From: Dan Williams <dan.j.williams@intel.com>
To: Jason Gunthorpe <jgg@ziepe.ca>,
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@kernel.org>
Cc: <iommu@lists.linux.dev>, <linux-kernel@vger.kernel.org>,
<kvm@vger.kernel.org>, Kevin Tian <kevin.tian@intel.com>,
Joerg Roedel <joro@8bytes.org>, Will Deacon <will@kernel.org>,
Bjorn Helgaas <helgaas@kernel.org>,
Jonathan Cameron <Jonathan.Cameron@huawei.com>,
"Dan Williams" <dan.j.williams@intel.com>,
Alexey Kardashevskiy <aik@amd.com>,
Samuel Ortiz <sameo@rivosinc.com>,
Xu Yilun <yilun.xu@linux.intel.com>,
Suzuki K Poulose <Suzuki.Poulose@arm.com>,
Steven Price <steven.price@arm.com>
Subject: Re: [PATCH v2 3/3] iommufd/vdevice: add TSM guest request ioctl
Date: Fri, 13 Mar 2026 15:17:46 -0700 [thread overview]
Message-ID: <69b48d0a374a_b2b6100eb@dwillia2-mobl4.notmuch> (raw)
In-Reply-To: <20260313184957.GP1704121@ziepe.ca>
Jason Gunthorpe wrote:
> On Mon, Mar 09, 2026 at 04:47:04PM +0530, Aneesh Kumar K.V (Arm) wrote:
> > +/**
> > + * struct iommu_vdevice_tsm_guest_request - ioctl(IOMMU_VDEVICE_TSM_GUEST_REQUEST)
> > + * @size: sizeof(struct iommu_vdevice_tsm_guest_request)
> > + * @vdevice_id: vDevice ID the guest request is for
> > + * @scope: scope of tsm guest request
> > + * @req_len: the blob size for @req_uptr, filled by guest
> > + * @resp_len: the blob size for @resp_uptr, filled by guest
> > + * @req_uptr: request data buffer filled by guest
> > + * @resp_uptr: response data buffer
> > + */
>
> This needs a much better kdoc.
>
> Refer to specs that define this.
>
> Explain WTF scope is
I proposed @scope, yes this needs more documentation, but really it
needs more discussion first. It was inspired by 'enum fwctl_rpc_scope'
Guests that are moving the device through the TDISP setup state machine
need to ask for host services because only the host passes messages over
SPDM in all of these architectures. That is, one SPDM session per
physical device, not per assigned virtual function. In the AMD case
there is less guest direct access to the TSM so it needs to pass
additional messages that the CPU mode based TSMs do not.
Those requests are varying degrees of: host kernel cares, host kernel
does not care but can see the contents of the message, and host kernel
does not care and can not see the contents of the message beyond
envelope.
As far as the host kernel security model is concerned this becomes a
opaque implementation specific passthrough. So the role of @scope is to
have the TSM drivers declare the security model for various messages.
Put the explicit onus on the implmentations to declare that the
guest_request operation being executed in response to a KVM exit is
contained within a given security scope. See 'enum pci_tsm_req_scope'.
next prev parent reply other threads:[~2026-03-13 22:17 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-09 11:17 [PATCH v2 0/3] Add iommufd ioctls to support TSM operations Aneesh Kumar K.V (Arm)
2026-03-09 11:17 ` [PATCH v2 1/3] iommufd/viommu: Allow associating a KVM VM fd with a vIOMMU Aneesh Kumar K.V (Arm)
2026-03-11 21:18 ` Jonathan Cameron
2026-03-13 18:27 ` Jason Gunthorpe
2026-03-13 6:15 ` Nicolin Chen
2026-03-13 18:34 ` Jason Gunthorpe
2026-03-16 5:49 ` Aneesh Kumar K.V
2026-03-13 18:31 ` Jason Gunthorpe
2026-03-09 11:17 ` [PATCH v2 2/3] iommufd/tsm: add vdevice TSM bind/unbind ioctl Aneesh Kumar K.V (Arm)
2026-03-11 21:35 ` Jonathan Cameron
2026-03-13 18:42 ` Jason Gunthorpe
2026-03-13 18:48 ` Jason Gunthorpe
2026-03-16 7:12 ` Tian, Kevin
2026-03-16 8:45 ` Aneesh Kumar K.V
2026-03-09 11:17 ` [PATCH v2 3/3] iommufd/vdevice: add TSM guest request ioctl Aneesh Kumar K.V (Arm)
2026-03-11 21:43 ` Jonathan Cameron
2026-03-13 18:46 ` Jason Gunthorpe
2026-03-13 18:49 ` Jason Gunthorpe
2026-03-13 22:17 ` Dan Williams [this message]
2026-03-16 7:25 ` Tian, Kevin
2026-03-16 5:47 ` Aneesh Kumar K.V
2026-03-16 7:28 ` Tian, Kevin
2026-03-16 7:31 ` Tian, Kevin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69b48d0a374a_b2b6100eb@dwillia2-mobl4.notmuch \
--to=dan.j.williams@intel.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=Suzuki.Poulose@arm.com \
--cc=aik@amd.com \
--cc=aneesh.kumar@kernel.org \
--cc=helgaas@kernel.org \
--cc=iommu@lists.linux.dev \
--cc=jgg@ziepe.ca \
--cc=joro@8bytes.org \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sameo@rivosinc.com \
--cc=steven.price@arm.com \
--cc=will@kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox