[{"id":3688163,"web_url":"http://patchwork.ozlabs.org/comment/3688163/","msgid":"<20260508050251.88FD4C2BCB0@smtp.kernel.org>","list_archive_url":null,"date":"2026-05-08T05:02:50","subject":"Re: [PATCH 09/18] PCI/CMA: Add a PCI TSM CMA driver using SPDM","submitter":{"id":93311,"url":"http://patchwork.ozlabs.org/api/people/93311/","name":null,"email":"sashiko-bot@kernel.org"},"content":"Thank you for your contribution! Sashiko AI review found 5 potential issue(s) to consider:\n- [High] PCI_CMA unconditionally selects RSPDM, bypassing Rust architectural dependencies.\n- [High] `pci_cma_tsm_probe()` manually initializes the TSM context and incorrectly sets `dsm_dev = pdev`, causing a guaranteed NULL pointer dereference for Virtual Functions (VFs).\n- [High] Missing `bind`, `unbind`, and `guest_req` callbacks in `pci_cma_tsm_ops` lead to NULL function pointer dereferences in core TSM APIs.\n- [High] Missing `pm_runtime_get_sync()` before accessing the DOE mailbox in `pci_cma_tsm_connect()`.\n- [Low] The struct `pci_cma_devsec` is defined but never used.\n--\n\ncommit e57964ed86001a515a5baf89472dd183655e1af8\nAuthor: Alistair Francis <alistair.francis@wdc.com>\n\nPCI/CMA: Add a PCI TSM CMA driver using SPDM\n\nThis commit adds support for component measurement and authentication \n(CMA-SPDM) per PCIe r6.2 sec 6.31. It introduces a TSM driver that uses \na PCI DOE mailbox as a transport for SPDM-based authentication.\n\n> diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig\n> index 33c88432b7287..dcf4170381f24 100644\n> --- a/drivers/pci/Kconfig\n> +++ b/drivers/pci/Kconfig\n> @@ -124,6 +124,20 @@ config PCI_ATS\n>  config PCI_IDE\n>  \tbool\n>  \n> +config PCI_CMA\n> +\tbool \"Component Measurement and Authentication (CMA-SPDM)\"\n> +\tselect CRYPTO_ECDSA\n> +\tselect CRYPTO_RSA\n> +\tselect CRYPTO_SHA256\n> +\tselect CRYPTO_SHA512\n> +\tselect PCI_DOE\n> +\tselect PCI_TSM\n> +\tselect RSPDM\n\nDoes selecting RSPDM here bypass Rust architectural dependencies?\n\nSince RSPDM selects RUST, using select here forces RUST on regardless of\nits dependencies like HAVE_RUST and RUST_IS_AVAILABLE.\n\nCan this cause unmet dependency warnings and build failures due to missing\ncompiler toolchains on architectures without Rust support?\n\n> diff --git a/drivers/pci/cma.c b/drivers/pci/cma.c\n> new file mode 100644\n> index 0000000000000..998fde6366fb8\n> --- /dev/null\n> +++ b/drivers/pci/cma.c\n\n[ ... ]\n\n> +/**\n> + * struct pci_cma_devsec - CMA SPDM devsec TSM context\n> + * @spdm: SPDM session for this device\n> + */\n> +struct pci_cma_devsec {\n> +\tstruct spdm_state *spdm;\n> +};\n\nThis isn't a bug, but struct pci_cma_devsec appears to be defined but\nnever used anywhere in the driver.\n\n> +static struct pci_tsm *pci_cma_tsm_probe(struct tsm_dev *tsm_dev,\n> +\t\t\t\t      struct pci_dev *pdev)\n> +{\n> +\tstruct pci_doe_mb *doe;\n> +\tstruct pci_cma_tsm *cma;\n> +\n> +\tdoe = pci_find_doe_mailbox(pdev, PCI_VENDOR_ID_PCI_SIG,\n> +\t\t\t\t   PCI_DOE_FEATURE_CMA);\n> +\tif (!doe)\n> +\t\treturn NULL;\n> +\n> +\tcma = kzalloc(sizeof(*cma), GFP_KERNEL);\n> +\tif (!cma)\n> +\t\treturn NULL;\n> +\n> +\tmutex_init(&cma->pf0.lock);\n> +\tcma->pf0.doe_mb = doe;\n> +\tcma->pf0.base_tsm.pdev = pdev;\n> +\tcma->pf0.base_tsm.dsm_dev = pdev;\n\nIs it safe to bypass pci_tsm_pf0_constructor() and manually set\ndsm_dev = pdev here?\n\nDuring pci_tsm_connect(), the framework walks all dependent functions,\nmeaning pdev can be a Virtual Function (VF).\n\nLater, when the core TSM subsystem calls to_pci_tsm_pf0(), it validates\nthe DSM device with is_pci_tsm_pf0(), which returns false for VFs.\n\nThis causes the helper to return NULL, leading to a NULL pointer dereference\nwhen the core framework attempts to acquire the lock.\n\n> +\tcma->pf0.base_tsm.tsm_dev = tsm_dev;\n> +\n> +\tcma->spdm = spdm_create(&pdev->dev, pci_doe_transport, doe,\n> +\t\t\t\tPCI_DOE_MAX_PAYLOAD, NULL);\n\n[ ... ]\n\n> +static int pci_cma_tsm_connect(struct pci_dev *pdev)\n> +{\n> +\tstruct pci_cma_tsm *cma = cma_tsm_from_tsm(pdev->tsm);\n> +\tint rc;\n> +\n> +\trc = spdm_authenticate(cma->spdm);\n\nDoes this sequence need a pm_runtime_get_sync() before attempting\nauthentication?