From nobody Sun May 24 19:34:52 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 27E793672B2; Fri, 22 May 2026 17:26:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470786; cv=none; b=d39XvzTlA9k6JC4373gxIUbFNU+Z7NwadJEZydJa1WB1i5hKPbAUvAMSsedknOH61WSMoIvcmbXFyruTwJ5rb16h/8O+tikPhq+47kQN5wbJc23EqirPvhhNg8ncjp1zgjVDh8PQvpWIYWWfdfSiJxpUuqyddj7zpZmbY1Yj69A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779470786; c=relaxed/simple; bh=FQ8LOcUuonFC5jpKrJO4xooGINE9iBAgAC3RmDOuIYo=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=syqFMLxcCQJXLmRmyf7CEHWm12bC18bSYWhhj5T7jfiQUUyxAuG47N8W25YN8903efLUkb6bM/flkngtpJCKmqc60xld4lxsWMd69FJSbU1HWNaZFDll3LGo1ls5wxZ80ruUK56oBzTgORy/1r/dPQ1oYPeI+wQW7q5aVN5F07A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=fFD66Rwb; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=zVVms7OB; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="fFD66Rwb"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="zVVms7OB" Date: Fri, 22 May 2026 17:26:22 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1779470783; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zoSQ/YHuUHNpuyHTsozp3tAhadY6luuDMlwfA/uZPr0=; b=fFD66RwbpI+JBqyTYz2hxDVK+KdWRohtQdQJO8loWHDXriiaGjH/pz/7MKq3P0StZeyQhV yqZi6IhPs7s7tAoHCGr/nUs6WtHbNqaGK7J99hrt/dilYgH0JEO8aPH1P3hpxmumewr9Xg ynW7QLFdyrlcEv3MFbo9KEllMaCUJ2c0258Jm4/r/9APsH6OUVxjUwABBi26UPpJmjiqFf UdQjC0ED/twYBx1YMLczvopQDxFWbydhuY1LAEgneHF0ndcRFSdzxBuJFfChOiTs5h7GqZ uP/uI9fEp2fDleitye0hO7uXjJYax1mFh3rOMQj2NnnnUPLFZ2E03ucCwptQaw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1779470783; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zoSQ/YHuUHNpuyHTsozp3tAhadY6luuDMlwfA/uZPr0=; b=zVVms7OBg4IlBJkMTgP+izIRTqkBU46dRsMlvx1tiUmpD2S122tD+sJhcmG7P4ZXocGKFi bCmyqJVYxPbavGBg== From: "tip-bot2 for Chao Gao" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/tdx] coco/tdx-host: Don't expose P-SEAMLDR information on CPUs with erratum Cc: Chao Gao , Dave Hansen , Kai Huang , "Kiryl Shutsemau (Meta)" , Rick Edgecombe , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20260520222859.8033E383@davehans-spike.ostc.intel.com> References: <20260520222859.8033E383@davehans-spike.ostc.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <177947078247.711.6711180361878125275.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/tdx branch of tip: Commit-ID: 56b46fe202f8078b05ce86853ab190b505c7a0e3 Gitweb: https://git.kernel.org/tip/56b46fe202f8078b05ce86853ab190b50= 5c7a0e3 Author: Chao Gao AuthorDate: Wed, 20 May 2026 15:28:59 -07:00 Committer: Dave Hansen CommitterDate: Wed, 20 May 2026 15:37:09 -07:00 coco/tdx-host: Don't expose P-SEAMLDR information on CPUs with erratum TDX-capable CPUs clobber the current VMCS on P-SEAMLDR calls. Clearing the current VMCS behind KVM's back breaks KVM. Future CPUs will fix this by preserving the current VMCS across P-SEAMLDR calls. A future specification update will describe the VMCS-clearing behavior as an erratum and to state that it does not occur when IA32_VMX_BASIC[60] is set. Add a CPU bug bit and refuse to expose P-SEAMLDR information on affected CPUs. Use a CPU bug bit to stay consistent with X86_BUG_TDX_PW_MCE. As a bonus, the bug bit is visible to userspace, which allows userspace to determine why these sysfs files are not exposed, and it can also be checked by other kernel components in the future if needed. =3D=3D Alternatives =3D=3D Two workarounds were considered but both were rejected: 1. Save/restore the current VMCS around P-SEAMLDR calls. This produces ugly assembly code [1] and doesn't play well with #MCE or #NMI if they need to use the current VMCS. 2. Move KVM's VMCS tracking logic to the TDX core code, which would break the boundary between KVM and the TDX core code [2]. [ dhansen: comment and changelog munging. Add seamldr_call() bug check. ] Signed-off-by: Chao Gao Signed-off-by: Dave Hansen Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Reviewed-by: Rick Edgecombe Reviewed-by: Dave Hansen Link: https://lore.kernel.org/kvm/fedb3192-e68c-423c-93b2-a4dc2f964148@inte= l.com/ # [1] Link: https://lore.kernel.org/kvm/aYIXFmT-676oN6j0@google.com/ # [2] Link: https://patch.msgid.link/20260520133909.409394-12-chao.gao@intel.com Link: https://patch.msgid.link/20260520222859.8033E383@davehans-spike.ostc.= intel.com --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/vmx.h | 1 + arch/x86/virt/vmx/tdx/seamldr.c | 13 +++++++++++++ arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++ drivers/virt/coco/tdx-host/tdx-host.c | 8 ++++++++ 5 files changed, 34 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index 1d506e5..7b572bc 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -573,4 +573,5 @@ #define X86_BUG_ITS_NATIVE_ONLY X86_BUG( 1*32+ 8) /* "its_native_only" CP= U is affected by ITS, VMX is not affected */ #define X86_BUG_TSA X86_BUG( 1*32+ 9) /* "tsa" CPU is affected by Transi= ent Scheduler Attacks */ #define X86_BUG_VMSCAPE X86_BUG( 1*32+10) /* "vmscape" CPU is affected b= y VMSCAPE attacks from guests */ +#define X86_BUG_SEAMRET_INVD_VMCS X86_BUG( 1*32+11) /* "seamret_invd_vmcs"= SEAMRET from P-SEAMLDR clears the current VMCS */ #endif /* _ASM_X86_CPUFEATURES_H */ diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 3708038..49d8551 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -147,6 +147,7 @@ struct vmcs { #define VMX_BASIC_INOUT BIT_ULL(54) #define VMX_BASIC_TRUE_CTLS BIT_ULL(55) #define VMX_BASIC_NO_HW_ERROR_CODE_CC BIT_ULL(56) +#define VMX_BASIC_NO_SEAMRET_INVD_VMCS BIT_ULL(60) =20 static inline u32 vmx_basic_vmcs_revision_id(u64 vmx_basic) { diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamld= r.c index 7269a23..baa86f2 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -6,8 +6,11 @@ */ #define pr_fmt(fmt) "seamldr: " fmt =20 +#include #include =20 +#include +#include #include =20 #include "seamcall_internal.h" @@ -25,6 +28,16 @@ static DEFINE_RAW_SPINLOCK(seamldr_lock); =20 static int seamldr_call(u64 fn, struct tdx_module_args *args) { + /* + * With this bug, P-SEAMLDR calls corrupt the VMCS + * pointer and must be avoided. This path should be + * unreachable since sysfs hides the ABIs. + */ + if (boot_cpu_has_bug(X86_BUG_SEAMRET_INVD_VMCS)) { + WARN_ON(1); + return -EINVAL; + } + guard(raw_spinlock)(&seamldr_lock); return seamcall_prerr(fn, args); } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 5fb0441..53cf99c 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -42,6 +42,7 @@ #include #include #include +#include =20 #include "seamcall_internal.h" #include "tdx.h" @@ -1450,6 +1451,8 @@ static struct notifier_block tdx_memory_nb =3D { =20 static void __init check_tdx_erratum(void) { + u64 basic_msr; + /* * These CPUs have an erratum. A partial write from non-TD * software (e.g. via MOVNTI variants or UC/WC mapping) to TDX @@ -1461,6 +1464,14 @@ static void __init check_tdx_erratum(void) case INTEL_EMERALDRAPIDS_X: setup_force_cpu_bug(X86_BUG_TDX_PW_MCE); } + + /* + * Some TDX-capable CPUs have an erratum where the current VMCS is + * cleared after calling into P-SEAMLDR. + */ + rdmsrq(MSR_IA32_VMX_BASIC, basic_msr); + if (!(basic_msr & VMX_BASIC_NO_SEAMRET_INVD_VMCS)) + setup_force_cpu_bug(X86_BUG_SEAMRET_INVD_VMCS); } =20 void __init tdx_init(void) diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-= host/tdx-host.c index 2997311..2886554 100644 --- a/drivers/virt/coco/tdx-host/tdx-host.c +++ b/drivers/virt/coco/tdx-host/tdx-host.c @@ -98,6 +98,14 @@ static umode_t seamldr_group_visible(struct kobject *kob= j, struct attribute *att if (!tdx_supports_runtime_update(sysinfo)) return 0; =20 + /* + * This bug makes P-SEAMLDR calls clobber the current VMCS + * which breaks KVM. Avoid P-SEAMLDR calls by hiding all + * attributes if the CPU has this bug. + */ + if (boot_cpu_has_bug(X86_BUG_SEAMRET_INVD_VMCS)) + return 0; + return attr->mode; } =20