From nobody Mon Feb  9 11:47:06 2026
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.18])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D87052561BB;
	Fri,  2 May 2025 13:08:46 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.18
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1746191328; cv=none;
 b=LD+TJox/UbxAfFmC/A6FE2cjKyh0HMxtNIAMsZWsUCo4BcKqcFrXAAnCaMeV/ykgjDD4+h4w7KS16RJjqNUKMM/pc0ADq2cE6N79faTcMR1aexXmWbaZHbCGD8qR0BHGc2wu0JMsi6AacBbQGJquWdytgMEkaJRHyYxMIWQE+lw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1746191328; c=relaxed/simple;
	bh=7xeWckPjP89IBi9NXNh7YPusMMIHW2rLxxKdSrf9EoQ=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version;
 b=feqw29DVTLx6ReqhrfAQlON9QhVNWdtBnqcvStKFPpC0+pAWYk+6pGmOs0OX7KClqwi82ZXDZUgVWZfnhw3nbzNF+VBcEe54yNb6AdnfjW61AXFfwEh6Ja5bN0AMRgv5x3z1lFCm5cSzjjATdBYobNCtSRgKNbfXq0pjK0J0OnQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=none smtp.helo=mgamail.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=CCm1wqj3; arc=none smtp.client-ip=198.175.65.18
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=none smtp.helo=mgamail.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="CCm1wqj3"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1746191326; x=1777727326;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=7xeWckPjP89IBi9NXNh7YPusMMIHW2rLxxKdSrf9EoQ=;
  b=CCm1wqj3f+ZaTja4b2M1+ofWaz/G7JWxmP+2sU/U66oeK7yUxBq6CcFs
   rJoXD1qxQZy22dgTQGhd00ThVk9MMU4cxSDS+as/aEQDE/ey8JIqVIirJ
   I3hAErPNBtFs2xiOcFoY5zsvEO+dyJQM9dEmN3uuXeup19o4WEqN4zyWL
   77PqLB+wdB4pYjnb3q8Tk3xR0f8lZblmdDPISMku0eJ+wttLVk3ecs7DP
   syJuv0UAGtrG53pbHuxHBbxytKdM5Il1nv/DHacnBtQVvB/92BQSoNuJ6
   sXKuwWGnaRiZEsd1hP/kO3JSB8c7qWUO/aiSZkKZJW06v6qoHg6gnRXyN
   g==;
X-CSE-ConnectionGUID: gAWWfsLgThWVnxYBahDYgw==
X-CSE-MsgGUID: 8J8R3T25QRKWuZbMMgR3hg==
X-IronPort-AV: E=McAfee;i="6700,10204,11421"; a="48013001"
X-IronPort-AV: E=Sophos;i="6.15,256,1739865600";
   d="scan'208";a="48013001"
Received: from fmviesa002.fm.intel.com ([10.60.135.142])
  by orvoesa110.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 02 May 2025 06:08:45 -0700
X-CSE-ConnectionGUID: p2hxTxWpReWIJnPWa4/6yQ==
X-CSE-MsgGUID: XeibqyAdQrmPjFUwZsSSIw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.15,256,1739865600";
   d="scan'208";a="157871094"
Received: from black.fi.intel.com ([10.237.72.28])
  by fmviesa002.fm.intel.com with ESMTP; 02 May 2025 06:08:41 -0700
Received: by black.fi.intel.com (Postfix, from userid 1000)
	id 97A1D436; Fri, 02 May 2025 16:08:36 +0300 (EEST)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: pbonzini@redhat.com,
	seanjc@google.com
Cc: rick.p.edgecombe@intel.com,
	isaku.yamahata@intel.com,
	kai.huang@intel.com,
	yan.y.zhao@intel.com,
	tglx@linutronix.de,
	mingo@redhat.com,
	bp@alien8.de,
	dave.hansen@linux.intel.com,
	kvm@vger.kernel.org,
	x86@kernel.org,
	linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [RFC, PATCH 12/12] x86/virt/tdx: Enable Dynamic PAMT
Date: Fri,  2 May 2025 16:08:28 +0300
Message-ID: <20250502130828.4071412-13-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.47.2
In-Reply-To: <20250502130828.4071412-1-kirill.shutemov@linux.intel.com>
References: <20250502130828.4071412-1-kirill.shutemov@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The Physical Address Metadata Table (PAMT) holds TDX metadata for
physical memory and must be allocated by the kernel during TDX module
initialization.

