| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <yq5ah60u8kev.fsf@kernel.org> Date: Thu, 05 Jun 2025 17:33:52 +0530 From: Aneesh Kumar K.V <aneesh.kumar@...nel.org> To: Xu Yilun <yilun.xu@...ux.intel.com>, kvm@...r.kernel.org, sumit.semwal@...aro.org, christian.koenig@....com, pbonzini@...hat.com, seanjc@...gle.com, alex.williamson@...hat.com, jgg@...dia.com, dan.j.williams@...el.com, aik@....com, linux-coco@...ts.linux.dev Cc: dri-devel@...ts.freedesktop.org, linux-media@...r.kernel.org, linaro-mm-sig@...ts.linaro.org, vivek.kasireddy@...el.com, yilun.xu@...el.com, yilun.xu@...ux.intel.com, linux-kernel@...r.kernel.org, lukas@...ner.de, yan.y.zhao@...el.com, daniel.vetter@...ll.ch, leon@...nel.org, baolu.lu@...ux.intel.com, zhenzhong.duan@...el.com, tao1.su@...el.com, linux-pci@...r.kernel.org, zhiw@...dia.com, simona.vetter@...ll.ch, shameerali.kolothum.thodi@...wei.com, iommu@...ts.linux.dev, kevin.tian@...el.com Subject: Re: [RFC PATCH 19/30] vfio/pci: Add TSM TDI bind/unbind IOCTLs for TEE-IO support Xu Yilun <yilun.xu@...ux.intel.com> writes: > Add new IOCTLs to do TSM based TDI bind/unbind. These IOCTLs are > expected to be called by userspace when CoCo VM issues TDI bind/unbind > command to VMM. Specifically for TDX Connect, these commands are some > secure Hypervisor call named GHCI (Guest-Hypervisor Communication > Interface). > > The TSM TDI bind/unbind operations are expected to be initiated by a > running CoCo VM, which already have the legacy assigned device in place. > The TSM bind operation is to request VMM make all secure configurations > to support device work as a TDI, and then issue TDISP messages to move > the TDI to CONFIG_LOCKED or RUN state, waiting for guest's attestation. > > Do TSM Unbind before vfio_pci_core_disable(), otherwise will lead > device to TDISP ERROR state. > > Suggested-by: Jason Gunthorpe <jgg@...dia.com> > Signed-off-by: Wu Hao <hao.wu@...el.com> > Signed-off-by: Xu Yilun <yilun.xu@...ux.intel.com> > .... > + > + /* To ensure no host side MMIO access is possible */ > + ret = pci_request_regions_exclusive(pdev, "vfio-pci-tsm"); > + if (ret) > + goto out_unlock; > + > I am hitting failures here with similar changes. Can you share the Qemu changes needed to make this pci_request_regions_exclusive successful. Also after the TDI is unbound, we want the region ownership backto "vfio-pci" so that things continue to work as non-secure device. I don't see we doing that. I could add a pci_bar_deactivate/pci_bar_activate in userspace which will result in vfio_unmap()/vfio_map(). But that doesn't release the region ownership. > + ret = vfio_iommufd_tsm_bind(&vdev->vdev, tsm_bind.vdevice_id); > + if (ret) > + goto out_release_region; > + > + vdev->is_tsm_bound = true; > + mutex_unlock(&vdev->vdev.dev_set->lock); > + > + return 0; > + > +out_release_region: > + pci_release_regions(pdev); > +out_unlock: > + mutex_unlock(&vdev->vdev.dev_set->lock); > + return ret; > +} -aneesh
Powered by blists - more mailing lists