From: Dan Williams <dan.j.williams@intel.com>
To: Bjorn Helgaas <helgaas@kernel.org>,
Dan Williams <dan.j.williams@intel.com>
Cc: <linux-coco@lists.linux.dev>, Bjorn Helgaas <bhelgaas@google.com>,
"Lukas Wunner" <lukas@wunner.de>,
Samuel Ortiz <sameo@rivosinc.com>,
"Alexey Kardashevskiy" <aik@amd.com>,
Xu Yilun <yilun.xu@linux.intel.com>, <linux-pci@vger.kernel.org>,
<gregkh@linuxfoundation.org>
Subject: Re: [PATCH 08/11] PCI/IDE: Add IDE establishment helpers
Date: Fri, 21 Feb 2025 14:02:47 -0800 [thread overview]
Message-ID: <67b8f80752fbc_2d2c294a4@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <20241210184720.GA3079867@bhelgaas>
Bjorn Helgaas wrote:
> On Thu, Dec 05, 2024 at 02:24:02PM -0800, Dan Williams wrote:
> > There are two components to establishing an encrypted link, provisioning
> > the stream in config-space, and programming the keys into the link layer
> > via the IDE_KM (key management) protocol. These helpers enable the
> > former, and are in support of TSM coordinated IDE_KM. When / if native
> > IDE establishment arrives it will share this same config-space
> > provisioning flow, but for now IDE_KM, in any form, is saved for a
> > follow-on change.
> >
> > With the TSM implementations of SEV-TIO and TDX Connect in mind this
> > abstracts small differences in those implementations. For example, TDX
> > Connect handles Root Port registers updates while SEV-TIO expects System
> > Software to update the Root Port registers. This is the rationale for
> > the PCI_IDE_SETUP_ROOT_PORT flag.
> >
> > The other design detail for TSM-coordinated IDE establishment is that
> > the TSM manages allocation of stream-ids, this is why the stream_id is
> > passed in to pci_ide_stream_setup().
>
> s/stream-ids/Stream IDs/ to match spec usage (also several other
> places)
Sure. Fixed up this one, the print statements that were using "stream
id", the code comments, and all the other patches in this set using
lowercase "stream id".
> > The flow is:
> >
> > pci_ide_stream_probe()
> > Gather stream settings (devid and address filters)
> > pci_ide_stream_setup()
> > Program the stream settings into the endpoint, and optionally Root Port)
> > pci_ide_enable_stream()
> > Run the stream after IDE_KM
>
> Not sure what "devid" is. Requester ID? I suppose it's from
> PCI_DEVID(), which does turn out to be the PCIe Requester ID. I don't
> think the spec uses a "devid" term, so I'd prefer the term used in the
> spec.
Indeed my thought process, was "well, Linux has long called Requester ID
'DEVID' so just pick 'DEVID' to keep with that momentum". I am fine to
use "Requester ID" in all comments etc.
I'll also switch any usage of "devid" to "rid" for variable names and
just note somewhere that PCI_DEVID() is the "rid" as far as IDE and TSM
code paths are concerned.
> > In support of system administrators auditing where platform IDE stream
> > resources are being spent, the allocated stream is reflected as a
> > symlink from the host-bridge to the endpoint.
>
> s/host-bridge/host bridge/ to match typical usage (also elsewhere)
Fixed here, found an additional one code comments, and the documentation
file
>
> > +++ b/Documentation/ABI/testing/sysfs-devices-pci-host-bridge
> > @@ -0,0 +1,28 @@
> > +What: /sys/devices/pciDDDDD:BB
> > + /sys/devices/.../pciDDDDD:BB
> > +Date: December, 2024
> > +Contact: linux-pci@vger.kernel.org
> > +Description:
> > + A PCI host bridge device parents a PCI bus device topology. PCI
> > + controllers may also parent host bridges. The DDDDD:BB format
> > + convey the PCI domain number and the bus number for root ports
> > + of the host bridge.
