On 25/2/25 07:28, Dan Williams wrote:
Alexey Kardashevskiy wrote:
On 19/12/24 18:25, Alexey Kardashevskiy wrote:
On 6/12/24 09:24, Dan Williams wrote:
There are two components to establishing an encrypted link, provisioning
the stream in config-space, and programming the keys into the link layer
via the IDE_KM (key management) protocol. These helpers enable the
former, and are in support of TSM coordinated IDE_KM. When / if native
IDE establishment arrives it will share this same config-space
provisioning flow, but for now IDE_KM, in any form, is saved for a
follow-on change.
With the TSM implementations of SEV-TIO and TDX Connect in mind this
abstracts small differences in those implementations. For example, TDX
Connect handles Root Port registers updates while SEV-TIO expects System
Software to update the Root Port registers. This is the rationale for
the PCI_IDE_SETUP_ROOT_PORT flag.
The other design detail for TSM-coordinated IDE establishment is that
the TSM manages allocation of stream-ids, this is why the stream_id is
passed in to pci_ide_stream_setup().
The flow is:
pci_ide_stream_probe()
Gather stream settings (devid and address filters)
pci_ide_stream_setup()
Program the stream settings into the endpoint, and optionally Root
Port)
pci_ide_enable_stream()
Run the stream after IDE_KM
In support of system administrators auditing where platform IDE stream
resources are being spent, the allocated stream is reflected as a
symlink from the host-bridge to the endpoint.
Thanks to Wu Hao for a draft implementation of this infrastructure.
Cc: Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
Cc: Lukas Wunner <lukas@xxxxxxxxx>
Cc: Samuel Ortiz <sameo@xxxxxxxxxxxx>
Co-developed-by: Alexey Kardashevskiy <aik@xxxxxxx>
Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx>
Co-developed-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
Signed-off-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
---
.../ABI/testing/sysfs-devices-pci-host-bridge | 28 +++
drivers/pci/ide.c | 192
++++++++++++++++++++
drivers/pci/pci.h | 4
drivers/pci/probe.c | 1
include/linux/pci-ide.h | 33 +++
include/linux/pci.h | 4
6 files changed, 262 insertions(+)
create mode 100644
Documentation/ABI/testing/sysfs-devices-pci-host-bridge
create mode 100644 include/linux/pci-ide.h
[..]
+ __pci_ide_stream_setup(pdev, ide);
+ if (flags & PCI_IDE_SETUP_ROOT_PORT)
+ __pci_ide_stream_setup(rp, ide);
Oh, when we do this, the root port gets the same devid_start/end as the
device which is not correct, what should be there, the rootport bdfn?
Need to dig that but PCI_IDE_SETUP_ROOT_PORT should detect that it is a
root port. Thanks,
Why would the values be different? The Stream is associated with a set
of RIDs, I expect the PF and the Root Port to agree on that set?
My current understanding of this the RIDs range is a firewall rule and
not to tag PCIe trafic with a specific streamid, so:
the PF's RIDs should be just 1 RID of the RP;
the RP's RIDs should be the whole range of RIDs of that PF + all its VFs.
Or I am missing the point of it, am I? Thanks,
Regardless, the PCI_IDE_SETUP_ROOT_PORT concept is dead so this could
support distinct settings per Root Port vs endpoint, but I am missing
where / why those would diverge.
--
Alexey
