From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8565A259CB2; Fri, 22 May 2026 04:05:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422720; cv=none; b=epl+Gt2GXZMHIlyOIFdg19iz7oegXlk4U7zC9hKEnDpn/hNQ6h3HuzSDSkpfB0JLbNm4SDWS3qSmgm8Bnu6A6YPu9JhkBIyAGgt2GGPq5a1FuQDONPQgmQWAiiF/9zjMX+D+db0Bd1G8zjeAJ45a5uDWpO+ZHbsG4LYj8I/fm5U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422720; c=relaxed/simple; bh=2md7VEOtbD6E+/wgTRyMaE87euFnnX56mA1cVXkGYQw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qXQaJxSRVQCe/B+NCssj8U2OU511wy8b2myEuksLKbnGqwoJmyIYYJNcSLvVoaEbtGxpPh+fZInwsKcqK6Zaub1MVFP7eO6pad18iLQGIZ8HDriXncWEycuUNXuQl4maWfO5rNVwoIzwTZVNc3YJwWGa7FreDDwGBDQcZFsAF3k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=ZgV78VFG; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="ZgV78VFG" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422720; x=1810958720; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2md7VEOtbD6E+/wgTRyMaE87euFnnX56mA1cVXkGYQw=; b=ZgV78VFGaL/26uCgS9R8GYcQkbjdDiQj82Xh5pUD9iAoNVeNsAPI/7PZ TvkCi1t9dqqwu9zSzvZl+pW0Q/cn6kssIkaUthz/YTeSEsh9xySUiSblv uxKVapEoUlhPT+d9UZJzC7cqNZYeN0H1+uJd8BGgf/KnayPuf0W447uGa 86FN/u64+qZrqkExSpaRiB3KQbBMW8xh25cizdoLB/O84D7/OGHSF+8Bu BUMIQHFi/nXC4sZJwUg+noh6pTe6PozX0a/np3+9bIvj9OyBnPBIhRqQf uIuQpOeE7YpJuTT+40T2DZ0zxZ+t/5XW74KJZrKp7E3i4F8TQGFQxUVZE Q==; X-CSE-ConnectionGUID: xR1MzQ4TTaOaO3yiiEPdBA== X-CSE-MsgGUID: dYzq8eMzQpaVl8PDmLEBwg== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528849" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528849" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:16 -0700 X-CSE-ConnectionGUID: UoDSeMo5Q5mDxPBCKqIUtQ== X-CSE-MsgGUID: +iaGczp/T/+OpuvIjyDAdw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757787" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:12 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [PATCH 01/15] x86/virt/tdx: Read global metadata for TDX Module Extensions Date: Fri, 22 May 2026 11:41:14 +0800 Message-Id: <20260522034128.3144354-2-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add reading of the global metadata for TDX Module Extensions. TDX Module Extensions is an add-on feature enumerated by TDX_FEATURES0. But for the Module's integrity, Linux requires that all features that a Module advertises must have a complete, valid set of metadata, and the validation must succeed at core TDX initialization time. Check TDX_FEATURES0 before reading these metadata. If a feature is advertised, a failure in reading associated metadata causes the entire TDX initialization to fail, otherwise skip. Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx_global_metadata.h | 6 ++++++ arch/x86/virt/vmx/tdx/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 16 ++++++++++++++++ 3 files changed, 23 insertions(+) diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/= asm/tdx_global_metadata.h index 40689c8dc67e..533afe50a3f1 100644 --- a/arch/x86/include/asm/tdx_global_metadata.h +++ b/arch/x86/include/asm/tdx_global_metadata.h @@ -40,12 +40,18 @@ struct tdx_sys_info_td_conf { u64 cpuid_config_values[128][2]; }; =20 +struct tdx_sys_info_ext { + u16 memory_pool_required_pages; + u8 ext_required; +}; + struct tdx_sys_info { struct tdx_sys_info_version version; struct tdx_sys_info_features features; struct tdx_sys_info_tdmr tdmr; struct tdx_sys_info_td_ctrl td_ctrl; struct tdx_sys_info_td_conf td_conf; + struct tdx_sys_info_ext ext; }; =20 #endif diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index e2cf2dd48755..a5eec8e3cc71 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -87,6 +87,7 @@ struct tdmr_info { =20 /* Bit definitions of TDX_FEATURES0 metadata field */ #define TDX_FEATURES0_NO_RBP_MOD BIT(18) +#define TDX_FEATURES0_EXT BIT_ULL(39) =20 /* * Do not put any hardware-defined TDX structure representations below diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vm= x/tdx/tdx_global_metadata.c index c7db393a9cfb..3d3b56ef3d2f 100644 --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c @@ -100,6 +100,19 @@ static __init int get_tdx_sys_info_td_conf(struct tdx_= sys_info_td_conf *sysinfo_ return ret; } =20 +static __init int get_tdx_sys_info_ext(struct tdx_sys_info_ext *sysinfo_ex= t) +{ + int ret =3D 0; + u64 val; + + if (!ret && !(ret =3D read_sys_metadata_field(0x3100000100000000, &val))) + sysinfo_ext->memory_pool_required_pages =3D val; + if (!ret && !(ret =3D read_sys_metadata_field(0x3100000000000001, &val))) + sysinfo_ext->ext_required =3D val; + + return ret; +} + static __init int get_tdx_sys_info(struct tdx_sys_info *sysinfo) { int ret =3D 0; @@ -116,5 +129,8 @@ static __init int get_tdx_sys_info(struct tdx_sys_info = *sysinfo) ret =3D ret ?: get_tdx_sys_info_td_ctrl(&sysinfo->td_ctrl); ret =3D ret ?: get_tdx_sys_info_td_conf(&sysinfo->td_conf); =20 + if (sysinfo->features.tdx_features0 & TDX_FEATURES0_EXT) + ret =3D ret ?: get_tdx_sys_info_ext(&sysinfo->ext); + return ret; } --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFBD12E889C; Fri, 22 May 2026 04:05:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422721; cv=none; b=ouRhxva4OP9tIMMVumVVQrMcVcIIwGR3bwv/AmpNh6YgziChOdPGFlZejal8NM5U++vrbmM9yPjh/mNNsXa5amPkTDC3zMVWAbtL+uZ/bJiDj4aVHWEh/6EFoTSa97m9ZiU8z/eHLLke5vK1ICTinXL0xnLtaVzGiyW1hXLAg6A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422721; c=relaxed/simple; bh=Z9LfZytGFU8HHah5jjQIDtWRjApWhxh39luI5rijAsw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=BVRM9vh8FMPMYIeAj+egOOils5FS26ac9ZG8E5j3c7KL2n20HPob4RUlPW9UPZuZ+VVmkXRt3/XFtHE3DB5BYTsCEOQnyyqGJRBXVPmE2cGDDnjFkO4z2caM9w6GaNOJ+gRFN6u7q/9c/V0rOB65Cfvb2CNnOsmSIla44c6M+cM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=N1Wrz7O/; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="N1Wrz7O/" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422720; x=1810958720; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Z9LfZytGFU8HHah5jjQIDtWRjApWhxh39luI5rijAsw=; b=N1Wrz7O/kSpkVfn+dojkP2FRqa4OxoWBBbGchR4vuCQipsFiIYRLWYRn 4liKk0iFz/x0XnruKyDCyyGUtNKD3aMrZMIlV//3k8hFtS160BZYbjnQL gimmB0I5l5BOUS8TFXAodp3fMfIbXelMqhRzsYQae6PV+igqYwb99lD+X R29K0WtnxTtX8Nauh0+Xenh2MFt4eZo45m93Vnk6SIg2SMc88v01KpUVS QO9q81SGHJAuehG/0p5FztNVJhsT5Fvvu6lo/23RY4r4END0gL5FVPaHp kx3ZJlFnRbPIlsjxVEfWbJ8dJ6MWiBVMY6xZjzVqF98yinLzME9JtAe9U Q==; X-CSE-ConnectionGUID: yecnJreSTgWqyfP7ac6eZA== X-CSE-MsgGUID: