From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB
Date: Sun, 05 Jul 2026 22:28:24 +0000 [thread overview]
Message-ID: <20260705222824.C4BA41F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-14-djbw@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [High] Missing pci_tsm_disable_dma() in pci_dma_configure() error path and pci_dma_cleanup() to revoke TCB DMA access.
- [Low] Invalid syntax in __must_hold attribute for pci_tsm_enable_dma and pci_tsm_disable_dma.
--
commit 02fe1d53a8bdd83c53510c3c6636b82d7cd34b02
Author: Dan Williams <djbw@kernel.org>
PCI, device core: Add private memory access for DEVICE_TRUST_TCB
This commit introduces the DEVICE_TRUST_TCB trust level to allow devices
within the Trusted Compute Boundary to access private memory. It updates
the PCI DMA configuration to validate DMA access with a TSM driver when a
device is TCB-trusted.
> diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
> index f36778e62ac1a..e6a4bc3ca9b06 100644
> --- a/drivers/pci/pci-driver.c
> +++ b/drivers/pci/pci-driver.c
[ ... ]
> @@ -1688,16 +1690,21 @@ static int pci_dma_configure(struct device *dev)
> * the standard ACS capability but still support ACS via those
> * quirks.
> */
> - pci_enable_acs(to_pci_dev(dev));
> -
> - pci_put_host_bridge_device(bridge);
> + pci_enable_acs(pdev);
>
> /* @drv may not be valid when we're called from the IOMMU layer */
> - if (!ret && drv && !to_pci_driver(drv)->driver_managed_dma) {
> + if (ret || !drv)
> + return ret;
> +
> + if (device_tcb_trusted(dev))
> + ret = pci_tsm_enable_dma(pdev);
> +
> + if (!ret && !to_pci_driver(drv)->driver_managed_dma)
> ret = iommu_device_use_default_domain(dev);
> - if (ret)
> - arch_teardown_dma_ops(dev);
> - }
> +
> + /* undo {of,acpi}_dma_configure() */
> + if (ret)
> + arch_teardown_dma_ops(dev);
[Severity: High]
If iommu_device_use_default_domain() fails, does this error path need to
call pci_tsm_disable_dma() to revoke the TCB DMA access granted above?
Also, when the device driver unbinds, should pci_dma_cleanup() be updated
to call pci_tsm_disable_dma() as well?
Without these cleanup calls, it appears the TSM could incorrectly maintain
DMA authorization for a device even after a probe failure or driver unbind.
[Severity: Low]
On a related note regarding the TSM core API modified in this series, are
the __must_hold() attributes in drivers/pci/tsm/core.c syntactically
correct?
drivers/pci/tsm/core.c:pci_tsm_enable_dma() {
...
int pci_tsm_enable_dma(struct pci_dev *pdev)
__must_hold(&pdev->dev->mutex)
Since dev is a nested struct within struct pci_dev, not a pointer,
shouldn't this be &pdev->dev.mutex to avoid compiler errors? The same
appears to apply to pci_tsm_disable_dma().
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=13
next prev parent reply other threads:[~2026-07-05 22:28 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17 ` sashiko-bot
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28 ` sashiko-bot [this message]
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260705222824.C4BA41F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=djbw@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox