1. Patchew
  2. linux
  3. [PATCH v2 00/21] Runtime TDX Module update support
  4. View patch

[PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs

Chao Gao posted 21 patches 4 months, 1 week ago
There is a newer version of this series
[PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Chao Gao 4 months, 1 week ago 
P-SEAMLDR is another component alongside the TDX module within the
protected SEAM range. P-SEAMLDR can update the TDX module at runtime.
Software can talk with P-SEAMLDR via SEAMCALLs with the bit 63 of RAX
(leaf number) set to 1 (a.k.a P-SEAMLDR SEAMCALLs).

P-SEAMLDR SEAMCALLs differ from SEAMCALLs of the TDX module in terms of
error codes and the handling of the current VMCS.

In preparation for adding support for P-SEAMLDR SEAMCALLs, do the two
following changes to SEAMCALL low-level helpers:

1) Tweak sc_retry() to retry on "lack of entropy" errors reported by
   P-SEAMLDR because it uses a different error code.

2) Add seamldr_err() to log error messages on P-SEAMLDR SEAMCALL failures.

Signed-off-by: Chao Gao <chao.gao@intel.com>
Tested-by: Farrah Chen <farrah.chen@intel.com>
---
Add seamldr_prerr() as a macro to be consistent with existing code. If
maintainers would like to switch these to static inline functions then I
would be happy to add a new patch to convert existing macros to static
inline functions and build on that.

v2:
 - use a macro rather than an inline function for seamldr_err() for
   consistency.
---
 arch/x86/include/asm/tdx.h       |  5 +++++
 arch/x86/virt/vmx/tdx/seamcall.h | 29 ++++++++++++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index e872a411a359..7ad026618a23 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -32,6 +32,11 @@
 #define TDX_SUCCESS		0ULL
 #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
 
+/* P-SEAMLDR SEAMCALL leaf function error codes */
+#define SEAMLDR_RND_NO_ENTROPY	0x8000000000030001ULL
+
+#define SEAMLDR_SEAMCALL_MASK	_BITUL(63)
+
 #ifndef __ASSEMBLER__
 
 #include <uapi/asm/mce.h>
diff --git a/arch/x86/virt/vmx/tdx/seamcall.h b/arch/x86/virt/vmx/tdx/seamcall.h
index 71b6ffddfa40..3f462e58d68e 100644
--- a/arch/x86/virt/vmx/tdx/seamcall.h
+++ b/arch/x86/virt/vmx/tdx/seamcall.h
@@ -14,6 +14,19 @@ u64 __seamcall_saved_ret(u64 fn, struct tdx_module_args *args);
 
 typedef u64 (*sc_func_t)(u64 fn, struct tdx_module_args *args);
 
+static inline bool is_seamldr_call(u64 fn)
+{
+	return fn & SEAMLDR_SEAMCALL_MASK;
+}
+
+static inline bool sc_need_retry(u64 fn, u64 error_code)
+{
+	if (is_seamldr_call(fn))
+		return error_code == SEAMLDR_RND_NO_ENTROPY;
+	else
+		return error_code == TDX_RND_NO_ENTROPY;
+}
+
 static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
 			   struct tdx_module_args *args)
 {
@@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
 
 	do {
 		ret = func(fn, args);
-	} while (ret == TDX_RND_NO_ENTROPY && --retry);
+	} while (sc_need_retry(fn, ret) && --retry);
 
 	return ret;
 }
@@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
 			args->r9, args->r10, args->r11);
 }
 
+static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
+{
+	/*
+	 * Get the actual leaf number. No need to print the bit used to
+	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
+	 * string in the error message already provides that information.
+	 */
+	fn &= ~SEAMLDR_SEAMCALL_MASK;
+	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);
+}
+
 static __always_inline int sc_retry_prerr(sc_func_t func,
 					  sc_err_func_t err_func,
 					  u64 fn, struct tdx_module_args *args)
@@ -76,4 +100,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func,
 #define seamcall_prerr_ret(__fn, __args)					\
 	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
 
+#define seamldr_prerr(__fn, __args)						\
+	sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args))
+
 #endif
-- 
2.47.3
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Duan, Zhenzhong 3 weeks, 4 days ago 
On 10/1/2025 10:52 AM, Chao Gao wrote:
> P-SEAMLDR is another component alongside the TDX module within the
> protected SEAM range. P-SEAMLDR can update the TDX module at runtime.
> Software can talk with P-SEAMLDR via SEAMCALLs with the bit 63 of RAX
> (leaf number) set to 1 (a.k.a P-SEAMLDR SEAMCALLs).
>
> P-SEAMLDR SEAMCALLs differ from SEAMCALLs of the TDX module in terms of
> error codes and the handling of the current VMCS.
>
> In preparation for adding support for P-SEAMLDR SEAMCALLs, do the two
> following changes to SEAMCALL low-level helpers:
>
> 1) Tweak sc_retry() to retry on "lack of entropy" errors reported by
>     P-SEAMLDR because it uses a different error code.
>
> 2) Add seamldr_err() to log error messages on P-SEAMLDR SEAMCALL failures.
>
> Signed-off-by: Chao Gao <chao.gao@intel.com>
> Tested-by: Farrah Chen <farrah.chen@intel.com>
> ---
> Add seamldr_prerr() as a macro to be consistent with existing code. If
> maintainers would like to switch these to static inline functions then I
> would be happy to add a new patch to convert existing macros to static
> inline functions and build on that.
>
> v2:
>   - use a macro rather than an inline function for seamldr_err() for
>     consistency.
> ---
>   arch/x86/include/asm/tdx.h       |  5 +++++
>   arch/x86/virt/vmx/tdx/seamcall.h | 29 ++++++++++++++++++++++++++++-
>   2 files changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index e872a411a359..7ad026618a23 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -32,6 +32,11 @@
>   #define TDX_SUCCESS		0ULL
>   #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>   
> +/* P-SEAMLDR SEAMCALL leaf function error codes */
> +#define SEAMLDR_RND_NO_ENTROPY	0x8000000000030001ULL
> +
> +#define SEAMLDR_SEAMCALL_MASK	_BITUL(63)
> +
>   #ifndef __ASSEMBLER__
>   
>   #include <uapi/asm/mce.h>
> diff --git a/arch/x86/virt/vmx/tdx/seamcall.h b/arch/x86/virt/vmx/tdx/seamcall.h
> index 71b6ffddfa40..3f462e58d68e 100644
> --- a/arch/x86/virt/vmx/tdx/seamcall.h
> +++ b/arch/x86/virt/vmx/tdx/seamcall.h
> @@ -14,6 +14,19 @@ u64 __seamcall_saved_ret(u64 fn, struct tdx_module_args *args);
>   
>   typedef u64 (*sc_func_t)(u64 fn, struct tdx_module_args *args);
>   
> +static inline bool is_seamldr_call(u64 fn)
> +{
> +	return fn & SEAMLDR_SEAMCALL_MASK;
> +}
> +
> +static inline bool sc_need_retry(u64 fn, u64 error_code)
> +{
> +	if (is_seamldr_call(fn))

Do we need to have this check, can TDX module seamcall return

value SEAMLDR_RND_NO_ENTROPY but for different reason?