FMQtRk0kTn6oE49f311myQ== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528854" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528854" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:20 -0700 X-CSE-ConnectionGUID: rDdMOBRZRUOdQPzi8XeMdQ== X-CSE-MsgGUID: ZEgei0xGTmW+CucwiSgGgg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757797" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:15 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [PATCH 02/15] x86/virt/tdx: Add extra memory to TDX Module for Extensions Date: Fri, 22 May 2026 11:41:15 +0800 Message-Id: <20260522034128.3144354-3-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX Module introduces a new concept called "TDX Module Extensions" to support long running / hard-irq preemptible flows inside. This makes TDX Module capable of handling complex tasks through "Extension SEAMCALLs". Adding more memory to TDX Module is the first step to enable Extensions. Currently, TDX Module memory use is relatively static. But, the Extensions need to use memory more dynamically. While 'static' here means the kernel provides necessary amount of memory to TDX Module for its basic functionalities, 'dynamic' means extra memory is needed only if new add-on features are to be enabled. So add a new memory feeding process backed by a new SEAMCALL TDH.EXT.MEM.ADD. The process is mostly the same as adding PAMT. The kernel queries TDX Module how much memory needed, allocates it, hands it over, and never gets it back. TDH.EXT.MEM.ADD uses a new parameter type HPA_LIST_INFO to provide control (private) pages to TDX Module. This type represents a list of pages for TDX Module to access. It needs a 'root page' which contains the list of HPAs of the pages. It collapses the HPA of the root page and the number of valid HPAs into a 64 bit raw value for SEAMCALL parameters. The root page is always a medium, TDX Module never keeps the root page. Introduce a tdx_clflush_hpa_list() helper to flush shared cache before SEAMCALL, to avoid shared cache writeback damaging these private pages. For now, TDX Module Extensions consumes relatively large amount of memory (~50MB). Use contiguous page allocation to avoid permanently fragment too much memory. Print the allocation amount on TDX Module Extensions initialization for visibility. Co-developed-by: Zhenzhong Duan Signed-off-by: Zhenzhong Duan Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 118 ++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index a5eec8e3cc71..2335f88bbb10 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -46,6 +46,7 @@ #define TDH_PHYMEM_PAGE_WBINVD 41 #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 +#define TDH_EXT_MEM_ADD 61 #define TDH_SYS_DISABLE 69 =20 /* diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index c0c6281b08a5..622399d8da68 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -1179,6 +1180,123 @@ static __init int init_tdmrs(struct tdmr_info_list = *tdmr_list) return 0; } =20 +static void tdx_clflush_hpa_list(struct page *root, unsigned int nr_pages) +{ + u64 *entries =3D page_to_virt(root); + int i; + + for (i =3D 0; i < nr_pages; i++) + clflush_cache_range(__va(entries[i]), PAGE_SIZE); +} + +#define HPA_LIST_INFO_FIRST_ENTRY GENMASK_U64(11, 3) +#define HPA_LIST_INFO_PFN GENMASK_U64(51, 12) +#define HPA_LIST_INFO_LAST_ENTRY GENMASK_U64(63, 55) + +static u64 to_hpa_list_info(struct page *root, unsigned int nr_pages) +{ + return FIELD_PREP(HPA_LIST_INFO_FIRST_ENTRY, 0) | + FIELD_PREP(HPA_LIST_INFO_PFN, page_to_pfn(root)) | + FIELD_PREP(HPA_LIST_INFO_LAST_ENTRY, nr_pages - 1); +} + +static int tdx_ext_mem_add(struct page *root, unsigned int nr_pages) +{ + struct tdx_module_args args =3D { + .rcx =3D to_hpa_list_info(root, nr_pages), + }; + u64 r; + + tdx_clflush_hpa_list(root, nr_pages); + + do { + /* + * TDH_EXT_MEM_ADD is designed to use output parameter RCX to + * override/update input parameter RCX, so the caller doesn't + * have to do manual parameter update on retry call. + */ + r =3D seamcall_ret(TDH_EXT_MEM_ADD, &args); + } while (r =3D=3D TDX_INTERRUPTED_RESUMABLE); + + if (r !=3D TDX_SUCCESS) + return -EFAULT; + + return 0; +} + +static int tdx_ext_mem_setup(void) +{ + unsigned int nr_pages; + struct page *page; + u64 *root; + unsigned int i; + int ret; + + nr_pages =3D tdx_sysinfo.ext.memory_pool_required_pages; + /* + * memory_pool_required_pages =3D=3D 0 means no need to add pages, + * skip the memory setup. + */ + if (!nr_pages) + return 0; + + root =3D kzalloc(PAGE_SIZE, GFP_KERNEL); + if (!root) + return -ENOMEM; + + page =3D alloc_contig_pages(nr_pages, GFP_KERNEL, numa_mem_id(), + &node_online_map); + if (!page) { + ret =3D -ENOMEM; + goto out_free_root; + } + + for (i =3D 0; i < nr_pages;) { + unsigned int nents =3D min(nr_pages - i, + PAGE_SIZE / sizeof(*root)); + int j; + + for (j =3D 0; j < nents; j++) + root[j] =3D page_to_phys(page + i + j); + + ret =3D tdx_ext_mem_add(virt_to_page(root), nents); + /* + * No SEAMCALLs to reclaim the added pages. For simple error + * handling, leak all pages. + */ + WARN_ON_ONCE(ret); + if (ret) + break; + + i +=3D nents; + } + + /* + * Extensions memory can't be reclaimed once added, print out the + * amount, stop tracking it and free the root page, no matter success + * or failure. + */ + pr_info("%lu KB allocated for TDX Module Extensions\n", + nr_pages * PAGE_SIZE / 1024); + +out_free_root: + kfree(root); + + return ret; +} + +static int __maybe_unused init_tdx_ext(void) +{ + if (!(tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_EXT)) + return 0; + + /* No feature requires TDX Module Extensions. */ + if (!tdx_sysinfo.ext.ext_required) + return 0; + + return tdx_ext_mem_setup(); +} + static __init int init_tdx_module(void) { int ret; --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3931836165F; Fri, 22 May 2026 04:05:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422724; cv=none; b=dk4HsXDWpUaLfbfEiUQpUX6CREs3Di5txOrLoWKrSPgESxZ4jglhgAVIvqc/Qjj8K83/YIjBjsZ8c/46n4lFMmVecLo+zCczyNhb0gtpzS3bud2mBRkzQYzuL6FD98gfHc8flf5KuOiNhy6OJxu6UdHqhTw/FuL0sSyZggO4m3g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422724; c=relaxed/simple; bh=wVKDvoTMGTGAvIOqU7aOFVQoOMeivgNMcW6+rZyjDVU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=TxEZ+NcZkYsQWC7Iu29vi8yDUv2DT8a9rxQg7CR268vWsgExeeEUqxI95ubcu3c7kLT1DYZ0ItDtiCnwQm7zoFZcYpqKVVgGLGleAl4xlfZmk3yWZLSi9X0T+TEoUGjnV6wFkxTN/gAnQ+lF7hAYsnSV8ngFgjLSZ5AuvrngD7w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LS9T9FA1; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LS9T9FA1" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422724; x=1810958724; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=wVKDvoTMGTGAvIOqU7aOFVQoOMeivgNMcW6+rZyjDVU=; b=LS9T9FA14xaPmq4VNDpf6NVAG9vkrF1RPGKoa0mqFLHHscA2uXXBkFan XwzP73JbBfmODm+QF/0kFlSAsweB64YirygGq5wL4QVRFGnstt7d0EZ7v SOYBajgC8jS94l3/xxyDxvxsEj6eakvNMmNDLNkNp44eF+NlELCFc52FR LQzdf2XQPOUwWK7B4RAu1QRjHFByRDiCIAKfxkd/bbEfe8KdrjQIp7nfr BCT2cMDBo3NcxNJT/VFE+IUaXBeBBEyCSZqWfRdYOhhNbxiZMNX6CozPs 5UogYCa+asPX2SxnsGuY4vShNGgg7ABaCQHYfL40zk6SRJAupJ4HBsGEP w==; X-CSE-ConnectionGUID: 5eNuNs3TQmCy9KDbzKsaiQ== X-CSE-MsgGUID: klwrPW7ZSp2HnFYL8RAuYw== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528859" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528859" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:23 -0700 X-CSE-ConnectionGUID: fDJ6HtUjR8WSbjAuigccfg== X-CSE-MsgGUID: Tw0iwhzZTOWFsroHtWz0IA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757808" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:19 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [PATCH 03/15] x86/virt/tdx: Make TDX Module initialize Extensions Date: Fri, 22 May 2026 11:41:16 +0800 Message-Id: <20260522034128.3144354-4-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After providing all required memory to TDX Module, initialize TDX Module Extensions via TDH.EXT.INIT, so Extension-SEAMCALLs can be used. Co-developed-by: Zhenzhong Duan Signed-off-by: Zhenzhong Duan Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 24 +++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 2335f88bbb10..c5bffd118145 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -46,6 +46,7 @@ #define TDH_PHYMEM_PAGE_WBINVD 41 #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 +#define TDH_EXT_INIT 60 #define TDH_EXT_MEM_ADD 61 #define TDH_SYS_DISABLE 69 =20 diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 622399d8da68..ff2b96c20d2b 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1200,6 +1200,22 @@ static u64 to_hpa_list_info(struct page *root, unsig= ned int nr_pages) FIELD_PREP(HPA_LIST_INFO_LAST_ENTRY, nr_pages - 1); } =20 +/* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be us= ed */ +static int tdx_ext_init(void) +{ + struct tdx_module_args args =3D {}; + u64 r; + + do { + r =3D seamcall(TDH_EXT_INIT, &args); + } while (r =3D=3D TDX_INTERRUPTED_RESUMABLE); + + if (r !=3D TDX_SUCCESS) + return -EFAULT; + + return 0; +} + static int tdx_ext_mem_add(struct page *root, unsigned int nr_pages) { struct tdx_module_args args =3D { @@ -1287,6 +1303,8 @@ static int tdx_ext_mem_setup(void) =20 static int __maybe_unused init_tdx_ext(void) { + int ret; + if (!(tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_EXT)) return 0; =20 @@ -1294,7 +1312,11 @@ static int __maybe_unused init_tdx_ext(void) if (!tdx_sysinfo.ext.ext_required) return 0; =20 - return tdx_ext_mem_setup(); + ret =3D tdx_ext_mem_setup(); + if (ret) + return ret; + + return tdx_ext_init(); } =20 static __init int init_tdx_module(void) --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B5243655CA; Fri, 22 May 2026 04:05:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422727; cv=none; b=e7ERGEbXFkhw7UVpq5bS6eZz8OulSYYNO4pFxt4OhYZVkm+7G+fhtzH/BqxZIXLjNbNo6dmXG4LLCkWvc5Ii7GZy62mEuaE/lnFloegW4Gh4J3NAVuI147WLuj8rUW7HxbSLKLxuGwYicKoj/MEX0NZkd720d7p+syW7KRmLIJQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422727; c=relaxed/simple; bh=r8SogMtHXz09azwHyewtwTuMb9ge/6Z5Uv2/j6U6Lrg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IAly1aQRx2eFdjQ8VJmOLP4PQvy+vGmJPLgo9Ff9OC8Oy3yudULzP61+LOdgWwqtyZbSwPhX1rJUUVxrZjkhj5tWWy+gct3fxRL7M6VC29FnE5rgDfn20N2fZkEa49CLlyeR31G13OgUBGDmAO49nQU9D/QOwtVmthkObtSwuvs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=eOPiHIRC; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="eOPiHIRC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422727; x=1810958727; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=r8SogMtHXz09azwHyewtwTuMb9ge/6Z5Uv2/j6U6Lrg=; b=eOPiHIRC3xmwcTTl6YXLoGH03dnJnFV30Sqbyn55tWkgb84CzLfOVPG4 yDdHb6MUb7wam9fphXUruJNXs3XMDpDYvCqtzGlpEF9RfL2hE30qwDPLn VAZXKU0Lnq8nbVjTg/drZHyYH1VmimKOp6UXWPgYPZgIcif6qWvyUBJ0d m/CsLBHWNePPWxbjHdqgkLyVu8tc0deA1rieH6ax8nhr8Rk0DatdVMe/2 MMr49S3/fNEmhB5oID7WAZzW3zWEaNQJikPENcZOmk4uaqLFF8t0N3nnU rnb+XsgtD9NC2WxfPbkT7721fxQEMFabjjKBgEfEUyPttHOfxDLXmNDDU A==; X-CSE-ConnectionGUID: T0XQsiV7THiSezRzeGQNUA== X-CSE-MsgGUID: Lz4ENZruSu6w+LrJbhIDVg== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528864" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528864" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:27 -0700 X-CSE-ConnectionGUID: LRXeAl1oQ12KVKgyhg9u2g== X-CSE-MsgGUID: I2GjLKa5TLiInNtnNAbUFA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757816" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:23 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [PATCH 04/15] x86/virt/tdx: Enable the Extensions right after basic TDX Module init Date: Fri, 22 May 2026 11:41:17 +0800 Message-Id: <20260522034128.3144354-5-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The detailed initialization flow for TDX Module Extensions has been fully implemented. Enable the flow after basic TDX Module initialization. Theoretically, the Extensions doesn't need to be enabled right after basic TDX initialization. It could be enabled right before the first Extension SEAMCALL is issued. That would save or postpone memory usage. But it isn't worth the complexity, the needs for the Extensions are vast but the savings are little for a typical TDX capable system (about 0.001% of memory). So the Linux decision is to just enable it along with the basic TDX. Note that the Extensions initialization flow will still not start if no add-on features require Extensions. The enabling of add-on features will be in later patches. Until then, the system hasn't consumed extra memory. Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index ff2b96c20d2b..dad5ec642723 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1180,7 +1180,7 @@ static __init int init_tdmrs(struct tdmr_info_list *t= dmr_list) return 0; } =20 -static void tdx_clflush_hpa_list(struct page *root, unsigned int nr_pages) +static __init void tdx_clflush_hpa_list(struct page *root, unsigned int nr= _pages) { u64 *entries =3D page_to_virt(root); int i; @@ -1193,7 +1193,7 @@ static void tdx_clflush_hpa_list(struct page *root, u= nsigned int nr_pages) #define HPA_LIST_INFO_PFN GENMASK_U64(51, 12) #define HPA_LIST_INFO_LAST_ENTRY GENMASK_U64(63, 55) =20 -static u64 to_hpa_list_info(struct page *root, unsigned int nr_pages) +static __init u64 to_hpa_list_info(struct page *root, unsigned int nr_page= s) { return FIELD_PREP(HPA_LIST_INFO_FIRST_ENTRY, 0) | FIELD_PREP(HPA_LIST_INFO_PFN, page_to_pfn(root)) | @@ -1201,7 +1201,7 @@ static u64 to_hpa_list_info(struct page *root, unsign= ed int nr_pages) } =20 /* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be us= ed */ -static int tdx_ext_init(void) +static __init int tdx_ext_init(void) { struct tdx_module_args args =3D {}; u64 r; @@ -1216,7 +1216,7 @@ static int tdx_ext_init(void) return 0; } =20 -static int tdx_ext_mem_add(struct page *root, unsigned int nr_pages) +static __init int tdx_ext_mem_add(struct page *root, unsigned int nr_pages) { struct tdx_module_args args =3D { .rcx =3D to_hpa_list_info(root, nr_pages), @@ -1240,7 +1240,7 @@ static int tdx_ext_mem_add(struct page *root, unsigne= d int nr_pages) return 0; } =20 -static int tdx_ext_mem_setup(void) +static __init int tdx_ext_mem_setup(void) { unsigned int nr_pages; struct page *page; @@ -1301,7 +1301,7 @@ static int tdx_ext_mem_setup(void) return ret; } =20 -static int __maybe_unused init_tdx_ext(void) +static __init int init_tdx_ext(void) { int ret; =20 @@ -1373,6 +1373,10 @@ static __init int init_tdx_module(void) if (ret) goto err_reset_pamts; =20 + ret =3D init_tdx_ext(); + if (ret) + goto err_reset_pamts; + pr_info("%lu KB allocated for PAMT\n", tdmrs_count_pamt_kb(&tdx_tdmr_list= )); =20 out_put_tdxmem: --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C5803655F9; Fri, 22 May 2026 04:05:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422731; cv=none; b=qFejjhWjEAry1eb2mAzIwVfYYKHEZK2cligAZYV+G8n3vH+zlOOF/kCYO52/lKuX1vtIrAQdDo0YjdsfLVEcpR3wkxpl1sirgd5ooCBvQf0BLnQ1//XXMUjt9miD1W6lywVRgGwnzpIPR20by+LKdP2uljSQsSE2ifH2j605LDQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422731; c=relaxed/simple; bh=WNx+AL0hDrcRSvUppTWdWWvbp05wApktaPKriBOnmWs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=n/Ci/hf57C33C99vVD2tiLN4Uum0F213wIxu/T7BMKd2Qmo9duW0rz0FLDkON/+cVB0JwL/qZvBPcEfk88obM9Go9soeWOwMHSoOPotU0BEcJ1+f46DxVokYmygx59umeFy036Q4WCAfxHBcNL0cZoWt4CJHVJy57dNTqfOGb6c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=i9XJHyNQ; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="i9XJHyNQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422731; x=1810958731; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=WNx+AL0hDrcRSvUppTWdWWvbp05wApktaPKriBOnmWs=; b=i9XJHyNQzvJibiGzZZ8RcmcA9Z5LcsL+MGgfMrwurHRmz/99zOMFbJtZ q1cqNt4im+ybO+t/T4QhYH3vqzrgI5kzvdtJNzsF5otMimJPW5sZqAeBN BMwR5T1SBOL9GT8ntdaibLgUXS5UvXEmW/8rwHu9uH0e69InbNoSLhDVz xA0qBEri1g+/2W0LVtVDV4cWFIbXHsTMlPXeFOnI6/E5L/E8L0OcxJ5Vd Bsc0xSkpUerFjBVScNA96f+gHieqc5AcS0iPC3c04YCKonJbU9aPVvNOA 2nnAcQzCqLQt5HLPGJeTkWmwBke2llsW6xAAoa1ZMXrNdUNVGPWl08Loh g==; X-CSE-ConnectionGUID: e5x5sNJgRryXdkZH9QSNbA== X-CSE-MsgGUID: 2ENhcDj+QAafyoqIJXhqAw== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528873" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528873" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:31 -0700 X-CSE-ConnectionGUID: R3E1qD/uSm231wN3WbjUBA== X-CSE-MsgGUID: bUzbzfoBTwuqYK9a6ZeWwQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757826" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:26 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 05/15] x86/virt/tdx: Move tdx_tdr_pa() up in the file Date: Fri, 22 May 2026 11:41:18 +0800 Message-Id: <20260522034128.3144354-6-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Move the tdx_tdr_pa() in preparation for upcoming changes to use them during TDX bringup. No functional change intended. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index dad5ec642723..67758adefb4a 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1200,6 +1200,11 @@ static __init u64 to_hpa_list_info(struct page *root= , unsigned int nr_pages) FIELD_PREP(HPA_LIST_INFO_LAST_ENTRY, nr_pages - 1); } =20 +static inline u64 tdx_tdr_pa(struct tdx_td *td) +{ + return page_to_phys(td->tdr_page); +} + /* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be us= ed */ static __init int tdx_ext_init(void) { @@ -1725,11 +1730,6 @@ void tdx_guest_keyid_free(unsigned int keyid) } EXPORT_SYMBOL_FOR_KVM(tdx_guest_keyid_free); =20 -static inline u64 tdx_tdr_pa(struct tdx_td *td) -{ - return page_to_phys(td->tdr_page); -} - /* * The TDX module exposes a CLFLUSH_BEFORE_ALLOC bit to specify whether * a CLFLUSH of pages is required before handing them to the TDX module. --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4A1B36728B; Fri, 22 May 2026 04:05:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422736; cv=none; b=bic/4H/A+gqiY79v4eQxJhdF7QqH0MT6nWxoBs1mAHK40tahT2eYTTGrxU6EqjLSdpZULWnutmnj2UGvprTZC4b+I/vBFaoRAcSC8leh76Bo0x1kymizKmTGvZfu8jE9Ns+1N/zE41P94sR0vPJxGCLItbZ+2cO+wlrcXtb5lgI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422736; c=relaxed/simple; bh=q+2JEprIlQ5R8t6RRxPJMKafyGuH3bMWylgYmO6diGc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QpHiiAlU3m1rBqDjLbbCU1LLdZHx7vrpQHYgLUhp5aSfYE+8rr5Gj7GJ6q5UDeNc2w5P6guZ80ujUi+g555f6S/VgsDndv9q2O0UviNz7tmY7G//JPPmMXLP9hvW3gTz0K4a4hKz/unprJIQUKYyhQeZDlAPsrHTekV59YjGzKo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=SG9oqWb5; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="SG9oqWb5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422734; x=1810958734; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=q+2JEprIlQ5R8t6RRxPJMKafyGuH3bMWylgYmO6diGc=; b=SG9oqWb5/Z00CVjXAK9jW330Jh8EoC0sZO0ZZNCZwJEQE7v/M2SQ+jrT RnNmC+/9fP1LoL2LsNXBuDgNo6SuDSDaKjZFKzBzHzcQdR6Ksedr6Rzzt FQ60enz7Pyeq1YFYUwkgpS7lRkgqTAIK9K7Kk+iZdIVJKmjZJgdE6sqE/ SWC+Rj4UPB8zO74hbg//wbw4aNlqoEsEIbtzg5m9fEYjOxsYUMzNmAgHv Q84NmZjzwsmXtGqhZK9DC3qcdhBAqo8ozcHXTnVqurfl7yRb+YExMY6Fz 7WlKVSKUK9K8K5aMoyoqLJ3ALvF1kjdf3Q4J0X+/bghc2NKCZRD0FeE75 g==; X-CSE-ConnectionGUID: FXFfuhObT32VirW+4VnI8A== X-CSE-MsgGUID: bj3anAKSQomSEGfz1d7PiA== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528882" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528882" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:34 -0700 X-CSE-ConnectionGUID: QSLVibgETN6SC3yUt4Z8dg== X-CSE-MsgGUID: XALUMBIXSVKMsFMrjGVFVg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757836" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:30 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 06/15] x86/virt/tdx: Initialize Quoting extension during bringup Date: Fri, 22 May 2026 11:41:19 +0800 Message-Id: <20260522034128.3144354-7-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Initialize the Quoting extension and fetch its metadata during TDX bringup. Because Quoting is an optional TDX feature, do not let its initialization failures cause TDX bringup to fail. This patch does not include the opt-in portion of the initialization. It mainly lays the groundwork for TDX Quoting support. Opt-in will be added in a follow-up patch once the feature can be properly used by the system. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx_global_metadata.h | 5 ++++ arch/x86/virt/vmx/tdx/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 29 ++++++++++++++++++++- arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 11 ++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/= asm/tdx_global_metadata.h index 533afe50a3f1..04f515cd4c1d 100644 --- a/arch/x86/include/asm/tdx_global_metadata.h +++ b/arch/x86/include/asm/tdx_global_metadata.h @@ -45,6 +45,10 @@ struct tdx_sys_info_ext { u8 ext_required; }; =20 +struct tdx_sys_info_quote { + u32 max_quote_size; +}; + struct tdx_sys_info { struct tdx_sys_info_version version; struct tdx_sys_info_features features; @@ -52,6 +56,7 @@ struct tdx_sys_info { struct tdx_sys_info_td_ctrl td_ctrl; struct tdx_sys_info_td_conf td_conf; struct tdx_sys_info_ext ext; + struct tdx_sys_info_quote quote; }; =20 #endif diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index c5bffd118145..3849f4f9cc78 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -49,6 +49,7 @@ #define TDH_EXT_INIT 60 #define TDH_EXT_MEM_ADD 61 #define TDH_SYS_DISABLE 69 +#define TDH_QUOTE_INIT 100 =20 /* * SEAMCALL leaf: diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 67758adefb4a..fb84fb6d952b 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1205,6 +1205,22 @@ static inline u64 tdx_tdr_pa(struct tdx_td *td) return page_to_phys(td->tdr_page); } =20 +static void tdx_quote_init(void) +{ + struct tdx_module_args args =3D {}; + u64 r; + + do { + r =3D seamcall(TDH_QUOTE_INIT, &args); + } while (r =3D=3D TDX_INTERRUPTED_RESUMABLE); + + if (r) + return; + + /* Quoting metadata is valid only after initialization */ + get_tdx_sys_info_quote(&tdx_sysinfo.quote); +} + /* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be us= ed */ static __init int tdx_ext_init(void) { @@ -1306,6 +1322,13 @@ static __init int tdx_ext_mem_setup(void) return ret; } =20 +static int init_tdx_ext_features(void) +{ + tdx_quote_init(); + + return 0; +} + static __init int init_tdx_ext(void) { int ret; @@ -1321,7 +1344,11 @@ static __init int init_tdx_ext(void) if (ret) return ret; =20 - return tdx_ext_init(); + ret =3D tdx_ext_init(); + if (ret) + return ret; + + return init_tdx_ext_features(); } =20 static __init int init_tdx_module(void) diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vm= x/tdx/tdx_global_metadata.c index 3d3b56ef3d2f..f9cc2dd02caf 100644 --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c @@ -113,6 +113,17 @@ static __init int get_tdx_sys_info_ext(struct tdx_sys_= info_ext *sysinfo_ext) return ret; } =20 +static int get_tdx_sys_info_quote(struct tdx_sys_info_quote *sysinfo_quote) +{ + int ret =3D 0; + u64 val; + + if (!ret && !(ret =3D read_sys_metadata_field(0x2300000200000002, &val))) + sysinfo_quote->max_quote_size =3D val; + + return ret; +} + static __init int get_tdx_sys_info(struct tdx_sys_info *sysinfo) { int ret =3D 0; --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9053436729C; Fri, 22 May 2026 04:05:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422739; cv=none; b=eT4ieKcCZGIuI/hzsW+cj9cY3TpHZOInFzR7Xo1r7fB43ymucPHzXTd3PIJvCYEjk25+8l1iKpc5FeGDVt0WO1fWuJkPCRh1OGwe5uUKx4Ps7K/I24SkaM8ATaSy9/khC2grhc2wFXBz8la2FDs3eB0XOSGW0jr0c9NsOlvr5HQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422739; c=relaxed/simple; bh=spf+Km48xzDG5tK9OpIps9/r40MhH5eskXnq/W+lg+s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=niFrQEKjKEibi+tREBkEd5muwwdDxxP8qGWN07XJLILfsl5PvuspJzEXOFXXEcbwV/REP8As1h9zjkIAf3mD6YBgdT2Tdn1jDMKhMcJVOJ2BEoeaYuuNSU90camzgpqB0ipWWnQhdNjGVQPsGeNlxvumpNSDx5xCSfccvedtM4E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gBBaRobg; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gBBaRobg" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422738; x=1810958738; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=spf+Km48xzDG5tK9OpIps9/r40MhH5eskXnq/W+lg+s=; b=gBBaRobgOiPwVTth5ebJFMq9r8ApuEiAhDKSYvWGUW2SdPikARWeCJaC B3Dg7ZiWKxgVRHmvI1DYOdejqb3jEv5seYutsrCjtLYAbcx6iB5uBQ83Z XLQx9rKmSYaELIq2mzfUak9blx8vtirLOssvcHn2MblSCtABfbjdVqb6a LhVxfjfnVQ3FrRg+ArdrMulAHFKMidiFWUCQAjoqRaLuIpCvK5W3hSfrF EiNgIw7O2bV5kzUUMprExPFUR4uMCsXfmjRcliako0uaOdgEZkv6srUhu obFAulK5zgP9d2u6Dg7NVIi1ijScxpj2R1weAgNe+0ZRsg4TM/qUo7pwS Q==; X-CSE-ConnectionGUID: dRCclvsoQfqyggdoA9BFlQ== X-CSE-MsgGUID: Blvqzmn3TwCqb5o73l4YYg== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528890" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528890" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:38 -0700 X-CSE-ConnectionGUID: nbPlj1cHQ36SgE2NwgvTFw== X-CSE-MsgGUID: x33uhmIkTe6xiU5rybc1yA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757842" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:33 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 07/15] x86/virt/tdx: Prepare Quote buffer during extension bringup Date: Fri, 22 May 2026 11:41:20 +0800 Message-Id: <20260522034128.3144354-8-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang The host uses a Quote buffer to communicate with the TDX module when generating Quotes. Because the Quote buffer is shared with TDX guests, prepare the required metadata during Quoting extension bringup. This mostly involves determining the physical addresses of the Quote buffer pages and arranging them in the HPA_LINKED_LIST format defined by the Intel TDX Module ABI specification. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.c | 85 ++++++++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 1 deletion(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index fb84fb6d952b..9d04293394d7 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -61,6 +62,13 @@ static LIST_HEAD(tdx_memlist); static struct tdx_sys_info tdx_sysinfo __ro_after_init; static bool tdx_module_initialized __ro_after_init; =20 +static struct quote_data { + void *buf; + u64 buf_len; + u64 *hpa_list; + phys_addr_t hpa_list_pa; +} quote_data; + typedef void (*sc_err_func_t)(u64 fn, u64 err, struct tdx_module_args *arg= s); =20 static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *a= rgs) @@ -1205,9 +1213,78 @@ static inline u64 tdx_tdr_pa(struct tdx_td *td) return page_to_phys(td->tdr_page); } =20 +#define HPAS_PER_PAGE (PAGE_SIZE / sizeof(u64)) + +static int tdx_quote_create_buf(unsigned int nr_pages, struct quote_data *= qdata) +{ + unsigned long pfn; + u64 qlist_npages; + int err, i, j; + u64 *qlist; + void *qbuf; + + if (!nr_pages) + return -EINVAL; + + /* The last entry of a linked list page points to the next page */ + qlist_npages =3D (u64)DIV_ROUND_UP(nr_pages, HPAS_PER_PAGE - 1); + + qlist =3D vmalloc_array(qlist_npages, PAGE_SIZE); + if (!qlist) { + err =3D -ENOMEM; + goto out_err; + } + + /* + * Make sure unfilled entries are always -1, which means NULL in TDX. + * Only the last page needs to be filled. All the other pages will be + * fully populated. + */ + memset((u8 *)qlist + (qlist_npages - 1) * PAGE_SIZE, 0xff, PAGE_SIZE); + + qbuf =3D vcalloc(nr_pages, PAGE_SIZE); + if (!qbuf) { + err =3D -ENOMEM; + goto out_err; + } + + /* Populate HPA_LINKED_LIST as per TDX ABI spec */ + for (i =3D 0, j =3D 0; j < nr_pages; i++) { + if ((i % HPAS_PER_PAGE) =3D=3D HPAS_PER_PAGE - 1) { + /* + * The last entry always points to the next page. The + * address of the following entry must be on next page's + * boundary. + */ + pfn =3D vmalloc_to_pfn(&qlist[i + 1]); + qlist[i] =3D PFN_PHYS(pfn); + continue; + } + + pfn =3D vmalloc_to_pfn((u8 *)qbuf + j * PAGE_SIZE); + qlist[i] =3D PFN_PHYS(pfn); + j++; + } + + qdata->buf =3D qbuf; + qdata->buf_len =3D (u64)nr_pages * PAGE_SIZE; + qdata->hpa_list =3D qlist; + + pfn =3D vmalloc_to_pfn(qlist); + qdata->hpa_list_pa =3D PFN_PHYS(pfn); + + return 0; + +out_err: + vfree(qlist); + + return err; +} + static void tdx_quote_init(void) { struct tdx_module_args args =3D {}; + unsigned int nr_quote_pages; u64 r; =20 do { @@ -1218,7 +1295,13 @@ static void tdx_quote_init(void) return; =20 /* Quoting metadata is valid only after initialization */ - get_tdx_sys_info_quote(&tdx_sysinfo.quote); + if (get_tdx_sys_info_quote(&tdx_sysinfo.quote)) + return; + + nr_quote_pages =3D PAGE_ALIGN(tdx_sysinfo.quote.max_quote_size) / + PAGE_SIZE; + if (tdx_quote_create_buf(nr_quote_pages, "e_data)) + pr_err("Failed to create quote buffer\n"); } =20 /* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be us= ed */ --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 211AF368970; Fri, 22 May 2026 04:05:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422742; cv=none; b=iy8j5eUOtNsznuaqiiiVc0N8Og7UIz1PPiwqtb5trJZv2zXYdj7PE3Bmn9Fz2c24OiobvPDWG3k5K4L15mSaDxvjivVs+n7Hts8CO4lg5kDVV0i4M5gNOXrNhzoe6gzYQq86NmmLXZGjzmm51IyCimn3SRdR5fr7XagLdeIUKQU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422742; c=relaxed/simple; bh=31ha/xXzWg2Cp2e443o9F/TFSMDVUgUGwpgtyY6pwr8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=RsnOqRjByWtF6NLT+5zTxaECs2F5tHV75/ie6fgYY5miMy81Hkluv6VAMkTiVFLmbQjX+hb9NuuXBFChgrgCf6NYOXaFrGfX7R1i5koMmycpj/erOkd6sf+VgXrpJ6TYpuZneZ53mfE1DRZL9rrD3jSmJRhH7OCesMicEFP+GAc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=EgHK/HOK; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="EgHK/HOK" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422742; x=1810958742; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=31ha/xXzWg2Cp2e443o9F/TFSMDVUgUGwpgtyY6pwr8=; b=EgHK/HOKPxC926a078qBtE+NUs2G1GXASX2Zq8uCFXSQXKSRCNmHW+VB vcZDOELfLclA8rhBQZ+iqnNXofYedRUX5ExPsjRAzPHVhx4QwGr/SOMhG 4xy48GN0sjpcWVC+sACtCHhxkt1HY8uFajGeHGOjflKFLNodfqTzk7EGM bpqO5aIXlDDhDHTHhYOtAY1krnsSECqveB3eKtdv9tuYW/3XDsGovMhqA neouH8BDI+vs+OQlVSg2WNVuHb33YwgH8v6AWZ2QPP8xsfAmHmH95ofrq XuV1RUKVsYhaxR66mL+sbR7g3i83F8C7pUQ16jdXwg1kWQJ2+aMqKI2ft w==; X-CSE-ConnectionGUID: BY42SDdIS8SUfr9d6E7vmw== X-CSE-MsgGUID: ki/k7OGeSmG2ndvcoVle5w== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528895" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528895" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:42 -0700 X-CSE-ConnectionGUID: Fr6Uol6YRiyi6yQ5S0pRhg== X-CSE-MsgGUID: PxoOMIpoQ+GXPTK8MPPh7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757859" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:37 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 08/15] x86/virt/tdx: Add interface to check Quoting availability Date: Fri, 22 May 2026 11:41:21 +0800 Message-Id: <20260522034128.3144354-9-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang KVM needs to know if the Quoting extension is available to determine whether userspace must be involved in Quote generation. Since the Quote buffer is always created during Quoting extension bringup, checking whether the buffer exists is sufficient. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx.h | 2 ++ arch/x86/virt/vmx/tdx/tdx.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 15eac89b0afb..7b257088aa1e 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -176,6 +176,8 @@ struct tdx_vp { struct page **tdcx_pages; }; =20 +bool tdx_quote_enabled(void); + static inline u64 mk_keyed_paddr(u16 hkid, struct page *page) { u64 ret; diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 9d04293394d7..b305fa5aab5c 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1213,6 +1213,21 @@ static inline u64 tdx_tdr_pa(struct tdx_td *td) return page_to_phys(td->tdr_page); } =20 +/** + * tdx_quote_enabled() - Check whether TDX Quoting extension is available + * + * Return: %true if the Quoting extension is available, otherwise %false. + */ +bool tdx_quote_enabled(void) +{ + /* + * No need for locking here. The quote buffer is initialized as part of + * core TDX bringup, which comes before KVM is ready for userspace. + */ + return !!quote_data.buf; +} +EXPORT_SYMBOL_FOR_KVM(tdx_quote_enabled); + #define HPAS_PER_PAGE (PAGE_SIZE / sizeof(u64)) =20 static int tdx_quote_create_buf(unsigned int nr_pages, struct quote_data *= qdata) --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CAD69368D7E; Fri, 22 May 2026 