From nobody Sun May 24 19:34:23 2026
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 10C774014A8;
	Fri, 22 May 2026 17:26:29 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.142.43.55
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1779470790; cv=none;
 b=aMxtH5TmthdZ0GmVW++h7rtVHDtpCq37R6W+RzlKdIMqVxzlNVQ6pZIA/icJmZzKkQs0XoVFtRf11zZVsVEkszTDTTey7ypjs9sAGuO+TuBlMDKClcFUQmWsNQJa+rGuZOJjk4BC+TjTyWGtfKjXddBPoxouhzi6dQ39V9y5nZw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1779470790; c=relaxed/simple;
	bh=PrfzXOgN3ciu5md1zEfhFVgSl99CCeHSjAOhY/JorM4=;
	h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version:
	 Message-ID:Content-Type;
 b=QUfEd5OtftbRTtjr1VYngyJwVJjXBTT7lAvIcFWDPuKOViH+SJJmh4fbl7MatpkB36+ImsyQ9+YuVvEmhG8AiI7hzr0ij8adbWEkhDXsPDP3AcLyBiI7wi/80AUGTG/HrK2XuDsy0DFgU9EhRxlSIX+3XAiFiyenPW0kl5MCKx8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de;
 spf=pass smtp.mailfrom=linutronix.de;
 dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=JZu+/FN1;
 dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b=wQcG2Cbr; arc=none smtp.client-ip=193.142.43.55
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linutronix.de
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="JZu+/FN1";
	dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de
 header.b="wQcG2Cbr"
Date: Fri, 22 May 2026 17:26:26 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020; t=1779470787;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=MPwjaQRPyI7KU8/MAp8HkfMnyn1bD63onrt1W2BTUyU=;
	b=JZu+/FN1ReRPQZTZUOQZ+QOLSXJc+/IHA1Tft7I2jb1iuEZiQz963x13mDOe99BOcc5NId
	C2/vAaoulNkrn4KCj88/xnmpFl2XxyMgF3qIHly+oT40rWK6ggNaaVEHoqGLOR7f3rA5FY
	c35p+gXXs4Im3Dk9aTcuJ04vD99LfSyflIDKDjpjEe1foR1ht1xpNVsQzpRlwrq+hA2Qgd
	5qa0BYFfwvXAONcUBlGFwgQqtRD4PW7J2+GCwxvxzv6oR48BSHl4VIZVG59wRhyjeMOFJg
	ZB14Sorxff6Ga8A4x0067fO54fBkdIJre9wLbmZmJZqZptF2glnl3HwMAiqCOg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
	s=2020e; t=1779470787;
	h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=MPwjaQRPyI7KU8/MAp8HkfMnyn1bD63onrt1W2BTUyU=;
	b=wQcG2CbrglF4bvijrRiLNeo/ULdtwa3pQcLDLTaXkVA9Ey1qvLkMwd1jwC7gQS8tG0BO4o
	D/GIzzkXLv3d4LBQ==
From: "tip-bot2 for Chao Gao" <tip-bot2@linutronix.de>
Sender: tip-bot2@linutronix.de
Reply-to: linux-kernel@vger.kernel.org
To: linux-tip-commits@vger.kernel.org
Subject: 
 [tip: x86/tdx] x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs
Cc: Chao Gao <chao.gao@intel.com>, Dave Hansen <dave.hansen@linux.intel.com>,
 Binbin Wu <binbin.wu@linux.intel.com>, Kai Huang <kai.huang@intel.com>,
 "Kiryl Shutsemau (Meta)" <kas@kernel.org>, Xiaoyao Li <xiaoyao.li@intel.com>,
 Rick Edgecombe <rick.p.edgecombe@intel.com>, x86@kernel.org,
 linux-kernel@vger.kernel.org
In-Reply-To: <20260520222855.219B8D20@davehans-spike.ostc.intel.com>
References: <20260520222855.219B8D20@davehans-spike.ostc.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Message-ID: <177947078613.711.7311710427042536640.tip-bot2@tip-bot2>
Robot-ID: <tip-bot2@linutronix.de>
Robot-Unsubscribe: 
 Contact <mailto:tglx@kernel.org> to get blacklisted from these emails
Precedence: bulk
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following commit has been merged into the x86/tdx branch of tip:

Commit-ID:     b434b916fed3e18c19ecc5636d472b00f824abc6
Gitweb:        https://git.kernel.org/tip/b434b916fed3e18c19ecc5636d472b00f=
824abc6
Author:        Chao Gao <chao.gao@intel.com>
AuthorDate:    Wed, 20 May 2026 15:28:55 -07:00
Committer:     Dave Hansen <dave.hansen@linux.intel.com>
CommitterDate: Wed, 20 May 2026 15:37:09 -07:00

x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs

The TDX architecture uses the "SEAMCALL" instruction to communicate with
SEAM mode software. Right now, the only SEAM mode software that the kernel
communicates with is the TDX module. But, there is actually another
component that runs in SEAM mode but it is separate from the TDX module:
the persistent SEAM loader or "P-SEAMLDR". Right now, the only component
that communicates with it is the BIOS which loads the TDX module itself at
boot. But, to support updating the TDX module, the kernel now needs to be
able to talk to it.

P-SEAMLDR SEAMCALLs differ from TDX module SEAMCALLs in areas such as
concurrency requirements.

Add a P-SEAMLDR wrapper to handle these differences and prepare for
implementing concrete functions.

Use seamcall_prerr() (not '_ret') because current P-SEAMLDR calls do not
use any output registers other than RAX.

Note: Despite the similar name, the NP-SEAMLDR ("Non-Persistent")
(ACM) invoked exclusively by the BIOS at boot rather than a component
running in SEAM mode. The kernel cannot call it at runtime. It exposes
no SEAMCALL interface.

Signed-off-by: Chao Gao <chao.gao@intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://cdrdv2.intel.com/v1/dl/getContent/733582 # [1]
Link: https://patch.msgid.link/20260520133909.409394-9-chao.gao@intel.com
Link: https://patch.msgid.link/20260520222855.219B8D20@davehans-spike.ostc.=
intel.com
---
 arch/x86/virt/vmx/tdx/Makefile  |  2 +-
 arch/x86/virt/vmx/tdx/seamldr.c | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 arch/x86/virt/vmx/tdx/seamldr.c

diff --git a/arch/x86/virt/vmx/tdx/Makefile b/arch/x86/virt/vmx/tdx/Makefile
index 90da47e..d1dbc5c 100644
--- a/arch/x86/virt/vmx/tdx/Makefile
+++ b/arch/x86/virt/vmx/tdx/Makefile
@@ -1,2 +1,2 @@
 # SPDX-License-Identifier: GPL-2.0-only
-obj-y +=3D seamcall.o tdx.o
+obj-y +=3D seamcall.o seamldr.o tdx.o
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamld=
r.c
new file mode 100644
index 0000000..65616dd
--- /dev/null
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * P-SEAMLDR support for TDX module management features like runtime updat=
es
+ *
+ * Copyright (C) 2025 Intel Corporation
+ */
+#define pr_fmt(fmt)	"seamldr: " fmt
+
+#include <linux/spinlock.h>
+
+#include "seamcall_internal.h"
+
+/*
+ * Serialize P-SEAMLDR calls since the hardware only allows a single CPU to
+ * interact with P-SEAMLDR simultaneously. Use raw version as the calls can
+ * be made with interrupts disabled, where plain spinlocks are prohibited =
in
+ * PREEMPT_RT kernels as they become sleeping locks.
+ */
+static DEFINE_RAW_SPINLOCK(seamldr_lock);
+
+static __maybe_unused int seamldr_call(u64 fn, struct tdx_module_args *arg=
s)
+{
+	guard(raw_spinlock)(&seamldr_lock);
+	return seamcall_prerr(fn, args);
+}