linux/drivers/virt/coco, branch v6.16

Merge branch 'for-6.16/tsm-mr' into tsm-next

2025-05-13T18:28:25Z

Pick up a couple fixes for issues noticed in linux-next (constification of bin_attrs and missing 'static').

tsm-mr: Fix init breakage after bin_attrs constification by scoping non-const pointers to init phase

2025-05-13T18:02:33Z

Commit 9bec944506fa ("sysfs: constify attribute_group::bin_attrs") enforced the ro-after-init principle by making elements of bin_attrs_new pointing to const. To align with this change, introduce a temporary variable `bap` within the initialization loop. This improves code clarity by explicitly marking the initialization scope and eliminates the need for type casts when assigning to bin_attrs_new. Signed-off-by: Cedric Xing Link: https://patch.msgid.link/20250513164154.10109-1-cedric.xing@intel.com Signed-off-by: Dan Williams

Merge branch 'for-6.16/tsm-mr' into tsm-next

2025-05-13T05:12:44Z

Merge measurement-register infrastructure for v6.16. Resolve conflicts with the establishment of drivers/virt/coco/guest/ for cross-vendor common TSM functionality. Address a mis-merge with a fixup from Lukas: Link: http://lore.kernel.org/20250509134031.70559-1-lukas.bulwahn@redhat.com

virt: tdx-guest: Transition to scoped_cond_guard for mutex operations

2025-05-09T02:17:43Z

Replace mutex_lock_interruptible()/mutex_unlock() with scoped_cond_guard to enhance code readability and maintainability. Signed-off-by: Cedric Xing Acked-by: Dionna Amalie Glaze Link: https://patch.msgid.link/20250506-tdx-rtmr-v6-7-ac6ff5e9d58a@intel.com Signed-off-by: Dan Williams

virt: tdx-guest: Refactor and streamline TDREPORT generation

2025-05-09T02:17:43Z

Consolidate instances (code segments) of TDREPORT generation to improve readability and maintainability, by refactoring each instance into invoking a unified subroutine throughout the TDX guest driver. Implement proper locking around TDG.MR.REPORT and TDG.MR.RTMR.EXTEND to avoid race inside the TDX module. Preallocate TDREPORT buffer to reduce overhead in subsequent TDREPORT generation. Signed-off-by: Cedric Xing Acked-by: Dionna Amalie Glaze Link: https://patch.msgid.link/20250506-tdx-rtmr-v6-6-ac6ff5e9d58a@intel.com Signed-off-by: Dan Williams

virt: tdx-guest: Expose TDX MRs as sysfs attributes

2025-05-09T02:17:43Z

Expose the most commonly used TDX MRs (Measurement Registers) as sysfs attributes. Use the ioctl() interface of /dev/tdx_guest to request a full TDREPORT for access to other TD measurements. Directory structure of TDX MRs inside a TDVM is as follows: /sys/class/misc/tdx_guest └── measurements ├── mrconfigid ├── mrowner ├── mrownerconfig ├── mrtd:sha384 ├── rtmr0:sha384 ├── rtmr1:sha384 ├── rtmr2:sha384 └── rtmr3:sha384 Read the file/attribute to retrieve the current value of an MR. Write to the file/attribute (if writable) to extend the corresponding RTMR. Refer to Documentation/ABI/testing/sysfs-devices-virtual-misc-tdx_guest for more information. Signed-off-by: Cedric Xing Acked-by: Dionna Amalie Glaze [djbw: fixup exit order] Link: https://patch.msgid.link/20250508010606.4129953-1-dan.j.williams@intel.com Signed-off-by: Dan Williams

tsm-mr: Add TVM Measurement Register support

2025-05-09T02:17:33Z

Introduce new TSM Measurement helper library (tsm-mr) for TVM guest drivers to expose MRs (Measurement Registers) as sysfs attributes, with Crypto Agility support. Add the following new APIs (see include/linux/tsm-mr.h for details): - tsm_mr_create_attribute_group(): Take on input a `struct tsm_measurements` instance, which includes one `struct tsm_measurement_register` per MR with properties like `TSM_MR_F_READABLE` and `TSM_MR_F_WRITABLE`, to determine the supported operations and create the sysfs attributes accordingly. On success, return a `struct attribute_group` instance that will typically be included by the guest driver into `miscdevice.groups` before calling misc_register(). - tsm_mr_free_attribute_group(): Free the memory allocated to the attrubute group returned by tsm_mr_create_attribute_group(). tsm_mr_create_attribute_group() creates one attribute for each MR, with names following this pattern: MRNAME[:HASH] - MRNAME - Placeholder for the MR name, as specified by `tsm_measurement_register.mr_name`. - :HASH - Optional suffix indicating the hash algorithm associated with this MR, as specified by `tsm_measurement_register.mr_hash`. Support Crypto Agility by allowing multiple definitions of the same MR (i.e., with the same `mr_name`) with distinct HASH algorithms. NOTE: Crypto Agility, introduced in TPM 2.0, allows new hash algorithms to be introduced without breaking compatibility with applications using older algorithms. CC architectures may face the same challenge in the future, needing new hashes for security while retaining compatibility with older hashes, hence the need for Crypto Agility. Signed-off-by: Cedric Xing Reviewed-by: Dan Williams Acked-by: Dionna Amalie Glaze [djbw: fixup bin_attr const conflict] Link: https://patch.msgid.link/20250509020739.882913-1-dan.j.williams@intel.com Signed-off-by: Dan Williams

Merge branch 'for-6.16/tsm' into tsm-next

2025-05-09T01:12:06Z

Pick up the drivers/virt/coco/guest/ split in preparation for TSM host drivers.

configfs-tsm-report: Fix NULL dereference of tsm_ops

2025-05-07T23:48:37Z

Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items. Instead, the configfs-tsm-report mechanism has an expectation that tsm_unregister() can happen at any time and cause established config-item access to start failing. That expectation is not fully satisfied. While tsm_report_read(), tsm_report_{is,is_bin}_visible(), and tsm_report_make_item() safely fail if tsm_ops have been unregistered, tsm_report_privlevel_store() tsm_report_provider_show() fail to check for ops registration. Add the missing checks for tsm_ops having been removed. Now, in supporting the ability for tsm_unregister() to always succeed, it leaves the problem of what to do with lingering config-items. The expectation is that the admin that arranges for the ->remove() (unbind) of the ${tsm_arch}-guest driver is also responsible for deletion of all open config-items. Until that deletion happens, ->probe() (reload / bind) of the ${tsm_arch}-guest driver fails. This allows for emergency shutdown / revocation of attestation interfaces, and requires coordinated restart. Fixes: 70e6f7e2b985 ("configfs-tsm: Introduce a shared ABI for attestation reports") Cc: stable@vger.kernel.org Cc: Suzuki K Poulose Cc: Steven Price Cc: Sami Mujawar Cc: Borislav Petkov (AMD) Cc: Tom Lendacky Reviewed-by: Kuppuswamy Sathyanarayanan Reported-by: Cedric Xing Reviewed-by: Kai Huang Link: https://patch.msgid.link/20250430203331.1177062-1-dan.j.williams@intel.com Signed-off-by: Dan Williams

coco/guest: Move shared guest CC infrastructure to drivers/virt/coco/guest/

2025-05-02T19:52:16Z

In preparation for creating a new drivers/virt/coco/host/ directory to house shared host driver infrastructure for confidential computing, move configfs-tsm to a guest/ sub-directory. The tsm.ko module is renamed to tsm_reports.ko. The old tsm.ko module was only ever demand loaded by kernel internal dependencies, so it should not affect existing userspace module install scripts. The new drivers/virt/coco/guest/ is also a preparatory landing spot for new / optional TSM Report mechanics like a TCB stability enumeration / watchdog mechanism. To be added later. Cc: Wu Hao Cc: Yilun Xu Cc: Samuel Ortiz Cc: Tom Lendacky Reviewed-by: Alexey Kardashevskiy Reviewed-by: Kuppuswamy Sathyanarayanan Link: https://patch.msgid.link/174107246641.1288555.208426916259466774.stgit@dwillia2-xfh.jf.intel.com Signed-off-by: Dan Williams