From: Dan Williams <dan.j.williams@intel.com>
To: <linux-coco@lists.linux.dev>, <linux-pci@vger.kernel.org>
Cc: <gregkh@linuxfoundation.org>, <bhelgaas@google.com>,
<yilun.xu@linux.intel.com>, <aneesh.kumar@kernel.org>,
<aik@amd.com>
Subject: [PATCH 7/7] tools/testing/devsec: Add a script to exercise samples/devsec/
Date: Tue, 26 Aug 2025 20:52:59 -0700 [thread overview]
Message-ID: <20250827035259.1356758-8-dan.j.williams@intel.com> (raw)
In-Reply-To: <20250827035259.1356758-1-dan.j.williams@intel.com>
Run the samples/devsec/ infrastructure through the PCIe TDISP connect,
lock, and accept flows.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
tools/testing/devsec/devsec.sh | 138 +++++++++++++++++++++++++++++++++
1 file changed, 138 insertions(+)
create mode 100755 tools/testing/devsec/devsec.sh
diff --git a/tools/testing/devsec/devsec.sh b/tools/testing/devsec/devsec.sh
new file mode 100755
index 000000000000..cbf4b43ec93a
--- /dev/null
+++ b/tools/testing/devsec/devsec.sh
@@ -0,0 +1,138 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+# Copyright(c) 2025 Intel Corporation. All rights reserved.
+
+# Checkout PCI/TSM sysfs and driver-core mechanics with the
+# devsec_link_tsm and devsec_tsm sample modules from samples/devsec/.
+
+set -ex
+
+trap 'err $LINENO' ERR
+err() {
+ echo $(basename $0): failed at line $1
+ [ -n "$2" ] && "$2"
+ exit 1
+}
+
+ORDER=""
+
+setup_modules() {
+ if [[ $ORDER == "bus" ]]; then
+ modprobe devsec_bus
+ modprobe devsec_link_tsm
+ modprobe devsec_tsm
+ else
+ modprobe devsec_tsm
+ modprobe devsec_link_tsm
+ modprobe devsec_bus
+ fi
+}
+
+teardown_modules() {
+ if [[ $ORDER == "bus" ]]; then
+ modprobe -r devsec_tsm
+ modprobe -r devsec_link_tsm
+ modprobe -r devsec_bus
+ else
+ modprobe -r devsec_bus
+ modprobe -r devsec_link_tsm
+ modprobe -r devsec_tsm
+ fi
+}
+
+pci_dev="/sys/bus/pci/devices/10000:01:00.0"
+tsm_devsec=""
+tsm_link=""
+devsec_pci="/sys/bus/pci/drivers/devsec_pci"
+
+tdisp_test() {
+ # with the device disconnected from the link TSM validate that
+ # the devsec_pci driver fails to claim the device, and that the
+ # device is registered in the deferred probe queue
+ echo "devsec_pci" > $pci_dev/driver_override
+ modprobe devsec_pci
+
+ cat /sys/kernel/debug/devices_deferred | grep -q $(basename $pci_dev) || err "$LINENO"
+
+ # grab the device's resource from /proc/iomem
+ resource=$(cat /proc/iomem | grep -m1 $(basename $pci_dev) | awk -F ' :' '{print $1}' | tr -d ' ')
+ [[ -n $resource ]] || err "$LINENO"
+
+ # lock and accept the device, validate that the resource is now
+ # marked encrypted
+ echo $(basename $tsm_devsec) > $pci_dev/tsm/lock
+ echo $(basename $tsm_devsec) > $pci_dev/tsm/accept
+
+ cat /proc/iomem | grep "$resource" | grep -q -m1 "PCI MMIO Encrypted" || err "$LINENO"
+
+ # validate that the driver now fails with -EINVAL when trying to
+ # bind
+ expect="echo: write error: Invalid argument"
+ echo $(basename $pci_dev) 2>&1 > $devsec_pci/bind | grep -q "$expect" || err "$LINENO"
+
+ # unlock and validate that the encrypted mmio is removed
+ echo $(basename $tsm_devsec) > $pci_dev/tsm/unlock
+ cat /proc/iomem | grep "$resource" | grep -q "PCI MMIO Encrypted" && err "$LINENO"
+
+ modprobe -r devsec_pci
+}
+
+ide_test() {
+ # validate that all of the secure streams are idle by default
+ host_bridge=$(dirname $(dirname $(readlink -f $pci_dev)))
+ nr=$(cat $host_bridge/available_secure_streams)
+ [[ $nr == 4 ]] || err "$LINENO"
+
+ # connect a stream and validate that the stream link shows up at