04:05:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422746; cv=none; b=D9+xNQ2rr44oeC20N80WO0XIsMrnGsOPWjrSb7hSLy7U5Y4anvx3Kd10fYEXX2hQkZFyggVMdrOm0Yyte3t4X+zWfIK22kDYRlxi1TAQctv58borOL9DT/6NryrfkkHy+YIdch0oF9JIBsqMgbhQaJ6ex63PG3sNnB5PaU5sAMI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422746; c=relaxed/simple; bh=lQIjaplD7AjyPfmiPear7uZRcXEEq3JOJ/gaDQHmDFI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Gj96jX/KXKHrUg8agy6kDfws6SDBQHYSbyHi3staHwj9YU/3m4+FLTc5VW4+Q8C34CWK8MCYloJUIre8dlDXpadYBGty9lNdzxBhtHS1udaL+395GTfQmn4gpCUij5xxHIqZZeXqJVTnngWQFJj8t1f6u+qH847+nWh3UN8b2pc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=bT2cfjqU; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="bT2cfjqU" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422745; x=1810958745; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=lQIjaplD7AjyPfmiPear7uZRcXEEq3JOJ/gaDQHmDFI=; b=bT2cfjqUP3A3S/SHW/60pqxaDBMdHvT0F5449JqSEw8YlRdNyuyw7sn1 CKSW4jO5JhwDjbyq1J8nwULpbGhN+paadgzBsTsIbrT4JkJSil+VaDjbv QPmnAh2hs1btfF2Cs9yarUVHbTVVG4LNQ2t0JXvbSK0SBjVORf9K0xg13 PxsIgGEcd/lfkI2O93JkstzO5jd7C4G+av6qbVfzPCBrbmWSeS9hXIY6j u0CASRq20TYIFdyr8KP0aPtkXr2FII6zE5T4yCm5JCjkXtbo6RT0hfoFp vp71YcCU4tL68lyecFc3oABU6bLk2wXXLiEurjIwSnQyuhR5Ob4w7kr/p g==; X-CSE-ConnectionGUID: UtyZROrDTJWPEkureNP9Jg== X-CSE-MsgGUID: 4eOtEfWgQxeaV5jG87P0PA== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528901" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528901" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:45 -0700 X-CSE-ConnectionGUID: JNHyvX8VTnyNB0HuqFw4zw== X-CSE-MsgGUID: oJIeWRLxTvuFxyyRUQXRhw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757876" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:41 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 09/15] x86/virt/tdx: Add interface to generate a Quote Date: Fri, 22 May 2026 11:41:22 +0800 Message-Id: <20260522034128.3144354-10-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Use the TDX Quoting extension's TDH.QUOTE.GET SEAMCALL to generate a Quote. Since the interface is shared across all KVM instances, serialize access to the SEAMCALL buffer with a mutex. Allocate and return a per-call buffer containing the generated Quote so callers don't need to size the Quote buffer themselves. The caller is responsible for freeing the returned buffer. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx.h | 2 + arch/x86/virt/vmx/tdx/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 82 +++++++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 7b257088aa1e..bc512a00a0d0 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -177,6 +177,8 @@ struct tdx_vp { }; =20 bool tdx_quote_enabled(void); +void *tdx_quote_generate(struct tdx_td *td, void *in_data, u32 in_data_len, + u32 *quote_len); =20 static inline u64 mk_keyed_paddr(u16 hkid, struct page *page) { diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 3849f4f9cc78..01a7d7d8ada9 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -49,6 +49,7 @@ #define TDH_EXT_INIT 60 #define TDH_EXT_MEM_ADD 61 #define TDH_SYS_DISABLE 69 +#define TDH_QUOTE_GET 98 #define TDH_QUOTE_INIT 100 =20 /* diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index b305fa5aab5c..821f677e9a86 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -62,6 +62,8 @@ static LIST_HEAD(tdx_memlist); static struct tdx_sys_info tdx_sysinfo __ro_after_init; static bool tdx_module_initialized __ro_after_init; =20 +static DEFINE_MUTEX(tdx_quote_lock); + static struct quote_data { void *buf; u64 buf_len; @@ -1228,6 +1230,86 @@ bool tdx_quote_enabled(void) } EXPORT_SYMBOL_FOR_KVM(tdx_quote_enabled); =20 +#define QUOTE_ID_MASK GENMASK_U64(47, 32) + +static u64 tdx_quote_get(struct tdx_td *td, u64 in_data_pa, u64 in_data_le= n, + u64 hpa_list_pa, u64 total_len, u64 *quote_len) +{ + struct tdx_module_args args =3D { + .rcx =3D tdx_tdr_pa(td), + /* Don't bother specifying the quote id */ + .rdx =3D QUOTE_ID_MASK & (u64)-1, + .r8 =3D in_data_pa, + .r9 =3D in_data_len, + .r10 =3D hpa_list_pa, + .r11 =3D total_len, + }; + u64 r; + + do { + r =3D seamcall_ret(TDH_QUOTE_GET, &args); + } while (r =3D=3D TDX_INTERRUPTED_RESUMABLE); + + *quote_len =3D args.rcx; + + return r; +} + +/** + * tdx_quote_generate() - Generate a quote for a TD + * @td: The TD to generate the quote for. + * @in_data: Input data for the quote request. + * @in_data_len: Size of the input data in bytes. + * @quote_len: Returned size of the generated quote in bytes. + * + * Use the TDX Quoting extension to generate a TD quote. Pass the input da= ta + * through the shared quote buffer and return the quote. + * + * Return: Newly allocated quote buffer or %NULL on failure. + * The caller must free the returned buffer with kvfree(). + */ +void *tdx_quote_generate(struct tdx_td *td, void *in_data, u32 in_data_len, + u32 *quote_len) +{ + void *quote_dup =3D NULL; + u64 r, out_len; + + if (!tdx_quote_enabled()) + return NULL; + + /* TDH.QUOTE.GET expects the input data to fit in a page */ + if (in_data_len > PAGE_SIZE) + return NULL; + + mutex_lock(&tdx_quote_lock); + + /* + * Use the first page of the quote buffer for input data. The buffer + * must be at least one page in size. @in_data may not be page-aligned, + * but TDH.QUOTE.GET expects page-aligned addresses. + */ + memcpy(quote_data.buf, in_data, (size_t)in_data_len); + + r =3D tdx_quote_get(td, quote_data.hpa_list[0], (u64)in_data_len, + quote_data.hpa_list_pa, quote_data.buf_len, &out_len); + if (r || !out_len || out_len > quote_data.buf_len) + goto out; + + /* + * The quote buffer is a shared resource, so use it only for the + * SEAMCALL and copy the data out as soon as possible. + */ + quote_dup =3D kvmemdup(quote_data.buf, out_len, GFP_KERNEL); + +out: + mutex_unlock(&tdx_quote_lock); + + *quote_len =3D (u32)out_len; + + return quote_dup; +} +EXPORT_SYMBOL_FOR_KVM(tdx_quote_generate); + #define HPAS_PER_PAGE (PAGE_SIZE / sizeof(u64)) =20 static int tdx_quote_create_buf(unsigned int nr_pages, struct quote_data *= qdata) --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 776E136A36D; Fri, 22 May 2026 