Re: [PATCH v2 3/3] iommufd/vdevice: add TSM guest request ioctl

[Jonathan Cameron <jonathan.cameron@huawei.com>]

On Mon,  9 Mar 2026 16:47:04 +0530
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org> wrote:

> Add IOMMU_VDEVICE_TSM_GUEST_REQUEST for issuing TSM guest request/response
> transactions against an iommufd vdevice.
> 
> The ioctl takes a vdevice_id plus request/response user buffers and length
> fields, and forwards the request through tsm_guest_req() to the PCI TSM
> backend. This provides the host-side passthrough path used by CoCo guests
> for TSM device attestation and acceptance flows after the device has been
> bound to TSM.
> 
> Also add the supporting tsm_guest_req() helper and associated TSM core
> interface definitions.
> 
> Based on changes from: Alexey Kardashevskiy <aik@amd.com>

> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@kernel.org>
Minor stuff inline.

thanks,

Jonathan

> diff --git a/drivers/iommu/iommufd/tsm.c b/drivers/iommu/iommufd/tsm.c
> index 401469110752..6b96d0aef25f 100644
> --- a/drivers/iommu/iommufd/tsm.c
> +++ b/drivers/iommu/iommufd/tsm.c
> @@ -65,3 +65,51 @@ int iommufd_vdevice_tsm_op_ioctl(struct iommufd_ucmd *ucmd)
>  	iommufd_put_object(ucmd->ictx, &vdev->obj);
>  	return rc;
>  }
> +
> +/**
> + * iommufd_vdevice_tsm_guest_request_ioctl - Forward guest TSM requests
> + * @ucmd: user command data for IOMMU_VDEVICE_TSM_GUEST_REQUEST
> + *
> + * Resolve @iommu_vdevice_tsm_guest_request::vdevice_id to a vdevice and pass
> + * the request/response buffers to the TSM core.
> + *
> + * Return:
> + *  -errno on error.
> + *  positive residue if response/request bytes were left unconsumed.
> + *    if response buffer is provided, residue indicates the number of bytes
> + *    not used in response buffer
> + *    if there is no response buffer, residue indicates the number of bytes
> + *    not consumed in req buffer
> + *  0 otherwise.
> + */
> +int iommufd_vdevice_tsm_guest_request_ioctl(struct iommufd_ucmd *ucmd)
> +{
> +	int rc;
> +	struct iommufd_vdevice *vdev;
> +	struct iommu_vdevice_tsm_guest_request *cmd = ucmd->cmd;
> +	struct tsm_guest_req_info info = {
> +		.scope = cmd->scope,
> +		.req   = {
> +			.user = u64_to_user_ptr(cmd->req_uptr),
> +			.is_kernel = false,
> +		},
> +		.req_len = cmd->req_len,
> +		.resp    =  {
> +			.user = u64_to_user_ptr(cmd->resp_uptr),
> +			.is_kernel = false,
> +		},
> +		.resp_len = cmd->resp_len,
> +	};
> +
> +	vdev = container_of(iommufd_get_object(ucmd->ictx, cmd->vdevice_id,
> +					       IOMMUFD_OBJ_VDEVICE),

As in previous, can the object be PTR_ERR()?  Maybe not, but I'd
be surprised if the static analysis tools are convinced.
This might work for now if obj is first element but that's not
elegant or matainable.

> +			    struct iommufd_vdevice, obj);
> +	if (IS_ERR(vdev))
> +		return PTR_ERR(vdev);
> +
> +	rc = tsm_guest_req(vdev->idev->dev, &info);

This is otherwise effectively the pattern I'm suggesting for previous patch.

> +
> +	/* No inline response, hence we don't need to copy the response */
> +	iommufd_put_object(ucmd->ictx, &vdev->obj);
> +	return rc;
> +}
> diff --git a/drivers/virt/coco/tsm-core.c b/drivers/virt/coco/tsm-core.c
> index f0e35fc38776..317fcb53e4bf 100644
> --- a/drivers/virt/coco/tsm-core.c
> +++ b/drivers/virt/coco/tsm-core.c
> @@ -259,6 +259,20 @@ int tsm_unbind(struct device *dev)
>  }
>  EXPORT_SYMBOL_GPL(tsm_unbind);
>  
> +ssize_t tsm_guest_req(struct device *dev, struct tsm_guest_req_info *info)
> +{
> +	ssize_t ret;
> +
> +	if (!dev_is_pci(dev))
> +		return -EINVAL;
> +
> +	ret = pci_tsm_guest_req(to_pci_dev(dev), info->scope,
> +				info->req, info->req_len,
> +				info->resp, info->resp_len, NULL);
> +	return ret;

return pci_tsm....

Given there are no more patches in this series that much change that.


> +}
> +EXPORT_SYMBOL_GPL(tsm_guest_req);