From nobody Mon Feb  9 15:27:13 2026
Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com
 [209.85.215.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D959F346A02
	for <linux-kernel@vger.kernel.org>; Thu, 29 Jan 2026 01:16:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.215.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769649374; cv=none;
 b=oBYkqADEv9aYJX+rPKiLAbzm4n9dH6jmnmkPrmz68dZ48m+2P+GkydHptQzkbPMaLIrlEfxaJIvG2G7uOzVjQf1ODU6czBXGBoDwLQJehiKXrUiCt2hS7kulOIL4N8tsAXPeTBWKm8DTFC5tG+Ai8LRY/rhgZo6j9IFMWQYwxGM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769649374; c=relaxed/simple;
	bh=xiOF/ywd/+MHn1BhHUiTZVc2zVcx2UHV6SNWBozy59Q=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ELOO+J0K2SRuDWHt+AuC/FY+FE7hdZSMCMjTqc4Ytl8va6NWTpAVf0vrcUR8d63SlvTh+uMgVbyc2y4iDvLszkW+b1WB3Tb29tRXzY+662N1lRnOe+SrwoG2BitOn8dp776tdxAGqFC0f0Xf3XRY5maVCiyb6ZQ3vpgtqkVRv7M=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=mgFzpC4w; arc=none smtp.client-ip=209.85.215.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="mgFzpC4w"
Received: by mail-pg1-f201.google.com with SMTP id
 41be03b00d2f7-c5e56644646so1058658a12.0
        for <linux-kernel@vger.kernel.org>;
 Wed, 28 Jan 2026 17:16:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1769649372; x=1770254172;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:from:to:cc:subject:date:message-id:reply-to;
        bh=gE55/NsqfamORgnZHIenHqCeRcUi8ZNblQ/btnBuAf4=;
        b=mgFzpC4wZ9jbi4Ms4Ari3El4TCf751OER6smDogF3LYURmyqPKSv0UDMAi4IkZo9sN
         rXJc36o23mbyzvs++1baCHpkER/SsrIhaahW/mXct4qsjUXu8+KwLBQ1kXe/pFfwCCa/
         k3tOEe7EaDvLQbWy2NXW5Meh8RDdFxADWH5ZU4waEcvNJ4ggfJ53nvmxhGPl6Lgl2oZ/
         XZadZME/dSEzBkO64QKh1ln5IeRIvpS+Sbg/GO3EjrvrTON8tR3dFkkpkTMnYaqlpUC6
         0o7MbEJpNZB36An7Urz1GjTco9SbUoXAqGk2ctShde6SyeguxEA/s2wbJVmHOR0SliQz
         hPsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769649372; x=1770254172;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=gE55/NsqfamORgnZHIenHqCeRcUi8ZNblQ/btnBuAf4=;
        b=T5Cm6jwXJG4G1lxUIgGd/98HLepTTso5AfVBSz/il8A4XaA+lKOEuCXwxR/0od2i0P
         N/MPgbFltNcYPupZcQdQkyL4N2xg/mR+e1u1jcAqnnGYysolTvnXnKdn0630xiSjnaPk
         FJGujs6njPj94ym/A9RP2sTdhbsPRo7C05MOAlc3zNW7fmmRYKMx4aqkCQecp+SMg+u9
         4z87zpG99veVCYt+OSo8oDLwwCa+l9MjrgJ04rNlch/yrGYpRD6l9qNfdCq/9QmDJ8Oj
         TUIHPV5jqfLc4wga8qatsoOGKhPaqWFOEVnpZbUskjzwNNO3jdV4DyUp1feN/yBtNpBD
         bUUA==
X-Gm-Message-State: AOJu0Ywcut/UxDb3dIJWxPfWc0wfe5wr2ZRwgH//Ql8DGqfjPA/6KRwo
	pqBtvoI/oHPDKJ67kHgUmmK7NA9Q6Dw8yGq0holb9Qz4bB4iFRhCyiXzgK9lB0GZ4Jfw+fRRlEV
	izq3wZA==
X-Received: from pgbdn8.prod.google.com ([2002:a05:6a02:e08:b0:c1c:1a2d:bc85])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:d50c:b0:389:5767:5763
 with SMTP id adf61e73a8af0-392cc6b1ab7mr1088866637.24.1769649372269; Wed, 28
 Jan 2026 17:16:12 -0800 (PST)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Wed, 28 Jan 2026 17:14:55 -0800
In-Reply-To: <20260129011517.3545883-1-seanjc@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20260129011517.3545883-1-seanjc@google.com>
X-Mailer: git-send-email 2.53.0.rc1.217.geba53bf80e-goog
Message-ID: <20260129011517.3545883-24-seanjc@google.com>
Subject: [RFC PATCH v5 23/45] x86/virt/tdx: Enable Dynamic PAMT
From: Sean Christopherson <seanjc@google.com>
To: Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org,
	Kiryl Shutsemau <kas@kernel.org>, Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev,
	kvm@vger.kernel.org, Kai Huang <kai.huang@intel.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>, Yan Zhao <yan.y.zhao@intel.com>,
	Vishal Annapurve <vannapurve@google.com>,
 Ackerley Tng <ackerleytng@google.com>,
	Sagi Shahar <sagis@google.com>, Binbin Wu <binbin.wu@linux.intel.com>,
	Xiaoyao Li <xiaoyao.li@intel.com>, Isaku Yamahata <isaku.yamahata@intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>

