Message ID | 173343741936.1074769.17093052628585780785.stgit@dwillia2-xfh.jf.intel.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | PCI/TSM: Core infrastructure for PCI device security (TDISP) | expand |
Hi Dan,
> +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */
Should this be
#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) ((((x) >> 16) & 0xff) + 1) /* Selective IDE Streams */
We do loop as below in ide.c
for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val); i++) {
if (i == 0) {
pci_read_config_dword(pdev, sel_ide_cap, &val);
nr_ide_mem = PCI_IDE_SEL_CAP_ASSOC_NUM(val);
-aneesh
On 6/12/24 09:23, Dan Williams wrote: > Link encryption is a new PCIe capability defined by "PCIe 6.2 section > 6.33 Integrity & Data Encryption (IDE)". While it is a standalone port > and endpoint capability, it is also a building block for device security > defined by "PCIe 6.2 section 11 TEE Device Interface Security Protocol > (TDISP)". That protocol coordinates device security setup between the > platform TSM (TEE Security Manager) and device DSM (Device Security > Manager). While the platform TSM can allocate resources like stream-ids > and manage keys, it still requires system software to manage the IDE > capability register block. > > Add register definitions and basic enumeration for a "selective-stream" > IDE capability, a follow on change will select the new CONFIG_PCI_IDE > symbol. Note that while the IDE specifications defines both a > point-to-point "Link" stream and a root-port-to-endpoint "Selective" > stream, only "Selective" is considered for now for platform TSM > coordination. > > Co-developed-by: Alexey Kardashevskiy <aik@amd.com> > Signed-off-by: Alexey Kardashevskiy <aik@amd.com> > Signed-off-by: Dan Williams <dan.j.williams@intel.com> > --- > drivers/pci/Kconfig | 3 + > drivers/pci/Makefile | 1 > drivers/pci/ide.c | 73 ++++++++++++++++++++++++++++++++++++ > drivers/pci/pci.h | 6 +++ > drivers/pci/probe.c | 1 > include/linux/pci.h | 5 ++ > include/uapi/linux/pci_regs.h | 84 +++++++++++++++++++++++++++++++++++++++++ > 7 files changed, 172 insertions(+), 1 deletion(-) > create mode 100644 drivers/pci/ide.c > > diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig > index 2fbd379923fd..4e5236c456f5 100644 > --- a/drivers/pci/Kconfig > +++ b/drivers/pci/Kconfig > @@ -121,6 +121,9 @@ config XEN_PCIDEV_FRONTEND > config PCI_ATS > bool > > +config PCI_IDE > + bool > + > config PCI_DOE > bool > > diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile > index 67647f1880fb..6612256fd37d 100644 > --- a/drivers/pci/Makefile > +++ b/drivers/pci/Makefile > @@ -34,6 +34,7 @@ obj-$(CONFIG_PCI_P2PDMA) += p2pdma.o > obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o > obj-$(CONFIG_VGA_ARB) += vgaarb.o > obj-$(CONFIG_PCI_DOE) += doe.o > +obj-$(CONFIG_PCI_IDE) += ide.o > obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o > obj-$(CONFIG_PCI_NPEM) += npem.o > obj-$(CONFIG_PCIE_TPH) += tph.o > diff --git a/drivers/pci/ide.c b/drivers/pci/ide.c > new file mode 100644 > index 000000000000..a0c09d9e0b75 > --- /dev/null > +++ b/drivers/pci/ide.c > @@ -0,0 +1,73 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* Copyright(c) 2024 Intel Corporation. All rights reserved. */ > + > +/* PCIe 6.2 section 6.33 Integrity & Data Encryption (IDE) */ > + > +#define dev_fmt(fmt) "PCI/IDE: " fmt > +#include <linux/pci.h> > +#include "pci.h" > + > +static int sel_ide_offset(u16 cap, int stream_id, int nr_ide_mem) > +{ > + return cap + stream_id * PCI_IDE_SELECTIVE_BLOCK_SIZE(nr_ide_mem); > +} > + > +void pci_ide_init(struct pci_dev *pdev) > +{ > + u16 ide_cap, sel_ide_cap; > + int nr_ide_mem = 0; > + u32 val = 0; > + > + if (!pci_is_pcie(pdev)) > + return; > + > + ide_cap = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_IDE); > + if (!ide_cap) > + return; > + > + /* > + * Check for selective stream capability from endpoint to root-port, and > + * require consistent number of address association blocks > + */ > + pci_read_config_dword(pdev, ide_cap + PCI_IDE_CAP, &val); > + if ((val & PCI_IDE_CAP_SELECTIVE) == 0) > + return; > + > + if (pci_pcie_type(pdev) == PCI_EXP_TYPE_ENDPOINT) { > + struct pci_dev *rp = pcie_find_root_port(pdev); > + > + if (!rp->ide_cap) > + return; > + } > + > + if (val & PCI_IDE_CAP_LINK) > + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM + > + (PCI_IDE_CAP_LINK_TC_NUM(val) + 1) * > + PCI_IDE_LINK_BLOCK_SIZE; > + else > + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM; > + > + for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val); i++) { > + if (i == 0) { > + pci_read_config_dword(pdev, sel_ide_cap, &val); > + nr_ide_mem = PCI_IDE_SEL_CAP_ASSOC_NUM(val); > + } else { > + int offset = sel_ide_offset(sel_ide_cap, i, nr_ide_mem); > + > + pci_read_config_dword(pdev, offset, &val); > + > + /* > + * lets not entertain devices that do not have a > + * constant number of address association blocks But why? It is quite easy to support those. Yeah, won't be able to cache nr_ide_mem and will have to read more configspace but a specific selected stream offset can live in pci_ide from 8/11. Thanks, > + */ > + if (PCI_IDE_SEL_CAP_ASSOC_NUM(val) != nr_ide_mem) { > + pci_info(pdev, "Unsupported Selective Stream %d capability\n", i); > + return; > + } > + } > + } > + > + pdev->ide_cap = ide_cap; > + pdev->sel_ide_cap = sel_ide_cap; > + pdev->nr_ide_mem = nr_ide_mem; > +} > diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h > index 2e40fc63ba31..0305f497b28a 100644 > --- a/drivers/pci/pci.h > +++ b/drivers/pci/pci.h > @@ -452,6 +452,12 @@ static inline void pci_npem_create(struct pci_dev *dev) { } > static inline void pci_npem_remove(struct pci_dev *dev) { } > #endif > > +#ifdef CONFIG_PCI_IDE > +void pci_ide_init(struct pci_dev *dev); > +#else > +static inline void pci_ide_init(struct pci_dev *dev) { } > +#endif > + > /** > * pci_dev_set_io_state - Set the new error state if possible. > * > diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c > index 2e81ab0f5a25..e22f515a8da9 100644 > --- a/drivers/pci/probe.c > +++ b/drivers/pci/probe.c > @@ -2517,6 +2517,7 @@ static void pci_init_capabilities(struct pci_dev *dev) > pci_rcec_init(dev); /* Root Complex Event Collector */ > pci_doe_init(dev); /* Data Object Exchange */ > pci_tph_init(dev); /* TLP Processing Hints */ > + pci_ide_init(dev); /* Link Integrity and Data Encryption */ > > pcie_report_downtraining(dev); > pci_init_reset_methods(dev); > diff --git a/include/linux/pci.h b/include/linux/pci.h > index db9b47ce3eef..50811b7655dd 100644 > --- a/include/linux/pci.h > +++ b/include/linux/pci.h > @@ -530,6 +530,11 @@ struct pci_dev { > #endif > #ifdef CONFIG_PCI_NPEM > struct npem *npem; /* Native PCIe Enclosure Management */ > +#endif > +#ifdef CONFIG_PCI_IDE > + u16 ide_cap; /* Link Integrity & Data Encryption */ > + u16 sel_ide_cap; /* - Selective Stream register block */ > + int nr_ide_mem; /* - Address range limits for streams */ > #endif > u16 acs_cap; /* ACS Capability offset */ > u8 supported_speeds; /* Supported Link Speeds Vector */ > diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h > index 1601c7ed5fab..9635b27d2485 100644 > --- a/include/uapi/linux/pci_regs.h > +++ b/include/uapi/linux/pci_regs.h > @@ -748,7 +748,8 @@ > #define PCI_EXT_CAP_ID_NPEM 0x29 /* Native PCIe Enclosure Management */ > #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ > #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ > -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE > +#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption */ > +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_IDE > > #define PCI_EXT_CAP_DSN_SIZEOF 12 > #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 > @@ -1213,4 +1214,85 @@ > #define PCI_DVSEC_CXL_PORT_CTL 0x0c > #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001 > > +/* Integrity and Data Encryption Extended Capability */ > +#define PCI_IDE_CAP 0x4 > +#define PCI_IDE_CAP_LINK 0x1 /* Link IDE Stream Supported */ > +#define PCI_IDE_CAP_SELECTIVE 0x2 /* Selective IDE Streams Supported */ > +#define PCI_IDE_CAP_FLOWTHROUGH 0x4 /* Flow-Through IDE Stream Supported */ > +#define PCI_IDE_CAP_PARTIAL_HEADER_ENC 0x8 /* Partial Header Encryption Supported */ > +#define PCI_IDE_CAP_AGGREGATION 0x10 /* Aggregation Supported */ > +#define PCI_IDE_CAP_PCRC 0x20 /* PCRC Supported */ > +#define PCI_IDE_CAP_IDE_KM 0x40 /* IDE_KM Protocol Supported */ > +#define PCI_IDE_CAP_ALG(x) (((x) >> 8) & 0x1f) /* Supported Algorithms */ > +#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */ > +#define PCI_IDE_CAP_LINK_TC_NUM(x) (((x) >> 13) & 0x7) /* Link IDE TCs */ > +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ > +#define PCI_IDE_CAP_SELECTIVE_STREAMS_MASK 0xff0000 > +#define PCI_IDE_CAP_TEE_LIMITED 0x1000000 /* TEE-Limited Stream Supported */ > +#define PCI_IDE_CTL 0x8 > +#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */ > +#define PCI_IDE_LINK_STREAM 0xc > +#define PCI_IDE_LINK_BLOCK_SIZE 8 > +/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */ > +/* Link IDE Stream Control Register */ > +#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ > +#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */ > +#define PCI_IDE_LINK_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ > +#define PCI_IDE_LINK_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ > +#define PCI_IDE_LINK_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ > +#define PCI_IDE_LINK_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ > +#define PCI_IDE_LINK_CTL_ID_MASK 0xff000000 > + > + > +/* Link IDE Stream Status Register */ > +#define PCI_IDE_LINK_STS_STATUS(x) ((x) & 0xf) /* Link IDE Stream State */ > +#define PCI_IDE_LINK_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ > +/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */ > +#define PCI_IDE_SELECTIVE_BLOCK_SIZE(x) (20 + 12 * (x)) > +/* Selective IDE Stream Capability Register */ > +#define PCI_IDE_SEL_CAP 0 > +#define PCI_IDE_SEL_CAP_ASSOC_NUM(x) ((x) & 0xf) /* Address Association Register Blocks Number */ > +#define PCI_IDE_SEL_CAP_ASSOC_MASK 0xf > +/* Selective IDE Stream Control Register */ > +#define PCI_IDE_SEL_CTL 4 > +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ > +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ > +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ > +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ > +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ > +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ > +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ > +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ > +#define PCI_IDE_SEL_CTL_ID_MASK 0xff000000 > +#define PCI_IDE_SEL_CTL_ID_MAX 255 > +/* Selective IDE Stream Status Register */ > +#define PCI_IDE_SEL_STS 8 > +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ > +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ > +/* IDE RID Association Register 1 */ > +#define PCI_IDE_SEL_RID_1 12 > +#define PCI_IDE_SEL_RID_1_LIMIT_MASK 0xffff00 > +/* IDE RID Association Register 2 */ > +#define PCI_IDE_SEL_RID_2 16 > +#define PCI_IDE_SEL_RID_2_VALID 0x1 > +#define PCI_IDE_SEL_RID_2_BASE_MASK 0x00ffff00 > +#define PCI_IDE_SEL_RID_2_SEG_MASK 0xff000000 > +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */ > +#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * 12) > +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_MASK 0x000fff0 > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_SHIFT 20 > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK 0xfff0000 > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT 20 > +/* IDE Address Association Register 2 is "Memory Limit Upper" */ > +/* IDE Address Association Register 3 is "Memory Base Upper" */ > +#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * 12) > +#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * 12) > + > #endif /* LINUX_PCI_REGS_H */ >
On 6/12/24 09:23, Dan Williams wrote: > Link encryption is a new PCIe capability defined by "PCIe 6.2 section > 6.33 Integrity & Data Encryption (IDE)". While it is a standalone port > and endpoint capability, it is also a building block for device security > defined by "PCIe 6.2 section 11 TEE Device Interface Security Protocol > (TDISP)". That protocol coordinates device security setup between the > platform TSM (TEE Security Manager) and device DSM (Device Security > Manager). While the platform TSM can allocate resources like stream-ids > and manage keys, it still requires system software to manage the IDE > capability register block. > > Add register definitions and basic enumeration for a "selective-stream" > IDE capability, a follow on change will select the new CONFIG_PCI_IDE > symbol. Note that while the IDE specifications defines both a > point-to-point "Link" stream and a root-port-to-endpoint "Selective" > stream, only "Selective" is considered for now for platform TSM > coordination. > > Co-developed-by: Alexey Kardashevskiy <aik@amd.com> > Signed-off-by: Alexey Kardashevskiy <aik@amd.com> > Signed-off-by: Dan Williams <dan.j.williams@intel.com> > --- > drivers/pci/Kconfig | 3 + > drivers/pci/Makefile | 1 > drivers/pci/ide.c | 73 ++++++++++++++++++++++++++++++++++++ > drivers/pci/pci.h | 6 +++ > drivers/pci/probe.c | 1 > include/linux/pci.h | 5 ++ > include/uapi/linux/pci_regs.h | 84 +++++++++++++++++++++++++++++++++++++++++ > 7 files changed, 172 insertions(+), 1 deletion(-) > create mode 100644 drivers/pci/ide.c > > diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig > index 2fbd379923fd..4e5236c456f5 100644 > --- a/drivers/pci/Kconfig > +++ b/drivers/pci/Kconfig > @@ -121,6 +121,9 @@ config XEN_PCIDEV_FRONTEND > config PCI_ATS > bool > > +config PCI_IDE > + bool > + > config PCI_DOE > bool > > diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile > index 67647f1880fb..6612256fd37d 100644 > --- a/drivers/pci/Makefile > +++ b/drivers/pci/Makefile > @@ -34,6 +34,7 @@ obj-$(CONFIG_PCI_P2PDMA) += p2pdma.o > obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o > obj-$(CONFIG_VGA_ARB) += vgaarb.o > obj-$(CONFIG_PCI_DOE) += doe.o > +obj-$(CONFIG_PCI_IDE) += ide.o > obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o > obj-$(CONFIG_PCI_NPEM) += npem.o > obj-$(CONFIG_PCIE_TPH) += tph.o > diff --git a/drivers/pci/ide.c b/drivers/pci/ide.c > new file mode 100644 > index 000000000000..a0c09d9e0b75 > --- /dev/null > +++ b/drivers/pci/ide.c > @@ -0,0 +1,73 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* Copyright(c) 2024 Intel Corporation. All rights reserved. */ > + > +/* PCIe 6.2 section 6.33 Integrity & Data Encryption (IDE) */ > + > +#define dev_fmt(fmt) "PCI/IDE: " fmt > +#include <linux/pci.h> > +#include "pci.h" > + > +static int sel_ide_offset(u16 cap, int stream_id, int nr_ide_mem) > +{ > + return cap + stream_id * PCI_IDE_SELECTIVE_BLOCK_SIZE(nr_ide_mem); > +} > + > +void pci_ide_init(struct pci_dev *pdev) > +{ > + u16 ide_cap, sel_ide_cap; > + int nr_ide_mem = 0; > + u32 val = 0; > + > + if (!pci_is_pcie(pdev)) > + return; > + > + ide_cap = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_IDE); > + if (!ide_cap) > + return; > + > + /* > + * Check for selective stream capability from endpoint to root-port, and > + * require consistent number of address association blocks > + */ > + pci_read_config_dword(pdev, ide_cap + PCI_IDE_CAP, &val); > + if ((val & PCI_IDE_CAP_SELECTIVE) == 0) > + return; > + > + if (pci_pcie_type(pdev) == PCI_EXP_TYPE_ENDPOINT) { > + struct pci_dev *rp = pcie_find_root_port(pdev); > + > + if (!rp->ide_cap) > + return; > + } > + > + if (val & PCI_IDE_CAP_LINK) > + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM + > + (PCI_IDE_CAP_LINK_TC_NUM(val) + 1) * > + PCI_IDE_LINK_BLOCK_SIZE; > + else > + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM; > + > + for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val); i++) { > + if (i == 0) { > + pci_read_config_dword(pdev, sel_ide_cap, &val); > + nr_ide_mem = PCI_IDE_SEL_CAP_ASSOC_NUM(val); > + } else { > + int offset = sel_ide_offset(sel_ide_cap, i, nr_ide_mem); > + > + pci_read_config_dword(pdev, offset, &val); > + > + /* > + * lets not entertain devices that do not have a > + * constant number of address association blocks > + */ > + if (PCI_IDE_SEL_CAP_ASSOC_NUM(val) != nr_ide_mem) { > + pci_info(pdev, "Unsupported Selective Stream %d capability\n", i); > + return; > + } > + } > + } > + > + pdev->ide_cap = ide_cap; > + pdev->sel_ide_cap = sel_ide_cap; > + pdev->nr_ide_mem = nr_ide_mem; > +} > diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h > index 2e40fc63ba31..0305f497b28a 100644 > --- a/drivers/pci/pci.h > +++ b/drivers/pci/pci.h > @@ -452,6 +452,12 @@ static inline void pci_npem_create(struct pci_dev *dev) { } > static inline void pci_npem_remove(struct pci_dev *dev) { } > #endif > > +#ifdef CONFIG_PCI_IDE > +void pci_ide_init(struct pci_dev *dev); > +#else > +static inline void pci_ide_init(struct pci_dev *dev) { } > +#endif > + > /** > * pci_dev_set_io_state - Set the new error state if possible. > * > diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c > index 2e81ab0f5a25..e22f515a8da9 100644 > --- a/drivers/pci/probe.c > +++ b/drivers/pci/probe.c > @@ -2517,6 +2517,7 @@ static void pci_init_capabilities(struct pci_dev *dev) > pci_rcec_init(dev); /* Root Complex Event Collector */ > pci_doe_init(dev); /* Data Object Exchange */ > pci_tph_init(dev); /* TLP Processing Hints */ > + pci_ide_init(dev); /* Link Integrity and Data Encryption */ > > pcie_report_downtraining(dev); > pci_init_reset_methods(dev); > diff --git a/include/linux/pci.h b/include/linux/pci.h > index db9b47ce3eef..50811b7655dd 100644 > --- a/include/linux/pci.h > +++ b/include/linux/pci.h > @@ -530,6 +530,11 @@ struct pci_dev { > #endif > #ifdef CONFIG_PCI_NPEM > struct npem *npem; /* Native PCIe Enclosure Management */ > +#endif > +#ifdef CONFIG_PCI_IDE > + u16 ide_cap; /* Link Integrity & Data Encryption */ > + u16 sel_ide_cap; /* - Selective Stream register block */ > + int nr_ide_mem; /* - Address range limits for streams */ > #endif > u16 acs_cap; /* ACS Capability offset */ > u8 supported_speeds; /* Supported Link Speeds Vector */ > diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h > index 1601c7ed5fab..9635b27d2485 100644 > --- a/include/uapi/linux/pci_regs.h > +++ b/include/uapi/linux/pci_regs.h > @@ -748,7 +748,8 @@ > #define PCI_EXT_CAP_ID_NPEM 0x29 /* Native PCIe Enclosure Management */ > #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ > #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ > -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE > +#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption */ > +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_IDE > > #define PCI_EXT_CAP_DSN_SIZEOF 12 > #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 > @@ -1213,4 +1214,85 @@ > #define PCI_DVSEC_CXL_PORT_CTL 0x0c > #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001 > > +/* Integrity and Data Encryption Extended Capability */ > +#define PCI_IDE_CAP 0x4 > +#define PCI_IDE_CAP_LINK 0x1 /* Link IDE Stream Supported */ > +#define PCI_IDE_CAP_SELECTIVE 0x2 /* Selective IDE Streams Supported */ > +#define PCI_IDE_CAP_FLOWTHROUGH 0x4 /* Flow-Through IDE Stream Supported */ > +#define PCI_IDE_CAP_PARTIAL_HEADER_ENC 0x8 /* Partial Header Encryption Supported */ > +#define PCI_IDE_CAP_AGGREGATION 0x10 /* Aggregation Supported */ > +#define PCI_IDE_CAP_PCRC 0x20 /* PCRC Supported */ > +#define PCI_IDE_CAP_IDE_KM 0x40 /* IDE_KM Protocol Supported */ > +#define PCI_IDE_CAP_ALG(x) (((x) >> 8) & 0x1f) /* Supported Algorithms */ > +#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */ > +#define PCI_IDE_CAP_LINK_TC_NUM(x) (((x) >> 13) & 0x7) /* Link IDE TCs */ > +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ > +#define PCI_IDE_CAP_SELECTIVE_STREAMS_MASK 0xff0000 > +#define PCI_IDE_CAP_TEE_LIMITED 0x1000000 /* TEE-Limited Stream Supported */ > +#define PCI_IDE_CTL 0x8 > +#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */ > +#define PCI_IDE_LINK_STREAM 0xc > +#define PCI_IDE_LINK_BLOCK_SIZE 8 > +/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */ > +/* Link IDE Stream Control Register */ > +#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ > +#define PCI_IDE_LINK_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ > +#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */ > +#define PCI_IDE_LINK_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ > +#define PCI_IDE_LINK_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ > +#define PCI_IDE_LINK_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ > +#define PCI_IDE_LINK_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ > +#define PCI_IDE_LINK_CTL_ID_MASK 0xff000000 > + > + > +/* Link IDE Stream Status Register */ > +#define PCI_IDE_LINK_STS_STATUS(x) ((x) & 0xf) /* Link IDE Stream State */ > +#define PCI_IDE_LINK_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ > +/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */ > +#define PCI_IDE_SELECTIVE_BLOCK_SIZE(x) (20 + 12 * (x)) > +/* Selective IDE Stream Capability Register */ > +#define PCI_IDE_SEL_CAP 0 > +#define PCI_IDE_SEL_CAP_ASSOC_NUM(x) ((x) & 0xf) /* Address Association Register Blocks Number */ > +#define PCI_IDE_SEL_CAP_ASSOC_MASK 0xf > +/* Selective IDE Stream Control Register */ > +#define PCI_IDE_SEL_CTL 4 > +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ > +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ > +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ > +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ > +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ > +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ > +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ > +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ > +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ > +#define PCI_IDE_SEL_CTL_ID_MASK 0xff000000 > +#define PCI_IDE_SEL_CTL_ID_MAX 255 > +/* Selective IDE Stream Status Register */ > +#define PCI_IDE_SEL_STS 8 > +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ > +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ > +/* IDE RID Association Register 1 */ > +#define PCI_IDE_SEL_RID_1 12 > +#define PCI_IDE_SEL_RID_1_LIMIT_MASK 0xffff00 > +/* IDE RID Association Register 2 */ > +#define PCI_IDE_SEL_RID_2 16 > +#define PCI_IDE_SEL_RID_2_VALID 0x1 > +#define PCI_IDE_SEL_RID_2_BASE_MASK 0x00ffff00 > +#define PCI_IDE_SEL_RID_2_SEG_MASK 0xff000000 > +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */ > +#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * 12) > +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_MASK 0x000fff0 0x000fff00 (missing a zero) > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_SHIFT 20 > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK 0xfff0000 0xfff00000 31:20 Memory Limit Lower – Corresponds to Address bits [31:20]. Address bits [19:0] are implicitly F_FFFFh. RW 19:8 Memory Base Lower – Corresponds to Address bits [31:20]. Address[19:0] bits are implicitly 0_0000h. > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT 20 I like mine better :) Shows in one place how addr_1 is made: #define PCI_IDE_SEL_ADDR_1(v, base, limit) \ ((FIELD_GET(0xfff00000, (limit)) << 20) | \ (FIELD_GET(0xfff00000, (base)) << 8) | \ ((v) ? 1 : 0)) Also, when something uses "SHIFT", I expect left shift (like, PAGE_SHIFT), but this is right shift. Otherwise, looks good. Thanks, > +/* IDE Address Association Register 2 is "Memory Limit Upper" */ > +/* IDE Address Association Register 3 is "Memory Base Upper" */ > +#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * 12) > +#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * 12) > + > #endif /* LINUX_PCI_REGS_H */ >
I try to make the first word of the subject a verb that says something about what the patch does, maybe "Enumerate" in this case? On Thu, Dec 05, 2024 at 02:23:39PM -0800, Dan Williams wrote: > Link encryption is a new PCIe capability defined by "PCIe 6.2 section > 6.33 Integrity & Data Encryption (IDE)". While it is a standalone port Since sec 6.33 doesn't cover the "IDE Extended Capability" (sec 7.9.26), I would word this as "a new PCIe feature" here. > and endpoint capability, it is also a building block for device security > defined by "PCIe 6.2 section 11 TEE Device Interface Security Protocol > (TDISP)". That protocol coordinates device security setup between the > platform TSM (TEE Security Manager) and device DSM (Device Security > Manager). While the platform TSM can allocate resources like stream-ids > and manage keys, it still requires system software to manage the IDE > capability register block. s/stream-ids/Stream IDs/ to match spec usage > Add register definitions and basic enumeration for a "selective-stream" > IDE capability, a follow on change will select the new CONFIG_PCI_IDE > symbol. Note that while the IDE specifications defines both a > point-to-point "Link" stream and a root-port-to-endpoint "Selective" > stream, only "Selective" is considered for now for platform TSM > coordination. s/root-port/Root Port/ to match spec usage, also below > +void pci_ide_init(struct pci_dev *pdev) > +{ > ... > + * lets not entertain devices that do not have a > + * constant number of address association blocks s/lets/Let's/
> > +/* Selective IDE Stream Capability Register */ > > +#define PCI_IDE_SEL_CAP 0 > > +#define PCI_IDE_SEL_CAP_ASSOC_NUM(x) ((x) & 0xf) /* Address Association Register Blocks Number */ > > +#define PCI_IDE_SEL_CAP_ASSOC_MASK 0xf PCI_IDE_SEL_CAP_ASSOC_NUM_MASK is better? > > +/* Selective IDE Stream Control Register */ > > +#define PCI_IDE_SEL_CTL 4 > > +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ > > +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ > > +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ > > +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ These fields are more likely to be written to the register than read out, so may need other definitions. I think generally _XXX(x) Macros are less useful than _MASK because of FIELD_PREP/GET(), so maybe by default we define _MASK Macros and on demand define _XXX(x) Macros for all registers. > > +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ > > +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ > > +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ > > +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ > > +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ > > +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ > > +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ > > +#define PCI_IDE_SEL_CTL_ID_MASK 0xff000000 > > +#define PCI_IDE_SEL_CTL_ID_MAX 255 > > +/* Selective IDE Stream Status Register */ > > +#define PCI_IDE_SEL_STS 8 > > +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ > > +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ > > +/* IDE RID Association Register 1 */ > > +#define PCI_IDE_SEL_RID_1 12 > > +#define PCI_IDE_SEL_RID_1_LIMIT_MASK 0xffff00 > > +/* IDE RID Association Register 2 */ > > +#define PCI_IDE_SEL_RID_2 16 > > +#define PCI_IDE_SEL_RID_2_VALID 0x1 > > +#define PCI_IDE_SEL_RID_2_BASE_MASK 0x00ffff00 > > +#define PCI_IDE_SEL_RID_2_SEG_MASK 0xff000000 > > +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */ > > +#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * 12) > > +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 > > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_MASK 0x000fff0 > > 0x000fff00 (missing a zero) > > > +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_SHIFT 20 > > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK 0xfff0000 > > > 0xfff00000 > > 31:20 Memory Limit Lower – Corresponds to Address bits [31:20]. Address bits > [19:0] are implicitly F_FFFFh. RW > 19:8 Memory Base Lower – Corresponds to Address bits [31:20]. Address[19:0] > bits are implicitly 0_0000h. > > > > +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT 20 I don't think _SHIFT MACRO is needed, also because of FIELD_PREP/GET(). > > I like mine better :) Shows in one place how addr_1 is made: > > #define PCI_IDE_SEL_ADDR_1(v, base, limit) \ > ((FIELD_GET(0xfff00000, (limit)) << 20) | \ > (FIELD_GET(0xfff00000, (base)) << 8) | \ > ((v) ? 1 : 0)) This Macro is useful for SEL_ADDR_1 but not generally useful for other registers like SEL_CTRL, which has far more fields to input. So I'd rather have only _MASK Macros here to make things simpler. This specific Macro for SEL_ADDR_1 could be put in like pci-ide.h if really needed. Thanks, Yilun > > Also, when something uses "SHIFT", I expect left shift (like, PAGE_SHIFT), > but this is right shift. > > Otherwise, looks good. Thanks, > > > +/* IDE Address Association Register 2 is "Memory Limit Upper" */ > > +/* IDE Address Association Register 3 is "Memory Base Upper" */ > > +#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * 12) > > +#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * 12) > > + > > #endif /* LINUX_PCI_REGS_H */ > > > > -- > Alexey > >
On Tue, Dec 10, 2024 at 08:38:57AM +0530, Aneesh Kumar K.V wrote: > > Hi Dan, > > > +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ > > Should this be > > #define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) ((((x) >> 16) & 0xff) + 1) /* Selective IDE Streams */ Is it better keep the literal SPEC definition here in pci_reg.h? And ... > > We do loop as below in ide.c > > for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val); i++) { for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val) + 1; i++) { Thanks, Yilun > if (i == 0) { > pci_read_config_dword(pdev, sel_ide_cap, &val); > nr_ide_mem = PCI_IDE_SEL_CAP_ASSOC_NUM(val); > > -aneesh >
On 12/12/24 17:06, Xu Yilun wrote: >>> +/* Selective IDE Stream Capability Register */ >>> +#define PCI_IDE_SEL_CAP 0 >>> +#define PCI_IDE_SEL_CAP_ASSOC_NUM(x) ((x) & 0xf) /* Address Association Register Blocks Number */ >>> +#define PCI_IDE_SEL_CAP_ASSOC_MASK 0xf > > PCI_IDE_SEL_CAP_ASSOC_NUM_MASK is better? > >>> +/* Selective IDE Stream Control Register */ >>> +#define PCI_IDE_SEL_CTL 4 >>> +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ >>> +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ >>> +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ >>> +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ > > These fields are more likely to be written to the register than read > out, so may need other definitions. > > I think generally _XXX(x) Macros are less useful than _MASK because of > FIELD_PREP/GET(), so maybe by default we define _MASK Macros and on > demand define _XXX(x) Macros for all registers. > >>> +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ >>> +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ >>> +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ >>> +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ >>> +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ >>> +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ >>> +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ >>> +#define PCI_IDE_SEL_CTL_ID_MASK 0xff000000 >>> +#define PCI_IDE_SEL_CTL_ID_MAX 255 >>> +/* Selective IDE Stream Status Register */ >>> +#define PCI_IDE_SEL_STS 8 >>> +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ >>> +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ >>> +/* IDE RID Association Register 1 */ >>> +#define PCI_IDE_SEL_RID_1 12 >>> +#define PCI_IDE_SEL_RID_1_LIMIT_MASK 0xffff00 >>> +/* IDE RID Association Register 2 */ >>> +#define PCI_IDE_SEL_RID_2 16 >>> +#define PCI_IDE_SEL_RID_2_VALID 0x1 >>> +#define PCI_IDE_SEL_RID_2_BASE_MASK 0x00ffff00 >>> +#define PCI_IDE_SEL_RID_2_SEG_MASK 0xff000000 >>> +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */ >>> +#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * 12) >>> +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 >>> +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_MASK 0x000fff0 >> >> 0x000fff00 (missing a zero) >> >>> +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_SHIFT 20 >>> +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK 0xfff0000 >> >> >> 0xfff00000 >> >> 31:20 Memory Limit Lower – Corresponds to Address bits [31:20]. Address bits >> [19:0] are implicitly F_FFFFh. RW >> 19:8 Memory Base Lower – Corresponds to Address bits [31:20]. Address[19:0] >> bits are implicitly 0_0000h. >> >> >>> +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT 20 > > I don't think _SHIFT MACRO is needed, also because of FIELD_PREP/GET(). (I saw your comment, just to clarify this bikeshedding :) ) PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK applies to the source (which is "base") and PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT applies to the result (which is "addr1"). May be s/PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK/PCI_IDE_SEL_LIMIT_LOW_MASK_FOR_ADDR_1/ or just to PCI_IDE_SEL_LIMIT_LOW_MASK Thanks, >> >> I like mine better :) Shows in one place how addr_1 is made: >> >> #define PCI_IDE_SEL_ADDR_1(v, base, limit) \ >> ((FIELD_GET(0xfff00000, (limit)) << 20) | \ >> (FIELD_GET(0xfff00000, (base)) << 8) | \ >> ((v) ? 1 : 0)) > > This Macro is useful for SEL_ADDR_1 but not generally useful for other > registers like SEL_CTRL, which has far more fields to input. So I'd > rather have only _MASK Macros here to make things simpler. This > specific Macro for SEL_ADDR_1 could be put in like pci-ide.h if really > needed. > > Thanks, > Yilun > >> >> Also, when something uses "SHIFT", I expect left shift (like, PAGE_SHIFT), >> but this is right shift. >> >> Otherwise, looks good. Thanks, >> >>> +/* IDE Address Association Register 2 is "Memory Limit Upper" */ >>> +/* IDE Address Association Register 3 is "Memory Base Upper" */ >>> +#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * 12) >>> +#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * 12) >>> + >>> #endif /* LINUX_PCI_REGS_H */ >>> >> >> -- >> Alexey >> >>
diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index 2fbd379923fd..4e5236c456f5 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -121,6 +121,9 @@ config XEN_PCIDEV_FRONTEND config PCI_ATS bool +config PCI_IDE + bool + config PCI_DOE bool diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile index 67647f1880fb..6612256fd37d 100644 --- a/drivers/pci/Makefile +++ b/drivers/pci/Makefile @@ -34,6 +34,7 @@ obj-$(CONFIG_PCI_P2PDMA) += p2pdma.o obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o obj-$(CONFIG_VGA_ARB) += vgaarb.o obj-$(CONFIG_PCI_DOE) += doe.o +obj-$(CONFIG_PCI_IDE) += ide.o obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o obj-$(CONFIG_PCI_NPEM) += npem.o obj-$(CONFIG_PCIE_TPH) += tph.o diff --git a/drivers/pci/ide.c b/drivers/pci/ide.c new file mode 100644 index 000000000000..a0c09d9e0b75 --- /dev/null +++ b/drivers/pci/ide.c @@ -0,0 +1,73 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright(c) 2024 Intel Corporation. All rights reserved. */ + +/* PCIe 6.2 section 6.33 Integrity & Data Encryption (IDE) */ + +#define dev_fmt(fmt) "PCI/IDE: " fmt +#include <linux/pci.h> +#include "pci.h" + +static int sel_ide_offset(u16 cap, int stream_id, int nr_ide_mem) +{ + return cap + stream_id * PCI_IDE_SELECTIVE_BLOCK_SIZE(nr_ide_mem); +} + +void pci_ide_init(struct pci_dev *pdev) +{ + u16 ide_cap, sel_ide_cap; + int nr_ide_mem = 0; + u32 val = 0; + + if (!pci_is_pcie(pdev)) + return; + + ide_cap = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_IDE); + if (!ide_cap) + return; + + /* + * Check for selective stream capability from endpoint to root-port, and + * require consistent number of address association blocks + */ + pci_read_config_dword(pdev, ide_cap + PCI_IDE_CAP, &val); + if ((val & PCI_IDE_CAP_SELECTIVE) == 0) + return; + + if (pci_pcie_type(pdev) == PCI_EXP_TYPE_ENDPOINT) { + struct pci_dev *rp = pcie_find_root_port(pdev); + + if (!rp->ide_cap) + return; + } + + if (val & PCI_IDE_CAP_LINK) + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM + + (PCI_IDE_CAP_LINK_TC_NUM(val) + 1) * + PCI_IDE_LINK_BLOCK_SIZE; + else + sel_ide_cap = ide_cap + PCI_IDE_LINK_STREAM; + + for (int i = 0; i < PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(val); i++) { + if (i == 0) { + pci_read_config_dword(pdev, sel_ide_cap, &val); + nr_ide_mem = PCI_IDE_SEL_CAP_ASSOC_NUM(val); + } else { + int offset = sel_ide_offset(sel_ide_cap, i, nr_ide_mem); + + pci_read_config_dword(pdev, offset, &val); + + /* + * lets not entertain devices that do not have a + * constant number of address association blocks + */ + if (PCI_IDE_SEL_CAP_ASSOC_NUM(val) != nr_ide_mem) { + pci_info(pdev, "Unsupported Selective Stream %d capability\n", i); + return; + } + } + } + + pdev->ide_cap = ide_cap; + pdev->sel_ide_cap = sel_ide_cap; + pdev->nr_ide_mem = nr_ide_mem; +} diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index 2e40fc63ba31..0305f497b28a 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -452,6 +452,12 @@ static inline void pci_npem_create(struct pci_dev *dev) { } static