Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217118/?format=api
{ "id": 2217118, "url": "http://patchwork.ozlabs.org/api/patches/2217118/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-17-yilun.xu@linux.intel.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327160132.2946114-17-yilun.xu@linux.intel.com>", "list_archive_url": null, "date": "2026-03-27T16:01:17", "name": "[v2,16/31] coco/tdx-host: Support Link TSM for TDX host", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "589dff32fe73cd1a59f72b5a8371deba5c99c165", "submitter": { "id": 87470, "url": "http://patchwork.ozlabs.org/api/people/87470/?format=api", "name": "Xu Yilun", "email": "yilun.xu@linux.intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-17-yilun.xu@linux.intel.com/mbox/", "series": [ { "id": 497793, "url": "http://patchwork.ozlabs.org/api/series/497793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=497793", "date": "2026-03-27T16:01:02", "name": "PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/497793/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217118/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217118/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-51302-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=WsXxciyg;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-51302-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"WsXxciyg\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.14", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj6Hp5VQrz1y1x\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 03:56:54 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 9944130A5B60\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 27 Mar 2026 16:27:15 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 1C9853EDAC8;\n\tFri, 27 Mar 2026 16:23:34 +0000 (UTC)", "from mgamail.intel.com (mgamail.intel.com [198.175.65.14])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F2803E3C47;\n\tFri, 27 Mar 2026 16:23:32 +0000 (UTC)", "from fmviesa006.fm.intel.com ([10.60.135.146])\n by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 27 Mar 2026 09:23:32 -0700", "from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165])\n by fmviesa006.fm.intel.com with ESMTP; 27 Mar 2026 09:23:29 -0700" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774628614; cv=none;\n b=UIgD1/i4C7UbK3I9BCZB/+t263MTwi6ILeCNuzxD0gxyP6edpQvfrxVGVCKxZOy7BOoB7LFV8+m5kfVijX8Tj+XQf8b5BZ7VDXj4xFCTRoJrLaukscJR6KyF6l8AnSPVGmHsx50t4J+KsDlHXuRdsvFl87LKr3pkuKwlMtZ2CXg=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774628614; c=relaxed/simple;\n\tbh=dzQVPWIaSxETgDXevSN0G82bnXnd5YoCZ3n3bdcc8Zw=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=EZ2sUBBRUPtaL/ntkjGqlLpR4DMQ825UdX/OA8FKuGeEujZWwCEBOx43wmDDjIG5ZhOM2ODzzuWgR3JC2e+QjNnnQQcmP6KaITwLGwYfAUL7hSBoCSLiSfgkcRA+eMgvNOdHlEbPCJWyJ6CyZJJXG6tea93hb9nDdGAq/bdbExs=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=WsXxciyg; arc=none smtp.client-ip=198.175.65.14", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1774628612; x=1806164612;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=dzQVPWIaSxETgDXevSN0G82bnXnd5YoCZ3n3bdcc8Zw=;\n b=WsXxciygjX9xR/+mY+NXBXcRPhCU0tsVvRvLG0IOcT3GkN9mCf+9ETds\n QTbbpjDHVKSg78Cghpd/smS8qN87g10vOwfJDFxQ2HMN7R1Voa2XE606R\n eo7w+hoQ/3AouX2M5HlUc87sw98drd2JlXoKvergXxxrq888cpxux32BS\n UJoTyq+Lmuoy5vOyPAUPgFGSN9+EKrxcBJHLdwkKeKY17oz6cjBS2UZfB\n pOYd2mt7qD+uaTZaRXCReLpAdDfcdrDPQ3hbyhXI/1OVP7xLiMxFC7jep\n wnLACv3a3OKPzQOK7pcrhBe/cggbbatuFCVPK3m9230BPm4KzL7WcQCMW\n w==;", "X-CSE-ConnectionGUID": [ "BRXUEIN9SW26+Ec5n5CIKQ==", "hr8btrkQS3K/8jDTuCM4eQ==" ], "X-CSE-MsgGUID": [ "kszwnvuMQA+Hz5IMcItovw==", "VKoD1c00RHeRl0xVyucjlA==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11741\"; a=\"79565600\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"79565600\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"220516261\"" ], "X-ExtLoop1": "1", "From": "Xu Yilun <yilun.xu@linux.intel.com>", "To": "linux-coco@lists.linux.dev,\n\tlinux-pci@vger.kernel.org,\n\tdan.j.williams@intel.com,\n\tx86@kernel.org", "Cc": "chao.gao@intel.com,\n\tdave.jiang@intel.com,\n\tbaolu.lu@linux.intel.com,\n\tyilun.xu@linux.intel.com,\n\tyilun.xu@intel.com,\n\tzhenzhong.duan@intel.com,\n\tkvm@vger.kernel.org,\n\trick.p.edgecombe@intel.com,\n\tdave.hansen@linux.intel.com,\n\tkas@kernel.org,\n\txiaoyao.li@intel.com,\n\tvishal.l.verma@intel.com,\n\tlinux-kernel@vger.kernel.org", "Subject": "[PATCH v2 16/31] coco/tdx-host: Support Link TSM for TDX host", "Date": "Sat, 28 Mar 2026 00:01:17 +0800", "Message-Id": "<20260327160132.2946114-17-yilun.xu@linux.intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "References": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "Register a Link TSM instance to support host side TSM operations for\nTDISP, when the TDX Connect support bit is set by TDX Module in\ntdx_feature0.\n\nThis is the main purpose of an independent tdx-host module out of TDX\ncore. Recall that a TEE Security Manager (TSM) is a platform agent that\nspeaks the TEE Device Interface Security Protocol (TDISP) to PCIe\ndevices and manages private memory resources for the platform. An\nindependent tdx-host module allows for device-security enumeration and\ninitialization flows to be deferred from other TDX Module initialization\nrequirements. Crucially, when / if TDX Module init moves earlier in x86\ninitialization flow this driver is still guaranteed to run after IOMMU\nand PCI init (i.e. subsys_initcall() vs device_initcall()).\n\nThe ability to unload the module, or unbind the driver is also useful\nfor debug and coarse grained transitioning between PCI TSM operation and\nPCI CMA operation (native kernel PCI device authentication).\n\nFor now only verify TDX Connect support in TDX Module and enable TDX\nModule Extentions. The TSM support are basic boilerplate with operation\nflows to be added later.\n\nCo-developed-by: Dan Williams <dan.j.williams@intel.com>\nSigned-off-by: Dan Williams <dan.j.williams@intel.com>\nReviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>\nSigned-off-by: Xu Yilun <yilun.xu@linux.intel.com>\n---\n drivers/virt/coco/tdx-host/Kconfig | 5 +\n drivers/virt/coco/tdx-host/tdx-host.c | 138 +++++++++++++++++++++++++-\n 2 files changed, 141 insertions(+), 2 deletions(-)", "diff": "diff --git a/drivers/virt/coco/tdx-host/Kconfig b/drivers/virt/coco/tdx-host/Kconfig\nindex d35d85ef91c0..32add81b7d56 100644\n--- a/drivers/virt/coco/tdx-host/Kconfig\n+++ b/drivers/virt/coco/tdx-host/Kconfig\n@@ -8,3 +8,8 @@ config TDX_HOST_SERVICES\n \n \t Say y or m if enabling support for confidential virtual machine\n \t support (CONFIG_INTEL_TDX_HOST). The module is called tdx_host.ko.\n+\n+config TDX_CONNECT\n+\tdef_bool y\n+\tdepends on TDX_HOST_SERVICES\n+\tdepends on PCI_TSM\ndiff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c\nindex c77885392b09..5ea35a514865 100644\n--- a/drivers/virt/coco/tdx-host/tdx-host.c\n+++ b/drivers/virt/coco/tdx-host/tdx-host.c\n@@ -8,9 +8,13 @@\n #include <linux/device/faux.h>\n #include <linux/module.h>\n #include <linux/mod_devicetable.h>\n+#include <linux/pci.h>\n+#include <linux/pci-tsm.h>\n+#include <linux/tsm.h>\n \n #include <asm/cpu_device_id.h>\n #include <asm/tdx.h>\n+#include <asm/tdx_global_metadata.h>\n \n static const struct x86_cpu_id tdx_host_ids[] = {\n \tX86_MATCH_FEATURE(X86_FEATURE_TDX_HOST_PLATFORM, NULL),\n@@ -18,14 +22,144 @@ static const struct x86_cpu_id tdx_host_ids[] = {\n };\n MODULE_DEVICE_TABLE(x86cpu, tdx_host_ids);\n \n+/*\n+ * The global pointer is for features which won't be affected by tdx_sysinfo\n+ * change after TDX Module update, e.g. TDX Connect, so could cache it. A\n+ * counterexample is the TDX Module version.