> +		return error_code == SEAMLDR_RND_NO_ENTROPY;
> +	else
> +		return error_code == TDX_RND_NO_ENTROPY;
> +}
> +
>   static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>   			   struct tdx_module_args *args)
>   {
> @@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>   
>   	do {
>   		ret = func(fn, args);
> -	} while (ret == TDX_RND_NO_ENTROPY && --retry);
> +	} while (sc_need_retry(fn, ret) && --retry);
>   
>   	return ret;
>   }
> @@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
>   			args->r9, args->r10, args->r11);
>   }
>   
> +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
> +{
> +	/*
> +	 * Get the actual leaf number. No need to print the bit used to
> +	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
> +	 * string in the error message already provides that information.
> +	 */
> +	fn &= ~SEAMLDR_SEAMCALL_MASK;
> +	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);
> +}
> +
>   static __always_inline int sc_retry_prerr(sc_func_t func,
>   					  sc_err_func_t err_func,
>   					  u64 fn, struct tdx_module_args *args)
> @@ -76,4 +100,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func,
>   #define seamcall_prerr_ret(__fn, __args)					\
>   	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
>   
> +#define seamldr_prerr(__fn, __args)						\
> +	sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args))
> +
>   #endif
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Chao Gao 3 weeks, 3 days ago 
>> diff --git a/arch/x86/virt/vmx/tdx/seamcall.h b/arch/x86/virt/vmx/tdx/seamcall.h
>> index 71b6ffddfa40..3f462e58d68e 100644
>> --- a/arch/x86/virt/vmx/tdx/seamcall.h
>> +++ b/arch/x86/virt/vmx/tdx/seamcall.h
>> @@ -14,6 +14,19 @@ u64 __seamcall_saved_ret(u64 fn, struct tdx_module_args *args);
>>   typedef u64 (*sc_func_t)(u64 fn, struct tdx_module_args *args);
>> +static inline bool is_seamldr_call(u64 fn)
>> +{
>> +	return fn & SEAMLDR_SEAMCALL_MASK;
>> +}
>> +
>> +static inline bool sc_need_retry(u64 fn, u64 error_code)
>> +{
>> +	if (is_seamldr_call(fn))
>
>Do we need to have this check, can TDX module seamcall return
>
>value SEAMLDR_RND_NO_ENTROPY but for different reason?

Currently, The TDX module doesn't return SEAMLDR_RND_NO_ENTROPY for any reason,
and I think it probably won't in the future. But it isn't ruled out by the
spec. It's the same situation for P-SEAMLDR returning TDX_RND_NO_ENTROPY. So I
slightly prefer to keep this check.
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Xu Yilun 3 weeks, 5 days ago 
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index e872a411a359..7ad026618a23 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -32,6 +32,11 @@
>  #define TDX_SUCCESS		0ULL
>  #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>  
> +/* P-SEAMLDR SEAMCALL leaf function error codes */
> +#define SEAMLDR_RND_NO_ENTROPY	0x8000000000030001ULL
> +
> +#define SEAMLDR_SEAMCALL_MASK	_BITUL(63)

If we do want Patch #3 [*], I think no need to expose this bit in
public, define it in your newly added arch/x86/virt/vmx/tdx/seamcall.h

[*]: https://lore.kernel.org/all/20251001025442.427697-4-chao.gao@intel.com/

[...]

> +static inline bool sc_need_retry(u64 fn, u64 error_code)
> +{
> +	if (is_seamldr_call(fn))
> +		return error_code == SEAMLDR_RND_NO_ENTROPY;
> +	else
> +		return error_code == TDX_RND_NO_ENTROPY;
> +}
> +

Maybe we can remove this single-use wrapper and integrate it in
sc_retry?

>  static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>  			   struct tdx_module_args *args)
>  {

	u64 retry_code = TDX_RND_NO_ENTROPY;

	if (is_seamldr_call(fn))
		retry_code = SEAMLDR_RND_NO_ENTROPY;

> @@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>  
>  	do {
>  		ret = func(fn, args);
> -	} while (ret == TDX_RND_NO_ENTROPY && --retry);
> +	} while (sc_need_retry(fn, ret) && --retry);

	} while (ret == retry_code && --retry);

Seems more straightforward to me.

>  
>  	return ret;
>  }
> @@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
>  			args->r9, args->r10, args->r11);
>  }
>  
> +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
> +{
> +	/*
> +	 * Get the actual leaf number. No need to print the bit used to
> +	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
> +	 * string in the error message already provides that information.
> +	 */
> +	fn &= ~SEAMLDR_SEAMCALL_MASK;

Why we must strip the bit from leaf number? See from P-seamldr SPEC [*],
all leaf definitions are with this bit, same for your C code:

  +/* P-SEAMLDR SEAMCALL leaf function */
  +#define P_SEAMLDR_INFO			0x8000000000000000

So my feeling is, log readability reduces without this bit. We don't
have to make all developers understand this bit, just expose the whole
leaf as magic number.

