Dan Williams <dan.j.williams@xxxxxxxxx> writes:
....
> +static void pci_tsm_pf0_init(struct pci_dev *pdev)
> +{
> + bool tee_cap;
> +
> + tee_cap = pdev->devcap & PCI_EXP_DEVCAP_TEE;
> +
> + if (!(pdev->ide_cap || tee_cap))
> + return;
>
If we expect to use pci_tsm_pf0_init and is_pci_tsm_pf0() from the
guest, can we have the ide_cap and tee_cap check here? Will that be true
for all devices assigned to the guest?
> +
> + lockdep_assert_held_write(&pci_tsm_rwsem);
> + if (!tsm_ops)
> + return;
> +
> + /*
> + * If a physical device has any security capabilities it may be
> + * a candidate to connect with the platform TSM
> + */
> + struct pci_tsm *pci_tsm __free(tsm_remove) = tsm_ops->probe(pdev);
> +
> + pci_dbg(pdev, "Device security capabilities detected (%s%s ), TSM %s\n",
> + pdev->ide_cap ? " ide" : "", tee_cap ? " tee" : "",
> + pci_tsm ? "attach" : "skip");
> +
> + if (!pci_tsm)
> + return;
> +
> + pdev->tsm = no_free_ptr(pci_tsm);
> + sysfs_update_group(&pdev->dev.kobj, &pci_tsm_auth_attr_group);
> + sysfs_update_group(&pdev->dev.kobj, &pci_tsm_pf0_attr_group);
> + if (pci_tsm_owner_attr_group)
> + sysfs_merge_group(&pdev->dev.kobj, pci_tsm_owner_attr_group);
> +}
> +
>
....
> +/* physical function0 and capable of 'connect' */
> +static inline bool is_pci_tsm_pf0(struct pci_dev *pdev)
> +{
> + if (!pci_is_pcie(pdev))
> + return false;
> +
> + if (pdev->is_virtfn)
> + return false;
> +
> + /*
> + * Allow for a Device Security Manager (DSM) associated with function0
> + * of an Endpoint to coordinate TDISP requests for other functions
> + * (physical or virtual) of the device, or allow for an Upstream Port
> + * DSM to accept TDISP requests for switch Downstream Endpoints.
> + */
> + switch (pci_pcie_type(pdev)) {
> + case PCI_EXP_TYPE_ENDPOINT:
> + case PCI_EXP_TYPE_UPSTREAM:
> + case PCI_EXP_TYPE_RC_END:
> + if (pdev->ide_cap || (pdev->devcap & PCI_EXP_DEVCAP_TEE))
> + break;
> + fallthrough;
>
here
> + default:
> + return false;
> + }
> +
> + return PCI_FUNC(pdev->devfn) == 0;
> +}
> +
-aneesh
