On Fri, Aug 23, 2024 at 11:21:21PM +1000, Alexey Kardashevskiy wrote:
> The module responsibilities are:
> 1. detect TEE support in a device and create nodes in the device's sysfs
> entry;
> 2. allow binding a PCI device to a VM for passing it through in a trusted
> manner;
Binding devices to VMs and managing their lifecycle is the purvue of
VFIO and iommufd, it should not be exposed via weird sysfs calls like
this. You can't build the right security model without being inside
the VFIO context.
As I said in the other email, it seems like the PSP and the iommu
driver need to coordinate to ensure the two DTEs are consistent, and
solve the other sequencing problems you seem to have.
I'm not convinced this should be in some side module - it seems like
this is possibly more logically integrated as part of the iommu..
> +static ssize_t tsm_dev_connect_store(struct device *dev, struct device_attribute *attr,
> + const char *buf, size_t count)
> +{
> + struct tsm_dev *tdev = tsm_dev_get(dev);
> + unsigned long val;
> + ssize_t ret = -EIO;
> +
> + if (kstrtoul(buf, 0, &val) < 0)
> + ret = -EINVAL;
> + else if (val && !tdev->connected)
> + ret = tsm_dev_connect(tdev, tsm.private_data, val);
> + else if (!val && tdev->connected)
> + ret = tsm_dev_reclaim(tdev, tsm.private_data);
> +
> + if (!ret)
> + ret = count;
> +
> + tsm_dev_put(tdev);
> +
> + return ret;
> +}
> +
> +static ssize_t tsm_dev_connect_show(struct device *dev, struct device_attribute *attr, char *buf)
> +{
> + struct tsm_dev *tdev = tsm_dev_get(dev);
> + ssize_t ret = sysfs_emit(buf, "%u\n", tdev->connected);
> +
> + tsm_dev_put(tdev);
> + return ret;
> +}
> +
> +static DEVICE_ATTR_RW(tsm_dev_connect);
Please do a much better job explaining the uAPIS you are trying to
build in all the commit messages and how you expect them to be used.
Picking this stuff out of a 6k loc series is a bit tricky
Jason