[*] https://cdrdv2.intel.com/v1/dl/getContent/733584

> +	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);

I see no problem we keep both "P-SEAMLDR" string & SEAMLDR bit printed.


And could we handle it the same as sc_retry(), something like:

 static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *args)
 {
-       pr_err("SEAMCALL (0x%016llx) failed: 0x%016llx\n", fn, err);
+       char *call = "SEAMCALL";
+
+       if (is_seamldr_call(fn))
+               call = "P-SEAMLDR";
+
+       pr_err("%s (0x%016llx) failed: 0x%016llx\n", call, fn, err);
 }

And the benifit is ...

> +}
> +
>  static __always_inline int sc_retry_prerr(sc_func_t func,
>  					  sc_err_func_t err_func,
>  					  u64 fn, struct tdx_module_args *args)
> @@ -76,4 +100,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func,
>  #define seamcall_prerr_ret(__fn, __args)					\
>  	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
>  
> +#define seamldr_prerr(__fn, __args)						\
> +	sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args))

... we don't need this definition anymore, just use seamcall_prerr()
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Chao Gao 3 weeks, 3 days ago 
On Tue, Jan 13, 2026 at 05:48:56PM +0800, Xu Yilun wrote:
>> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
>> index e872a411a359..7ad026618a23 100644
>> --- a/arch/x86/include/asm/tdx.h
>> +++ b/arch/x86/include/asm/tdx.h
>> @@ -32,6 +32,11 @@
>>  #define TDX_SUCCESS		0ULL
>>  #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>>  
>> +/* P-SEAMLDR SEAMCALL leaf function error codes */
>> +#define SEAMLDR_RND_NO_ENTROPY	0x8000000000030001ULL
>> +
>> +#define SEAMLDR_SEAMCALL_MASK	_BITUL(63)
>
>If we do want Patch #3 [*], I think no need to expose this bit in
>public, define it in your newly added arch/x86/virt/vmx/tdx/seamcall.h

Makes sense.

>
>[*]: https://lore.kernel.org/all/20251001025442.427697-4-chao.gao@intel.com/
>
>[...]
>
>> +static inline bool sc_need_retry(u64 fn, u64 error_code)
>> +{
>> +	if (is_seamldr_call(fn))
>> +		return error_code == SEAMLDR_RND_NO_ENTROPY;
>> +	else
>> +		return error_code == TDX_RND_NO_ENTROPY;
>> +}
>> +
>
>Maybe we can remove this single-use wrapper and integrate it in
>sc_retry?
>
>>  static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>>  			   struct tdx_module_args *args)
>>  {
>
>	u64 retry_code = TDX_RND_NO_ENTROPY;
>
>	if (is_seamldr_call(fn))
>		retry_code = SEAMLDR_RND_NO_ENTROPY;
>
>> @@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>>  
>>  	do {
>>  		ret = func(fn, args);
>> -	} while (ret == TDX_RND_NO_ENTROPY && --retry);
>> +	} while (sc_need_retry(fn, ret) && --retry);
>
>	} while (ret == retry_code && --retry);
>
>Seems more straightforward to me.

I am ok with this change. Will do.

>
>>  
>>  	return ret;
>>  }
>> @@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
>>  			args->r9, args->r10, args->r11);
>>  }
>>  
>> +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
>> +{
>> +	/*
>> +	 * Get the actual leaf number. No need to print the bit used to
>> +	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
>> +	 * string in the error message already provides that information.
>> +	 */
>> +	fn &= ~SEAMLDR_SEAMCALL_MASK;
>
>Why we must strip the bit from leaf number? See from P-seamldr SPEC [*],
>all leaf definitions are with this bit, same for your C code:
>
>  +/* P-SEAMLDR SEAMCALL leaf function */
>  +#define P_SEAMLDR_INFO			0x8000000000000000
>
>So my feeling is, log readability reduces without this bit. We don't
>have to make all developers understand this bit, just expose the whole
>leaf as magic number.

Agree. Printing P-SEAMLDR leaf numbers in hex without removing bit 63 is
better, so the values shown in the logs can match code and spec.

>
>[*] https://cdrdv2.intel.com/v1/dl/getContent/733584
>
>> +	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);
>
>I see no problem we keep both "P-SEAMLDR" string & SEAMLDR bit printed.
>
>
>And could we handle it the same as sc_retry(), something like:
>
> static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *args)
> {
>-       pr_err("SEAMCALL (0x%016llx) failed: 0x%016llx\n", fn, err);
>+       char *call = "SEAMCALL";
>+
>+       if (is_seamldr_call(fn))
>+               call = "P-SEAMLDR";
>+
>+       pr_err("%s (0x%016llx) failed: 0x%016llx\n", call, fn, err);
> }

It's doable, but the conditional is unnecessary ...

>
>And the benifit is ...
>
>> +}
>> +
>>  static __always_inline int sc_retry_prerr(sc_func_t func,
>>  					  sc_err_func_t err_func,
>>  					  u64 fn, struct tdx_module_args *args)
>> @@ -76,4 +100,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func,
>>  #define seamcall_prerr_ret(__fn, __args)					\
>>  	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
>>  
>> +#define seamldr_prerr(__fn, __args)						\
>> +	sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args))
>
>... we don't need this definition anymore, just use seamcall_prerr()

Having this seamldr_prerr() (and seamldr_err()) is to eliminate that conditional.
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Binbin Wu 2 months, 2 weeks ago 

On 10/1/2025 10:52 AM, Chao Gao wrote:
> P-SEAMLDR is another component alongside the TDX module within the
> protected SEAM range. P-SEAMLDR can update the TDX module at runtime.
> Software can talk with P-SEAMLDR via SEAMCALLs with the bit 63 of RAX
> (leaf number) set to 1 (a.k.a P-SEAMLDR SEAMCALLs).
>
> P-SEAMLDR SEAMCALLs differ from SEAMCALLs of the TDX module in terms of
> error codes and the handling of the current VMCS.
>
> In preparation for adding support for P-SEAMLDR SEAMCALLs, do the two
> following changes to SEAMCALL low-level helpers:
>
> 1) Tweak sc_retry() to retry on "lack of entropy" errors reported by
>     P-SEAMLDR because it uses a different error code.
>
> 2) Add seamldr_err() to log error messages on P-SEAMLDR SEAMCALL failures.
>
> Signed-off-by: Chao Gao <chao.gao@intel.com>
> Tested-by: Farrah Chen <farrah.chen@intel.com>
> ---
> Add seamldr_prerr() as a macro to be consistent with existing code. If
> maintainers would like to switch these to static inline functions then I
> would be happy to add a new patch to convert existing macros to static
> inline functions and build on that.
>
> v2:
>   - use a macro rather than an inline function for seamldr_err() for
>     consistency.
> ---
>   arch/x86/include/asm/tdx.h       |  5 +++++
>   arch/x86/virt/vmx/tdx/seamcall.h | 29 ++++++++++++++++++++++++++++-
>   2 files changed, 33 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index e872a411a359..7ad026618a23 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -32,6 +32,11 @@
>   #define TDX_SUCCESS		0ULL
>   #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>   
> +/* P-SEAMLDR SEAMCALL leaf function error codes */
> +#define SEAMLDR_RND_NO_ENTROPY	0x8000000000030001ULL
> +
> +#define SEAMLDR_SEAMCALL_MASK	_BITUL(63)
> +
>   #ifndef __ASSEMBLER__
>   
>   #include <uapi/asm/mce.h>
> diff --git a/arch/x86/virt/vmx/tdx/seamcall.h b/arch/x86/virt/vmx/tdx/seamcall.h
> index 71b6ffddfa40..3f462e58d68e 100644
> --- a/arch/x86/virt/vmx/tdx/seamcall.h
> +++ b/arch/x86/virt/vmx/tdx/seamcall.h
> @@ -14,6 +14,19 @@ u64 __seamcall_saved_ret(u64 fn, struct tdx_module_args *args);
>   
>   typedef u64 (*sc_func_t)(u64 fn, struct tdx_module_args *args);
>   
> +static inline bool is_seamldr_call(u64 fn)
> +{
> +	return fn & SEAMLDR_SEAMCALL_MASK;
> +}
> +
> +static inline bool sc_need_retry(u64 fn, u64 error_code)
> +{
> +	if (is_seamldr_call(fn))