>
> "Root ports" doesn't seem quite right here; BB is the root bus number,
> and makes sense even for conventional PCI.
>
> I know IDE etc is PCIe-specific, but I think saying "the PCI domain
> number and root bus number of the host bridge" would be more accurate
> since there can be things other than Root Ports on the root bus, e.g.,
> conventional PCI devices, RCiEPs, RCECs, etc.
Makes sense, adopted your wording.
>
> Typical formatting of domain is %04x.
Oh, whoops, fixed that by doing:
s/DDDDD/DDDD/
...throughout the set.
>
> > +What: pciDDDDD:BB/streamN:DDDDD:BB:DD:F
> > +Date: December, 2024
> > +Contact: linux-pci@vger.kernel.org
> > +Description:
> > + (RO) When a host-bridge has established a secure connection,
> > + typically PCIe IDE, between a host-bridge an endpoint, this
> > + symlink appears. The primary function is to account how many
> > + streams can be returned to the available secure streams pool by
> > + invoking the tsm/disconnect flow. The link points to the
> > + endpoint PCI device at domain:DDDDD bus:BB device:DD function:F.
>
> s/host-bridge an endpoint/host bridge and an endpoint/
Fixed.
> > + * Retrieve stream association parameters for devid (RID) and resources
> > + * (device address ranges)
>
> This and other exported functions probably should have kernel-doc.
> Document only the implemented parts.
>
> > +void pci_ide_stream_probe(struct pci_dev *pdev, struct pci_ide *ide)
>
> > +void pci_ide_stream_teardown(struct pci_dev *pdev, struct pci_ide *ide,
> > + enum pci_ide_flags flags)
> > +{
> > + struct pci_host_bridge *hb = pci_find_host_bridge(pdev->bus);
> > + struct pci_dev *rp = pcie_find_root_port(pdev);
> > +
> > + __pci_ide_stream_teardown(pdev, ide);
> > + if (flags & PCI_IDE_SETUP_ROOT_PORT)
> > + __pci_ide_stream_teardown(rp, ide);
>
> Looks like this relies on the caller to supply the same flags as they
> previously supplied to pci_ide_stream_setup()? Could/should we
> remember the flags to remove the possibility of leaking the RP setup
> or trying to teardown RP setup that wasn't done?
I addressed this by decomposing this function into a "register" step and
a "setup" step according to Alexey's feedback. That removes the
responsibility of the core to remember the flags and puts the onus on
the leaf driver to remember to program the RP if its TSM implementation
requires that (some do not).
In other words the leak risk is contained to pairing "stream register"
with "stream unregister" calls, and that is independent of this now
deleted PCI_IDE_SETUP_ROOT_PORT detail.
> > +++ b/include/linux/pci.h
> > @@ -601,6 +601,10 @@ struct pci_host_bridge {
> > int domain_nr;
> > struct list_head windows; /* resource_entry */
> > struct list_head dma_ranges; /* dma ranges resource list */
> > +#ifdef CONFIG_PCI_IDE /* track IDE stream id allocation */
> > + DECLARE_BITMAP(ide_stream_ids, PCI_IDE_SEL_CTL_ID_MAX + 1);
> > + struct resource ide_stream_res; /* track ide stream address association */
>
> Seems like overkill to repeat this. Probably remove the comment on
> the #ifdef and s/ide/IDE/ here.
