusted I/O) support in for AMD SEV-SNP guests.

The implementation includes Device Security Manager (DSM) operations
for:
- binding a PCI function (GHCB extension) to a VM and locking
the device configuration;
- receiving TDI report and configuring MMIO and DMA/sDTE;
- accepting the device into the guest TCB.

Detect the SEV-TIO support (reported via GHCB HV features) and install
the SEV-TIO TSM ops.

Implement lock/accept/unlock TSM ops.

Define 2 new VMGEXIT codes for GHCB:
- TIO Guest Request to provide secure communication between a VM and
the FW (for configuring MMIO and DMA);
- TIO Op for requesting the HV to bind a TDI to the VM and for
starting/stopping a TDI.

Just from staring at that huuuge diff, those bullets and things above are basically begging to be separate patches...

I struggle to separate these more without making individual patches useless for any purpose, even splitting between maintainership area. People often define things in separate patches and then use them and I dislike such approach for reviewing purposes - hard to follow. I can ditch more stuff (like TIO_GUID_CERTIFICATES - just noticed) but it is not much :-/

--
Alexey