Re: [PATCH kernel 2/9] pci/tsm: Add tsm_tdi_status

Next message: Barry Song: "Re: [PATCH] mm/mglru: fix cgroup OOM during MGLRU state switching"
Previous message: Li hongliang: "[PATCH 6.6.y 3/3] net: fix segmentation of forwarding fraglist GRO"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Aneesh Kumar K . V

Date: Mon Mar 02 2026 - 01:58:44 EST

<dan.j.williams@xxxxxxxxx> writes:

> Alexey Kardashevskiy wrote:
>> Define a structure with all info about a TDI such as TDISP status,
>> bind state, used START_INTERFACE options and the report digest.
>>
>> This will be extended and shared to the userspace.
>>
>> Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx>
>> ---
>>
>> Make it uapi? We might want a sysfs node per a field so probably not.
>> For now its only user is AMD SEV TIO with a plan to expose this struct
>> as a whole via sysfs.
>
> Say more about what this uapi when sysfs already has lock+accept
> indications?
>
> Or are you just talking about exporting the TDISP report as a binary
> blob?
>
> I think the kernel probably wants a generic abstraction for asserting
> that the tsm layer believes the report remains valid between fetch and
> run. In other words I am not sure arch features like intf_report_counter
> ever show up anywhere in uapi outside of debugfs.
>

Agreed. For CCA, we use rsi_vdev_info, but we need a generic mechanism
to associate this with the report that the guest has attested.

In CCA, we call rsi_vdev_get_info(vdev_id, dev_info) and later use that
information in rsi_vdev_enable_dma(vdev_id, dev_info).

Perhaps we could add a generation number (or meas_nonce) to the TSM
netlink response and use it when accepting the device, so we can
reliably bind the device measurement to the attested one?

-aneesh