Done.
next prev parent reply other threads:[~2025-02-21 22:03 UTC|newest]
Thread overview: 125+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-05 22:23 [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Dan Williams
2024-12-05 22:23 ` [PATCH 01/11] configfs-tsm: Namespace TSM report symbols Dan Williams
2024-12-10 6:08 ` Alexey Kardashevskiy
2024-12-11 13:55 ` Suzuki K Poulose
2024-12-05 22:23 ` [PATCH 02/11] coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/ Dan Williams
2024-12-10 6:09 ` Alexey Kardashevskiy
2024-12-05 22:23 ` [PATCH 03/11] coco/tsm: Introduce a class device for TEE Security Managers Dan Williams
2025-01-28 12:17 ` Jonathan Cameron
2025-02-25 21:08 ` Dan Williams
2024-12-05 22:23 ` [PATCH 04/11] PCI/IDE: Selective Stream IDE enumeration Dan Williams
2024-12-10 3:08 ` Aneesh Kumar K.V
2024-12-12 6:32 ` Xu Yilun
2025-02-22 0:42 ` Dan Williams
2025-02-20 3:17 ` Dan Williams
2024-12-10 6:18 ` Alexey Kardashevskiy
2025-02-20 3:59 ` Dan Williams
2024-12-10 7:05 ` Alexey Kardashevskiy
2024-12-12 6:06 ` Xu Yilun
2024-12-18 10:35 ` Alexey Kardashevskiy
2025-02-22 0:30 ` Dan Williams
2025-02-20 18:07 ` Dan Williams
2025-02-21 0:53 ` Alexey Kardashevskiy
2025-02-27 23:46 ` Dan Williams
2024-12-10 19:24 ` Bjorn Helgaas
2025-02-22 0:13 ` Dan Williams
2025-01-30 10:45 ` Jonathan Cameron
2025-02-26 0:21 ` Dan Williams
2024-12-05 22:23 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Dan Williams
2024-12-10 10:18 ` Alexey Kardashevskiy
2025-02-21 8:13 ` Aneesh Kumar K.V
2025-02-25 7:17 ` Xu Yilun
2025-02-26 12:10 ` Aneesh Kumar K.V
2025-02-26 12:13 ` [RFC PATCH 1/7] tsm: Select PCI_DOE which is required for PCI_TSM Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 2/7] tsm: Move tsm core outside the host directory Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 3/7] tsm: vfio: Add tsm bind/unbind support Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 4/7] tsm: Allow tsm ops function to be called for multi-function devices Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 5/7] tsm: Don't error out for doe mailbox failure Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 6/7] tsm: Allow tsm connect ops to be used for multiple operations Aneesh Kumar K.V (Arm)
2025-02-26 12:13 ` [RFC PATCH 7/7] tsm: Add secure SPDM support Aneesh Kumar K.V (Arm)
2025-02-27 6:50 ` Xu Yilun
2025-02-27 6:35 ` [PATCH 05/11] PCI/TSM: Authenticate devices via platform TSM Xu Yilun
2025-02-27 13:57 ` Aneesh Kumar K.V
2025-02-28 1:26 ` Xu Yilun
2025-02-28 9:48 ` Aneesh Kumar K.V
2025-03-01 7:50 ` Xu Yilun
2025-03-07 3:07 ` Alexey Kardashevskiy
2025-02-27 19:53 ` Dan Williams
2025-02-28 10:06 ` Aneesh Kumar K.V
2025-02-21 20:42 ` Dan Williams
2025-02-25 4:45 ` Alexey Kardashevskiy
2025-02-28 3:09 ` Dan Williams
2024-12-10 18:52 ` Bjorn Helgaas
2025-02-21 22:32 ` Dan Williams
2024-12-12 9:50 ` Xu Yilun
2025-02-22 1:15 ` Dan Williams
2025-02-24 11:02 ` Xu Yilun
2025-02-28 0:15 ` Dan Williams
2025-02-28 9:39 ` Xu Yilun
2025-01-30 11:45 ` Jonathan Cameron