+ # the host bridge and the TSM
+ echo $(basename $tsm_link) > $pci_dev/tsm/connect
+ nr=$(cat $host_bridge/available_secure_streams)
+ [[ $nr == 3 ]] || err "$LINENO"
+
+ [[ $(cat $pci_dev/tsm/connect) == $(basename $tsm_link) ]] || err "$LINENO"
+ [[ -e $host_bridge/stream0.0.0 ]] || err "$LINENO"
+ [[ -e $tsm_link/stream0.0.0 ]] || err "$LINENO"
+
+ # check that the links disappear at disconnect and the stream
+ # pool is refilled
+ echo $(basename $tsm_link) > $pci_dev/tsm/disconnect
+ nr=$(cat $host_bridge/available_secure_streams)
+ [[ $nr == 4 ]] || err "$LINENO"
+
+ [[ $(cat $pci_dev/tsm/connect) == "" ]] || err "$LINENO"
+ [[ ! -e $host_bridge/stream0.0.0 ]] || err "$LINENO"
+ [[ ! -e $tsm_link/stream0.0.0 ]] || err "$LINENO"
+}
+
+devsec_test() {
+ setup_modules
+
+ # find the tsm devices by personality
+ for tsm in /sys/class/tsm/tsm*; do
+ mode=$(cat $tsm/pci_mode)
+ [[ $mode == "devsec" ]] && tsm_devsec=$tsm
+ [[ $mode == "link" ]] && tsm_link=$tsm
+ done
+ [[ -n $tsm_devsec ]] || err "$LINENO"
+ [[ -n $tsm_link ]] || err "$LINENO"
+
+ # check that devsec bus loads correctly and the TSM is detected
+ [[ -e $pci_dev ]] || err "$LINENO"
+ [[ -e $pci_dev/tsm ]] || err "$LINENO"
+
+ ide_test
+ tdisp_test
+
+ # reconnect and test surprise removal of the TSM or device
+ echo $(basename $tsm_link) > $pci_dev/tsm/connect
+ [[ $(cat $pci_dev/tsm/connect) == $(basename $tsm_link) ]] || err "$LINENO"
+ [[ -e $host_bridge/stream0.0.0 ]] || err "$LINENO"
+ [[ -e $tsm_link/stream0.0.0 ]] || err "$LINENO"
+
+ teardown_modules
+}
+
+ORDER="bus"
+devsec_test
+ORDER="tsm"
+devsec_test
--
2.50.1
prev parent reply other threads:[~2025-08-27 3:53 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-27 3:52 [PATCH 0/7] PCI/TSM: TEE I/O infrastructure Dan Williams
2025-08-27 3:52 ` [PATCH 1/7] PCI/TSM: Add pci_tsm_{bind,unbind}() methods for instantiating TDIs Dan Williams
2025-09-02 0:12 ` Alexey Kardashevskiy
2025-09-02 15:04 ` Aneesh Kumar K.V
2025-09-02 15:05 ` Aneesh Kumar K.V
2025-09-03 15:17 ` Aneesh Kumar K.V
2025-09-04 10:38 ` Alexey Kardashevskiy
2025-09-04 12:56 ` Aneesh Kumar K.V
2025-09-05 2:32 ` Alexey Kardashevskiy
2025-08-27 3:52 ` [PATCH 2/7] PCI/TSM: Add pci_tsm_guest_req() for managing TDIs Dan Williams
2025-08-28 9:53 ` Alexey Kardashevskiy
2025-08-28 22:07 ` dan.j.williams
2025-08-29 2:21 ` Alexey Kardashevskiy
2025-08-30 2:37 ` dan.j.williams
2025-09-01 23:49 ` Alexey Kardashevskiy
2025-08-28 13:02 ` Aneesh Kumar K.V
2025-08-28 22:14 ` dan.j.williams
2025-08-27 3:52 ` [PATCH 3/7] device core: Introduce confidential device acceptance Dan Williams
2025-08-27 6:14 ` Greg KH
2025-08-28 20:07 ` dan.j.williams
2025-08-27 3:52 ` [PATCH 4/7] x86/ioremap, resource: Introduce IORES_DESC_ENCRYPTED for encrypted PCI MMIO Dan Williams
2025-08-27 3:52 ` [PATCH 5/7] PCI/TSM: Add Device Security (TVM Guest) operations support Dan Williams
2025-09-03 15:22 ` Aneesh Kumar K.V
2025-09-04 15:02 ` Aneesh Kumar K.V
2025-08-27 3:52 ` [PATCH 6/7] samples/devsec: Introduce a "Device Security TSM" sample driver Dan Williams
2025-08-27 12:39 ` Jason Gunthorpe
2025-08-27 23:47 ` Alexey Kardashevskiy
2025-08-28 21:38 ` dan.j.williams
2025-08-29 16:02 ` Jason Gunthorpe
2025-08-29 20:00 ` dan.j.williams
2025-08-29 23:34 ` Jason Gunthorpe
2025-08-27 3:52 ` Dan Williams [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250827035259.1356758-8-dan.j.williams@intel.com \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).