\n+ */\n+static const struct tdx_sys_info *tdx_sysinfo;\n+\n+struct tdx_tsm_link {\n+\tstruct pci_tsm_pf0 pci;\n+};\n+\n+static struct tdx_tsm_link *to_tdx_tsm_link(struct pci_tsm *tsm)\n+{\n+\treturn container_of(tsm, struct tdx_tsm_link, pci.base_tsm);\n+}\n+\n+static int tdx_tsm_link_connect(struct pci_dev *pdev)\n+{\n+\treturn -ENXIO;\n+}\n+\n+static void tdx_tsm_link_disconnect(struct pci_dev *pdev)\n+{\n+}\n+\n+static struct pci_tsm *tdx_tsm_link_pf0_probe(struct tsm_dev *tsm_dev,\n+\t\t\t\t\t struct pci_dev *pdev)\n+{\n+\tint rc;\n+\n+\tstruct tdx_tsm_link *tlink __free(kfree) = kzalloc_obj(*tlink);\n+\tif (!tlink)\n+\t\treturn NULL;\n+\n+\trc = pci_tsm_pf0_constructor(pdev, &tlink->pci, tsm_dev);\n+\tif (rc)\n+\t\treturn NULL;\n+\n+\treturn &no_free_ptr(tlink)->pci.base_tsm;\n+}\n+\n+static void tdx_tsm_link_pf0_remove(struct pci_tsm *tsm)\n+{\n+\tstruct tdx_tsm_link *tlink = to_tdx_tsm_link(tsm);\n+\n+\tpci_tsm_pf0_destructor(&tlink->pci);\n+\tkfree(tlink);\n+}\n+\n+static struct pci_tsm *tdx_tsm_link_fn_probe(struct tsm_dev *tsm_dev,\n+\t\t\t\t\t struct pci_dev *pdev)\n+{\n+\tint rc;\n+\n+\tstruct pci_tsm *pci_tsm __free(kfree) = kzalloc_obj(*pci_tsm);\n+\tif (!pci_tsm)\n+\t\treturn NULL;\n+\n+\trc = pci_tsm_link_constructor(pdev, pci_tsm, tsm_dev);\n+\tif (rc)\n+\t\treturn NULL;\n+\n+\treturn no_free_ptr(pci_tsm);\n+}\n+\n+static struct pci_tsm *tdx_tsm_link_probe(struct tsm_dev *tsm_dev,\n+\t\t\t\t\t struct pci_dev *pdev)\n+{\n+\tif (is_pci_tsm_pf0(pdev))\n+\t\treturn tdx_tsm_link_pf0_probe(tsm_dev, pdev);\n+\n+\treturn tdx_tsm_link_fn_probe(tsm_dev, pdev);\n+}\n+\n+static void tdx_tsm_link_remove(struct pci_tsm *tsm)\n+{\n+\tif (is_pci_tsm_pf0(tsm->pdev)) {\n+\t\ttdx_tsm_link_pf0_remove(tsm);\n+\t\treturn;\n+\t}\n+\n+\t/* for sub-functions */\n+\tkfree(tsm);\n+}\n+\n+static struct pci_tsm_ops tdx_tsm_link_ops = {\n+\t.probe = tdx_tsm_link_probe,\n+\t.remove = tdx_tsm_link_remove,\n+\t.connect = tdx_tsm_link_connect,\n+\t.disconnect = tdx_tsm_link_disconnect,\n+};\n+\n+static void unregister_link_tsm(void *link)\n+{\n+\ttsm_unregister(link);\n+}\n+\n+static int __maybe_unused tdx_connect_init(struct device *dev)\n+{\n+\tstruct tsm_dev *link;\n+\tint ret;\n+\n+\tif (!IS_ENABLED(CONFIG_TDX_CONNECT))\n+\t\treturn 0;\n+\n+\tif (!(tdx_sysinfo->features.tdx_features0 & TDX_FEATURES0_TDXCONNECT))\n+\t\treturn 0;\n+\n+\tlink = tsm_register(dev, &tdx_tsm_link_ops);\n+\tif (IS_ERR(link))\n+\t\treturn dev_err_probe(dev, PTR_ERR(link),\n+\t\t\t\t \"failed to register TSM\\n\");\n+\n+\treturn devm_add_action_or_reset(dev, unregister_link_tsm, link);\n+}\n+\n+static int tdx_host_probe(struct faux_device *fdev)\n+{\n+\t/* TODO: do tdx_connect_init() when it is fully implemented. */\n+\treturn 0;\n+}\n+\n+static struct faux_device_ops tdx_host_ops = {\n+\t.probe = tdx_host_probe,\n+};\n+\n static struct faux_device *fdev;\n \n static int __init tdx_host_init(void)\n {\n-\tif (!x86_match_cpu(tdx_host_ids) || !tdx_get_sysinfo())\n+\tif (!x86_match_cpu(tdx_host_ids))\n+\t\treturn -ENODEV;\n+\n+\ttdx_sysinfo = tdx_get_sysinfo();\n+\tif (!tdx_sysinfo)\n \t\treturn -ENODEV;\n \n-\tfdev = faux_device_create(KBUILD_MODNAME, NULL, NULL);\n+\tfdev = faux_device_create(KBUILD_MODNAME, NULL, &tdx_host_ops);\n \tif (!fdev)\n \t\treturn -ENODEV;\n \n", "prefixes": [ "v2", "16/31" ] }