The Physical Address Metadata Table (PAMT) holds TDX metadata for
physical memory and must be allocated by the kernel during TDX module
initialization.

The exact size of the required PAMT memory is determined by the TDX
module and may vary between TDX module versions, but currently it is
approximately 0.4% of the system memory. This is a significant
commitment, especially if it is not known upfront whether the machine
will run any TDX guests.

The Dynamic PAMT feature reduces static PAMT allocations. PAMT_1G and
PAMT_2M levels are still allocated on TDX module initialization, but the
PAMT_4K level is allocated dynamically, reducing static allocations to
approximately 0.004% of the system memory.

All pieces are in place. Enable Dynamic PAMT if it is supported.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
Tested-by: Sagi Shahar <sagis@google.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/include/asm/tdx.h  | 6 +++++-
 arch/x86/virt/vmx/tdx/tdx.c | 8 ++++++++
 arch/x86/virt/vmx/tdx/tdx.h | 3 ---
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index c39e2920d0c3..56bdfbce4289 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -12,6 +12,10 @@
 #include <asm/trapnr.h>
 #include <asm/shared/tdx.h>
=20
+/* Bit definitions of TDX_FEATURES0 metadata field */
+#define TDX_FEATURES0_NO_RBP_MOD		BIT_ULL(18)
+#define TDX_FEATURES0_DYNAMIC_PAMT		BIT_ULL(36)
+
 #ifndef __ASSEMBLER__
=20
 #include <uapi/asm/mce.h>
@@ -133,7 +137,7 @@ const struct tdx_sys_info *tdx_get_sysinfo(void);
=20
 static inline bool tdx_supports_dynamic_pamt(const struct tdx_sys_info *sy=
sinfo)
 {
-	return false; /* To be enabled when kernel is ready */
+	return sysinfo->features.tdx_features0 & TDX_FEATURES0_DYNAMIC_PAMT;
 }
=20
 /* Simple structure for pre-allocating Dynamic PAMT pages outside of locks=
. */
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 53b29c827520..90407493bb45 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -1068,6 +1068,8 @@ static int construct_tdmrs(struct list_head *tmb_list,
 	return ret;
 }
=20
+#define TDX_SYS_CONFIG_DYNAMIC_PAMT	BIT(16)
+
 static int config_tdx_module(struct tdmr_info_list *tdmr_list, u64 global_=
keyid)
 {
 	struct tdx_module_args args =3D {};
@@ -1095,6 +1097,12 @@ static int config_tdx_module(struct tdmr_info_list *=
tdmr_list, u64 global_keyid)
 	args.rcx =3D __pa(tdmr_pa_array);
 	args.rdx =3D tdmr_list->nr_consumed_tdmrs;
 	args.r8 =3D global_keyid;
+
+	if (tdx_supports_dynamic_pamt(&tdx_sysinfo)) {
+		pr_info("Enable Dynamic PAMT\n");
+		args.r8 |=3D TDX_SYS_CONFIG_DYNAMIC_PAMT;
+	}
+
 	ret =3D seamcall_prerr(TDH_SYS_CONFIG, &args);
=20
 	/* Free the array as it is not required anymore. */
diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
index 46c4214b79fb..096c78a1d438 100644
--- a/arch/x86/virt/vmx/tdx/tdx.h
+++ b/arch/x86/virt/vmx/tdx/tdx.h
@@ -86,9 +86,6 @@ struct tdmr_info {
 	DECLARE_FLEX_ARRAY(struct tdmr_reserved_area, reserved_areas);
 } __packed __aligned(TDMR_INFO_ALIGNMENT);
=20
-/* Bit definitions of TDX_FEATURES0 metadata field */
-#define TDX_FEATURES0_NO_RBP_MOD	BIT(18)
-
 /*
  * Do not put any hardware-defined TDX structure representations below
  * this comment!
--=20
2.53.0.rc1.217.geba53bf80e-goog