2025-02-26 0:50 ` Dan Williams
2024-12-05 22:23 ` [PATCH 06/11] samples/devsec: PCI device-security bus / endpoint sample Dan Williams
2024-12-06 4:23 ` kernel test robot
2024-12-09 3:40 ` kernel test robot
2025-01-30 13:21 ` Jonathan Cameron
2025-02-26 2:00 ` Dan Williams
2024-12-05 22:23 ` [PATCH 07/11] PCI: Add PCIe Device 3 Extended Capability enumeration Dan Williams
2024-12-09 13:17 ` Ilpo Järvinen
2025-02-20 3:05 ` Dan Williams
2025-02-20 3:09 ` Dan Williams
2024-12-10 19:21 ` Bjorn Helgaas
2024-12-11 13:22 ` Ilpo Järvinen
2025-02-22 0:15 ` Dan Williams
2025-02-24 15:09 ` Ilpo Järvinen
2025-02-28 0:29 ` Dan Williams
2025-02-21 23:34 ` Dan Williams
2025-02-25 2:25 ` Alexey Kardashevskiy
2024-12-05 22:24 ` [PATCH 08/11] PCI/IDE: Add IDE establishment helpers Dan Williams
2024-12-10 3:19 ` Aneesh Kumar K.V
2024-12-10 3:37 ` Aneesh Kumar K.V
2025-02-20 3:39 ` Dan Williams
2025-02-21 15:53 ` Aneesh Kumar K.V
2025-02-25 0:46 ` Dan Williams
2025-01-07 20:19 ` Xu Yilun
2025-01-10 13:25 ` Aneesh Kumar K.V
2025-02-24 22:31 ` Dan Williams
2025-02-25 2:29 ` Alexey Kardashevskiy
2025-02-20 3:28 ` Dan Williams
2024-12-10 7:07 ` Alexey Kardashevskiy
2025-02-20 21:44 ` Dan Williams
2024-12-10 18:47 ` Bjorn Helgaas
2025-02-21 22:02 ` Dan Williams [this message]
2024-12-12 10:50 ` Xu Yilun
2024-12-19 7:25 ` Alexey Kardashevskiy
2024-12-19 10:05 ` Alexey Kardashevskiy
2025-01-07 20:00 ` Xu Yilun
2025-01-09 2:35 ` Alexey Kardashevskiy
2025-01-09 21:28 ` Xu Yilun
2025-01-15 0:20 ` Alexey Kardashevskiy
2025-02-25 0:06 ` Dan Williams
2025-02-25 3:39 ` Alexey Kardashevskiy
2025-02-28 2:26 ` Dan Williams
2025-03-04 0:03 ` Alexey Kardashevskiy
2025-03-04 0:57 ` Dan Williams
2025-03-04 1:31 ` Alexey Kardashevskiy
2025-03-04 17:59 ` Dan Williams
2025-02-20 4:19 ` Alexey Kardashevskiy
2025-02-24 22:24 ` Dan Williams
2025-02-25 2:45 ` Xu Yilun
2025-02-24 20:28 ` Dan Williams
2025-02-26 1:54 ` Alexey Kardashevskiy
2025-02-24 20:24 ` Dan Williams
2025-02-25 5:01 ` Xu Yilun
2024-12-05 22:24 ` [PATCH 09/11] PCI/IDE: Report available IDE streams Dan Williams
2024-12-06 0:12 ` kernel test robot
2024-12-06 0:43 ` kernel test robot
2025-02-11 6:10 ` Alexey Kardashevskiy
2025-02-27 23:35 ` Dan Williams
2024-12-05 22:24 ` [PATCH 10/11] PCI/TSM: Report active " Dan Williams
2024-12-10 18:49 ` Bjorn Helgaas
2025-02-21 22:28 ` Dan Williams
2024-12-05 22:24 ` [PATCH 11/11] samples/devsec: Add sample IDE establishment Dan Williams
2025-01-30 13:39 ` Jonathan Cameron
2025-02-27 23:27 ` Dan Williams
2024-12-06 6:05 ` [PATCH 00/11] PCI/TSM: Core infrastructure for PCI device security (TDISP) Greg KH
2024-12-06 8:44 ` Dan Williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67b8f80752fbc_2d2c294a4@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=aik@amd.com \
--cc=bhelgaas@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=helgaas@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-pci@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=sameo@rivosinc.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox