From nobody Sat Feb 7 08:27:57 2026 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EE4B1ADC83; Fri, 23 Jan 2026 15:00:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180421; cv=none; b=EvwhRnfFxmKuyDkCyzR+mY05o1hNIDvtPF9nA3xUaBThMC3Snpp4mg5noVurGLvFwH6fPuIMYHkum/eGULVEeV5LSOuckI8T1qoPGJBewTgnPDSPrUnLMXeTKtijQ0yIiw+pjL+T3nrA5RRmqEeapoM6sV/WMw/NDl3Zapktmec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180421; c=relaxed/simple; bh=EUdvM04qz2HU4Z4hCMb6uYQfEZu2qW0yXwhkH90a0KQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BOipTj1zUduf5oDYaKWM7duFG73w0SkMuJRBleY3mVpl2bw+x2iUKoQi7V1QSNw3OPREZIioyWJCv2S03b1kl2rw5N5EIvdZCPmI4oMxv/znNrLdIBEoqHs5EVpIchA4d+Hl5oL7KHESSzC0vGzVYnPJ5RPsschPb59fUTqC8b4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=OPRxGL2S; arc=none smtp.client-ip=192.198.163.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="OPRxGL2S" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769180418; x=1800716418; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EUdvM04qz2HU4Z4hCMb6uYQfEZu2qW0yXwhkH90a0KQ=; b=OPRxGL2SD4rjrd9v3jCz9qG9estkNDJOERlGqwPRmLIupeI3TXCwbuta xPNNYv+vz+/tbwv5f1AtWbO6DD/S578Lb5x+S8aPVGe4IUQL+h0wSAL5u UVF8BGio1VGHiWLJTZdevjn2x503xePWxt67lihBGWEX/OIB/wrtYSZNz URUZUGd1ATrjGQ0o+RW0v63ZLDSgrg+I1iJvw3yCH/n4kIMcasSbPawRk 43g/5rby8p/r4CZYCYLk5UcDnVl+LoYzM8eQI5zd5Qco+Uaou/qwvW/zk bvli1t3I34kLhr0DTdA21HaCSbTuG9aO6Jl/CePE4MojjhFPZJM/64IgC w==; X-CSE-ConnectionGUID: 49WS1UWMQBSVmP0sJl9HNA== X-CSE-MsgGUID: Wq+vjex0QCShlQJ9O+dM6w== X-IronPort-AV: E=McAfee;i="6800,10657,11680"; a="70334372" X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="70334372" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:11 -0800 X-CSE-ConnectionGUID: Vg43tIqvR7qE5IldtlceBQ== X-CSE-MsgGUID: hVIuuNeVSl+O5J88qChV7g== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="237697090" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:11 -0800 From: Chao Gao To: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org Cc: reinette.chatre@intel.com, ira.weiny@intel.com, kai.huang@intel.com, dan.j.williams@intel.com, yilun.xu@linux.intel.com, sagis@google.com, vannapurve@google.com, paulmck@kernel.org, nik.borisov@suse.com, zhenzhong.duan@intel.com, seanjc@google.com, rick.p.edgecombe@intel.com, kas@kernel.org, dave.hansen@linux.intel.com, vishal.l.verma@intel.com, Chao Gao , Farrah Chen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Subject: [PATCH v3 06/26] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs Date: Fri, 23 Jan 2026 06:55:14 -0800 Message-ID: <20260123145645.90444-7-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260123145645.90444-1-chao.gao@intel.com> References: <20260123145645.90444-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" P-SEAMLDR is another component alongside the TDX module within the protected SEAM range. P-SEAMLDR can update the TDX module at runtime. Software can talk with P-SEAMLDR via SEAMCALLs with the bit 63 of RAX (leaf number) set to 1 (a.k.a P-SEAMLDR SEAMCALLs). P-SEAMLDR SEAMCALLs differ from SEAMCALLs of the TDX module in terms of error codes and the handling of the current VMCS. In preparation for adding support for P-SEAMLDR SEAMCALLs, do the two following changes to SEAMCALL low-level helpers: 1) Tweak sc_retry() to retry on "lack of entropy" errors reported by P-SEAMLDR because it uses a different error code. 2) Add seamldr_err() to log error messages on P-SEAMLDR SEAMCALL failures. Signed-off-by: Chao Gao Tested-by: Farrah Chen Reviewed-by: Binbin Wu Reviewed-by: Tony Lindgren --- Add seamldr_prerr() as a macro to be consistent with existing code. If maintainers would like to switch these to static inline functions then I would be happy to add a new patch to convert existing macros to static inline functions and build on that. v3: - print P-SEAMLDR leaf numbers in hex - use %# to print error code [Binbin] - mark the is_seamldr_call() call as unlikely [Binbin] - remove the function to get the error code for retry from leaf numbers [Yilun] v2: - use a macro rather than an inline function for seamldr_err() for consistency. --- arch/x86/virt/vmx/tdx/seamcall.h | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/arch/x86/virt/vmx/tdx/seamcall.h b/arch/x86/virt/vmx/tdx/seamc= all.h index 0912e03fabfe..256f71d6ca70 100644 --- a/arch/x86/virt/vmx/tdx/seamcall.h +++ b/arch/x86/virt/vmx/tdx/seamcall.h @@ -34,15 +34,28 @@ static __always_inline u64 __seamcall_dirty_cache(sc_fu= nc_t func, u64 fn, return func(fn, args); } =20 +#define SEAMLDR_RND_NO_ENTROPY 0x8000000000030001ULL + +#define SEAMLDR_SEAMCALL_MASK _BITUL(63) + +static inline bool is_seamldr_call(u64 fn) +{ + return fn & SEAMLDR_SEAMCALL_MASK; +} + static __always_inline u64 sc_retry(sc_func_t func, u64 fn, struct tdx_module_args *args) { + u64 retry_code =3D TDX_RND_NO_ENTROPY; int retry =3D RDRAND_RETRY_LOOPS; u64 ret; =20 + if (unlikely(is_seamldr_call(fn))) + retry_code =3D SEAMLDR_RND_NO_ENTROPY; + do { ret =3D func(fn, args); - } while (ret =3D=3D TDX_RND_NO_ENTROPY && --retry); + } while (ret =3D=3D retry_code && --retry); =20 return ret; } @@ -68,6 +81,16 @@ static inline void seamcall_err_ret(u64 fn, u64 err, args->r9, args->r10, args->r11); } =20 +static inline void seamldr_err(u64 fn, u64 err, struct tdx_module_args *ar= gs) +{ + /* + * Note: P-SEAMLDR leaf numbers are printed in hex as they have + * bit 63 set, making them hard to read and understand if printed + * in decimal + */ + pr_err("P-SEAMLDR (%llx) failed: %#016llx\n", fn, err); +} + static __always_inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func, u64 fn, struct tdx_module_args *args) @@ -96,4 +119,7 @@ static __always_inline int sc_retry_prerr(sc_func_t func, #define seamcall_prerr_ret(__fn, __args) \ sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args)) =20 +#define seamldr_prerr(__fn, __args) \ + sc_retry_prerr(__seamcall, seamldr_err, (__fn), (__args)) + #endif --=20 2.47.3