The exact size of the required PAMT memory is determined by the TDX
module and may vary between TDX module versions, but currently it is
approximately 0.4% of the system memory. This is a significant
commitment, especially if it is not known upfront whether the machine
will run any TDX guests.

The Dynamic PAMT feature reduces static PAMT allocations. PAMT_1G and
PAMT_2M levels are still allocated on TDX module initialization, but the
PAMT_4K level is allocated dynamically, reducing static allocations to
approximately 0.004% of the system memory.

All pieces are in place. Enable Dynamic PAMT if it is supported.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/include/asm/tdx.h  | 6 +++++-
 arch/x86/virt/vmx/tdx/tdx.c | 8 ++++++++
 arch/x86/virt/vmx/tdx/tdx.h | 3 ---
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 42449c054938..5744f98d193e 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -32,6 +32,10 @@
 #define TDX_SUCCESS		0ULL
 #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
=20
+/* Bit definitions of TDX_FEATURES0 metadata field */
+#define TDX_FEATURES0_NO_RBP_MOD	BIT_ULL(18)
+#define TDX_FEATURES0_DYNAMIC_PAMT	BIT_ULL(36)
+
 #ifndef __ASSEMBLER__
=20
 #include <uapi/asm/mce.h>
@@ -127,7 +131,7 @@ const struct tdx_sys_info *tdx_get_sysinfo(void);
=20
 static inline bool tdx_supports_dynamic_pamt(const struct tdx_sys_info *sy=
sinfo)
 {
-	return false; /* To be enabled when kernel is ready */
+	return sysinfo->features.tdx_features0 & TDX_FEATURES0_DYNAMIC_PAMT;
 }
=20
 static inline int tdx_nr_pamt_pages(const struct tdx_sys_info *sysinfo)
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 74bd81acef7b..f35566c0588d 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -945,6 +945,8 @@ static int construct_tdmrs(struct list_head *tmb_list,
 	return ret;
 }
=20
+#define TDX_SYS_CONFIG_DYNAMIC_PAMT	BIT(16)
+
 static int config_tdx_module(struct tdmr_info_list *tdmr_list, u64 global_=
keyid)
 {
 	struct tdx_module_args args =3D {};
@@ -972,6 +974,12 @@ static int config_tdx_module(struct tdmr_info_list *td=
mr_list, u64 global_keyid)
 	args.rcx =3D __pa(tdmr_pa_array);
 	args.rdx =3D tdmr_list->nr_consumed_tdmrs;
 	args.r8 =3D global_keyid;
+
+	if (tdx_supports_dynamic_pamt(&tdx_sysinfo)) {
+		pr_info("Enable Dynamic PAMT\n");
+		args.r8 |=3D TDX_SYS_CONFIG_DYNAMIC_PAMT;
+	}
+
 	ret =3D seamcall_prerr(TDH_SYS_CONFIG, &args);
=20
 	/* Free the array as it is not required anymore. */
diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
index 46c4214b79fb..096c78a1d438 100644
--- a/arch/x86/virt/vmx/tdx/tdx.h
+++ b/arch/x86/virt/vmx/tdx/tdx.h
@@ -86,9 +86,6 @@ struct tdmr_info {
 	DECLARE_FLEX_ARRAY(struct tdmr_reserved_area, reserved_areas);
 } __packed __aligned(TDMR_INFO_ALIGNMENT);
=20
-/* Bit definitions of TDX_FEATURES0 metadata field */
-#define TDX_FEATURES0_NO_RBP_MOD	BIT(18)
-
 /*
  * Do not put any hardware-defined TDX structure representations below
  * this comment!
--=20
2.47.2