Comparing to TDX module seamcall, seamldr seamcall should be much less.
Maybe unlikely()?

> +		return error_code == SEAMLDR_RND_NO_ENTROPY;
> +	else
> +		return error_code == TDX_RND_NO_ENTROPY;
> +}
> +
>   static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>   			   struct tdx_module_args *args)
>   {
> @@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>   
>   	do {
>   		ret = func(fn, args);
> -	} while (ret == TDX_RND_NO_ENTROPY && --retry);
> +	} while (sc_need_retry(fn, ret) && --retry);
>   
>   	return ret;
>   }
> @@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
>   			args->r9, args->r10, args->r11);
>   }
>   
> +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
> +{
> +	/*
> +	 * Get the actual leaf number. No need to print the bit used to
> +	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
> +	 * string in the error message already provides that information.
> +	 */
> +	fn &= ~SEAMLDR_SEAMCALL_MASK;
> +	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);

%lld -> %llu ?

And 0x% -> %# to align with seamcall_err().



> +}
> +
>   static __always_inline int sc_retry_prerr(sc_func_t func,
>   					  sc_err_func_t err_func,
>   					  u64 fn, struct tdx_module_args *args)
> @@ -76,4 +100,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func,
>   #define seamcall_prerr_ret(__fn, __args)					\
>   	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
>   
> +#define seamldr_prerr(__fn, __args)						\
> +	sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args))
> +
>   #endif
Re: [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs
Posted by Chao Gao 2 months, 1 week ago 
>> +static inline bool is_seamldr_call(u64 fn)
>> +{
>> +	return fn & SEAMLDR_SEAMCALL_MASK;
>> +}
>> +
>> +static inline bool sc_need_retry(u64 fn, u64 error_code)
>> +{
>> +	if (is_seamldr_call(fn))
>
>Comparing to TDX module seamcall, seamldr seamcall should be much less.
>Maybe unlikely()?

Makes sense.

>
>> +		return error_code == SEAMLDR_RND_NO_ENTROPY;
>> +	else
>> +		return error_code == TDX_RND_NO_ENTROPY;
>> +}
>> +
>>   static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>>   			   struct tdx_module_args *args)
>>   {
>> @@ -22,7 +35,7 @@ static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
>>   	do {
>>   		ret = func(fn, args);
>> -	} while (ret == TDX_RND_NO_ENTROPY && --retry);
>> +	} while (sc_need_retry(fn, ret) && --retry);
>>   	return ret;
>>   }
>> @@ -48,6 +61,17 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
>>   			args->r9, args->r10, args->r11);
>>   }
>> +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *args)
>> +{
>> +	/*
>> +	 * Get the actual leaf number. No need to print the bit used to
>> +	 * differentiate between P-SEAMLDR and TDX module as the "P-SEAMLDR"
>> +	 * string in the error message already provides that information.
>> +	 */
>> +	fn &= ~SEAMLDR_SEAMCALL_MASK;
>> +	pr_err("P-SEAMLDR (%lld) failed: 0x%016llx\n", fn, err);
>
>%lld -> %llu ?
>
>And 0x% -> %# to align with seamcall_err().

Sure. Will Do.

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.