\n\nSince this is triggered via the sysfs connect attribute, it does not\nautomatically wake the device.\n\nIf the device is in a low-power state like D3hot, accessing its DOE mailbox\nregisters here could result in PCI aborts or return ~0.\n\n> +\tif (rc)\n> +\t\treturn rc;\n> +\n> +\treturn 0;\n> +}\n\n[ ... ]\n\n> +static const struct pci_tsm_ops pci_cma_tsm_ops = {\n> +\t.link_ops = {\n> +\t\t.probe\t\t= pci_cma_tsm_probe,\n> +\t\t.remove\t\t= pci_cma_tsm_remove,\n> +\t\t.connect\t= pci_cma_tsm_connect,\n> +\t\t.disconnect\t= pci_cma_tsm_disconnect,\n> +\t},\n> +};\n\nAre the missing bind, unbind, and guest_req callbacks intentional?\n\nThe core TSM framework APIs like pci_tsm_bind() and pci_tsm_unbind()\nunconditionally call these function pointers without verifying if they\nexist.\n\nCould this cause an immediate kernel panic if userspace or VFIO attempts\nto bind a CMA-authenticated device as a TDI?","headers":{"Return-Path":"\n <linux-pci+bounces-54219-incoming=patchwork.ozlabs.org@vger.kernel.org>","X-Original-To":["incoming@patchwork.ozlabs.org","linux-pci@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=kernel.org header.i=@kernel.org header.a=rsa-sha256\n header.s=k20201202 header.b=rrDHB0g+;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=linux-pci+bounces-54219-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=\"rrDHB0g+\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=10.30.226.201"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4gBcSb5jlQz1yK7\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 08 May 2026 15:02:55 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 4AE893005313\n\tfor <incoming@patchwork.ozlabs.org>; Fri,  8 May 2026 05:02:53 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 48B191A262A;\n\tFri,  8 May 2026 05:02:52 +0000 (UTC)","from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org\n [10.30.226.201])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 25FE8238D54\n\tfor <linux-pci@vger.kernel.org>; Fri,  8 May 2026 05:02:51 +0000 (UTC)","by smtp.kernel.org (Postfix) with ESMTPSA id 88FD4C2BCB0;\n\tFri,  8 May 2026 05:02:51 +0000 (UTC)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1778216572; cv=none;\n b=JIzxyiDagKaDW3Of3Po9iVNMGXCdnafHPOxRqRIRcbxGt2MGpIzuihJwJNEeFdPpLMn2zOs6jepuQFQqHHOj7MlS+OyoxAkYRKuV7ooKimrsCOg0bWiduXyGhtTWV1EyK647s1fJR/YjgQgFjaPfWjv8sRf+CJOvUfdbQHEDsb4=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1778216572; c=relaxed/simple;\n\tbh=NnkMsema/WsgIBcmX2fF8fr3R3ZVdsk2qonYwi9NOR8=;\n\th=From:Subject:To:Cc:In-Reply-To:References:Content-Type:Date:\n\t Message-Id;\n b=pflfMhTR7iYh73gw3x6dkArjB/SyRJAEuwS4u7pgWIpZNkAUTsRLfARO8XKqlGJL5S3whnrQ/HWm5BgdLn3xZ+U/4uxXST3Mr9u+4ae3JCTbiXuX5cr+K+t4loeu7PP/0OJZtU0CuHmyB/z0ikS6zpNPXSQwzynWri5x8yMmapc=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org\n header.b=rrDHB0g+; arc=none smtp.client-ip=10.30.226.201","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;\n\ts=k20201202; t=1778216571;\n\tbh=NnkMsema/WsgIBcmX2fF8fr3R3ZVdsk2qonYwi9NOR8=;\n\th=From:Subject:Reply-To:To:Cc:In-Reply-To:References:Date:From;\n\tb=rrDHB0g+fvbJ0hQk2aD6id8An5HP483dgEsB2BCjwo7c9SL+SJ7GCfx/4x+X92HtK\n\t 1vK0vb3f9yCgTEFtBBbqYwMv6do0rODZhaTC3X8AqzerHJRY/9Yt4XeYCVlwIdTFda\n\t k2+NZhCvcYxCjU+gWab+xaXLCzV2CMl30Dr03po9qdE/AY2o9PkDaiLP5TG8FOh+QD\n\t qQOh3JM64cBx1FwFs93GiHoyM/raQcmPT9H2aPn188HiARwyd1NB8yu9KPMV7eIiaQ\n\t qC9wIoCKw4YLVsNjbOO3r9rsfLVlWEPeToN+HqpB3w8Z5e53U6FhHGSfV2LhZTbnE1\n\t 8IsOw5Wk1kudw==","From":"sashiko-bot@kernel.org","Subject":"Re: [PATCH 09/18] PCI/CMA: Add a PCI TSM CMA driver using SPDM","Reply-To":"sashiko@lists.linux.dev","To":"alistair23@gmail.com","Cc":"linux-pci@vger.kernel.org, ojeda@kernel.org","In-Reply-To":"<20260508031710.514574-10-alistair.francis@wdc.com>","References":"<20260508031710.514574-10-alistair.francis@wdc.com>","Content-Type":"text/plain; charset=utf-8","Content-Transfer-Encoding":"quoted-printable","Date":"Fri, 08 May 2026 05:02:50 +0000","Message-Id":"<20260508050251.88FD4C2BCB0@smtp.kernel.org>","Precedence":"bulk","X-Mailing-List":"linux-pci@vger.kernel.org","List-Id":"<linux-pci.vger.kernel.org>","List-Subscribe":"<mailto:linux-pci+subscribe@vger.kernel.org>","List-Unsubscribe":"<mailto:linux-pci+unsubscribe@vger.kernel.org>"}}]