inline void pci_npem_remove(struct pci_dev *dev) { } #endif +#ifdef CONFIG_PCI_IDE +void pci_ide_init(struct pci_dev *dev); +#else +static inline void pci_ide_init(struct pci_dev *dev) { } +#endif + /** * pci_dev_set_io_state - Set the new error state if possible. * diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c index 2e81ab0f5a25..e22f515a8da9 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -2517,6 +2517,7 @@ static void pci_init_capabilities(struct pci_dev *dev) pci_rcec_init(dev); /* Root Complex Event Collector */ pci_doe_init(dev); /* Data Object Exchange */ pci_tph_init(dev); /* TLP Processing Hints */ + pci_ide_init(dev); /* Link Integrity and Data Encryption */ pcie_report_downtraining(dev); pci_init_reset_methods(dev); diff --git a/include/linux/pci.h b/include/linux/pci.h index db9b47ce3eef..50811b7655dd 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -530,6 +530,11 @@ struct pci_dev { #endif #ifdef CONFIG_PCI_NPEM struct npem *npem; /* Native PCIe Enclosure Management */ +#endif +#ifdef CONFIG_PCI_IDE + u16 ide_cap; /* Link Integrity & Data Encryption */ + u16 sel_ide_cap; /* - Selective Stream register block */ + int nr_ide_mem; /* - Address range limits for streams */ #endif u16 acs_cap; /* ACS Capability offset */ u8 supported_speeds; /* Supported Link Speeds Vector */ diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 1601c7ed5fab..9635b27d2485 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -748,7 +748,8 @@ #define PCI_EXT_CAP_ID_NPEM 0x29 /* Native PCIe Enclosure Management */ #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE +#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption */ +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_IDE #define PCI_EXT_CAP_DSN_SIZEOF 12 #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 @@ -1213,4 +1214,85 @@ #define PCI_DVSEC_CXL_PORT_CTL 0x0c #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001 +/* Integrity and Data Encryption Extended Capability */ +#define PCI_IDE_CAP 0x4 +#define PCI_IDE_CAP_LINK 0x1 /* Link IDE Stream Supported */ +#define PCI_IDE_CAP_SELECTIVE 0x2 /* Selective IDE Streams Supported */ +#define PCI_IDE_CAP_FLOWTHROUGH 0x4 /* Flow-Through IDE Stream Supported */ +#define PCI_IDE_CAP_PARTIAL_HEADER_ENC 0x8 /* Partial Header Encryption Supported */ +#define PCI_IDE_CAP_AGGREGATION 0x10 /* Aggregation Supported */ +#define PCI_IDE_CAP_PCRC 0x20 /* PCRC Supported */ +#define PCI_IDE_CAP_IDE_KM 0x40 /* IDE_KM Protocol Supported */ +#define PCI_IDE_CAP_ALG(x) (((x) >> 8) & 0x1f) /* Supported Algorithms */ +#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */ +#define PCI_IDE_CAP_LINK_TC_NUM(x) (((x) >> 13) & 0x7) /* Link IDE TCs */ +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ +#define PCI_IDE_CAP_SELECTIVE_STREAMS_MASK 0xff0000 +#define PCI_IDE_CAP_TEE_LIMITED 0x1000000 /* TEE-Limited Stream Supported */ +#define PCI_IDE_CTL 0x8 +#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */ +#define PCI_IDE_LINK_STREAM 0xc +#define PCI_IDE_LINK_BLOCK_SIZE 8 +/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */ +/* Link IDE Stream Control Register */ +#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */ +#define PCI_IDE_LINK_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_LINK_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_LINK_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_LINK_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_LINK_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ +#define PCI_IDE_LINK_CTL_ID_MASK 0xff000000 + + +/* Link IDE Stream Status Register */ +#define PCI_IDE_LINK_STS_STATUS(x) ((x) & 0xf) /* Link IDE Stream State */ +#define PCI_IDE_LINK_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */ +#define PCI_IDE_SELECTIVE_BLOCK_SIZE(x) (20 + 12 * (x)) +/* Selective IDE Stream Capability Register */ +#define PCI_IDE_SEL_CAP 0 +#define PCI_IDE_SEL_CAP_ASSOC_NUM(x) ((x) & 0xf) /* Address Association Register Blocks Number */ +#define PCI_IDE_SEL_CAP_ASSOC_MASK 0xf +/* Selective IDE Stream Control Register */ +#define PCI_IDE_SEL_CTL 4 +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ +#define PCI_IDE_SEL_CTL_ID_MASK 0xff000000 +#define PCI_IDE_SEL_CTL_ID_MAX 255 +/* Selective IDE Stream Status Register */ +#define PCI_IDE_SEL_STS 8 +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* IDE RID Association Register 1 */ +#define PCI_IDE_SEL_RID_1 12 +#define PCI_IDE_SEL_RID_1_LIMIT_MASK 0xffff00 +/* IDE RID Association Register 2 */ +#define PCI_IDE_SEL_RID_2 16 +#define PCI_IDE_SEL_RID_2_VALID 0x1 +#define PCI_IDE_SEL_RID_2_BASE_MASK 0x00ffff00 +#define PCI_IDE_SEL_RID_2_SEG_MASK 0xff000000 +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_ASSOC_NUM */ +#define PCI_IDE_SEL_ADDR_1(x) (20 + (x) * 12) +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_MASK 0x000fff0 +#define PCI_IDE_SEL_ADDR_1_BASE_LOW_SHIFT 20 +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_MASK 0xfff0000 +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW_SHIFT 20 +/* IDE Address Association Register 2 is "Memory Limit Upper" */ +/* IDE Address Association Register 3 is "Memory Base Upper" */ +#define PCI_IDE_SEL_ADDR_2(x) (24 + (x) * 12) +#define PCI_IDE_SEL_ADDR_3(x) (28 + (x) * 12) + #endif /* LINUX_PCI_REGS_H */