04:05:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422749; cv=none; b=YnvwhQnizzk6AB8XQeryTWoE75ztiRwG9U8kX2LC556tXim0eb38sKEMS6nSy9vZw0ceVo/crdufytyuMpVMJFFWebz7sLUSJZtrTFD2rSHNIWJqkAl+JgiqnQUiiRRkR9Y136WTIH3w2pCKE46GPat86PxnnTvf4NCM5hmAY8U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422749; c=relaxed/simple; bh=ayILJB26GsLv0UIRr6dMv36Ehz2Pd3llJF0H2eLreiM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=IgbSferVcX4oCpAbIyGXx8A9gQve9RZ6Ze6C8Cyzy1vJztpaT+FUygxzWlke0TSHX+wX/AmmumEYoWAQ1qGxNSLQD4U5ChWT77JADH02B9y/CIjgyEZy5exJIahSdmDUGBcvsKEazM5xVLJrtIX6Tf0sT9dsvHokqftRBC7kSoA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YicjNAjZ; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YicjNAjZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422749; x=1810958749; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ayILJB26GsLv0UIRr6dMv36Ehz2Pd3llJF0H2eLreiM=; b=YicjNAjZ9mCrs6tSlVKJpva+sNArylta2U2HPlaINpxBIwfIOgk1HlWy B4igYcqetb2ytXt+Jlx+RmRrAIV9LwONk2tcmAhfgPbA+cGkuoNgou48/ 8x6ySU7YD451FgDfar0YE0TGc+bLPobkeKzfHkzsR+FpFRzvexcCTFJHN WRlGCIlKd1IDi2bkfXsru9shl4X66ToLjAfo3kP2N/KaHmy1IHUDgFYfl X0GNxTxGfwxwTSUXR9pi203OtRyCCcKt4fFlOOH2C9D60s5i2kUqkV8f6 bDn37DiBA2FcKczUJt4pNSUZkB5G4UwbXzf8JXTsNWvdc73S1M+exqlbb g==; X-CSE-ConnectionGUID: z8Gy7DvLQqyhZW0z29vVMw== X-CSE-MsgGUID: hgtgdrUZSv+cRZgwbdWrLw== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528908" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528908" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:49 -0700 X-CSE-ConnectionGUID: 3eAKhtlCRpOtc5Gsvzp4uw== X-CSE-MsgGUID: aZiwCtXSQXOT7UrNCWlJNQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757886" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:44 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 10/15] x86/tdx: Move and rename Quote request structure Date: Fri, 22 May 2026 11:41:23 +0800 Message-Id: <20260522034128.3144354-11-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang struct tdx_quote_buf is currently used only by the guest, but the Quote buffer format will also be needed by the host for in-kernel Quote generation. Move the definition to tdx.h so it can be shared by both. Rename the struct to tdx_quote_req to better reflect its purpose. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx.h | 21 +++++++++++++++++++++ drivers/virt/coco/tdx-guest/tdx-guest.c | 25 +++---------------------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index bc512a00a0d0..945e6817abb2 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -96,6 +96,27 @@ static inline long tdx_kvm_hypercall(unsigned int nr, un= signed long p1, } #endif /* CONFIG_INTEL_TDX_GUEST && CONFIG_KVM_GUEST */ =20 +#if defined(CONFIG_INTEL_TDX_GUEST) || defined(CONFIG_KVM_INTEL_TDX) +/* struct tdx_quote_req: Format of Quote request message. + * @version: Quote format version, filled by TD. + * @status: Status code of Quote request, filled by VMM. + * @in_len: Length of TDREPORT, filled by TD. + * @out_len: Length of Quote data, filled by VMM. + * @data: Quote data on output or TDREPORT on input. + * + * More details of Quote request message can be found in TDX + * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, + * section titled "TDG.VP.VMCALL" + */ +struct tdx_quote_req { + u64 version; + u64 status; + u32 in_len; + u32 out_len; + u8 data[]; +}; +#endif /* CONFIG_INTEL_TDX_GUEST || CONFIG_KVM_INTEL_TDX */ + #ifdef CONFIG_INTEL_TDX_HOST u64 __seamcall(u64 fn, struct tdx_module_args *args); u64 __seamcall_ret(u64 fn, struct tdx_module_args *args); diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/td= x-guest/tdx-guest.c index a9ecc46df187..d0ddbbc98fb8 100644 --- a/drivers/virt/coco/tdx-guest/tdx-guest.c +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c @@ -171,26 +171,7 @@ static void tdx_mr_deinit(const struct attribute_group= *mr_grp) #define GET_QUOTE_SUCCESS 0 #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff =20 -#define TDX_QUOTE_MAX_LEN (GET_QUOTE_BUF_SIZE - sizeof(struct tdx_quote_b= uf)) - -/* struct tdx_quote_buf: Format of Quote request buffer. - * @version: Quote format version, filled by TD. - * @status: Status code of Quote request, filled by VMM. - * @in_len: Length of TDREPORT, filled by TD. - * @out_len: Length of Quote data, filled by VMM. - * @data: Quote data on output or TDREPORT on input. - * - * More details of Quote request buffer can be found in TDX - * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, - * section titled "TDG.VP.VMCALL" - */ -struct tdx_quote_buf { - u64 version; - u64 status; - u32 in_len; - u32 out_len; - u8 data[]; -}; +#define TDX_QUOTE_MAX_LEN (GET_QUOTE_BUF_SIZE - sizeof(struct tdx_quote_r= eq)) =20 /* Quote data buffer */ static void *quote_data; @@ -250,7 +231,7 @@ static void *alloc_quote_buf(void) * or error code after processing is complete. So wait till the status * changes from GET_QUOTE_IN_FLIGHT or the request being timed out. */ -static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 = timeout) +static int wait_for_quote_completion(struct tdx_quote_req *quote_buf, u32 = timeout) { int i =3D 0; =20 @@ -269,7 +250,7 @@ static int wait_for_quote_completion(struct tdx_quote_b= uf *quote_buf, u32 timeou static int tdx_report_new_locked(struct tsm_report *report, void *data) { u8 *buf; - struct tdx_quote_buf *quote_buf =3D quote_data; + struct tdx_quote_req *quote_buf =3D quote_data; struct tsm_report_desc *desc =3D &report->desc; u32 out_len; int ret; --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0F41B36F433; Fri, 22 May 2026 04:05:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422753; cv=none; b=NN+/DfQYHOBpGlZlb1MQD5oqLPlh55mp6LM3/zucQSrQkW/vOMDAkN71soC9xHACcA9NP9ufqjPOg5rldPqHc6oY1GnKqluXNRVfcL155CtbHQWbhot8xlaZnZAatKyINSgEQbwCCfTw8cGMP5++gnirVJtfUB97+19rAb3hO0A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422753; c=relaxed/simple; bh=bYIW/dXAcCY3Mtrycdf2Daqs+vYLOCWFpgtg9fDgkdk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=prz9QjyjKo+jnP3v7bdbCBsyiDEHTDAGXEWucYThOJBSQOfIEbJNRL/he59FUVMrHaOZPyMog3951MVPgoOah8eIsULpZdezca8UvGZ3UZUhQrooChW4FLzxi1dwfNyjMw/hmBCUSJTJ2TwSuOiW7QsP4kEJY3FkrLhePE0Pu0U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=fM5GD6li; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="fM5GD6li" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422753; x=1810958753; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=bYIW/dXAcCY3Mtrycdf2Daqs+vYLOCWFpgtg9fDgkdk=; b=fM5GD6lihDILkXB6GpyoGQSf3GWAGgmJLobKcl/y2eSVulBgUwQfj/7t S+TjSvxEaLl+hZpfElvuB3aNiJuIkbA1pKG9ad8kTdGPI75x8tE4jTOym 2H2lpcoNfA/YNmxkN/CI4j3a3T/iRWEzeVv05PHPyGS5IteeNJKn3V13p viaugIAoHup8srd3iFc6eWOM9egpZ+ZY2EnQc1iJNk6G6yJftu4DexZFT 0Hhix5TzNGZ7UyjnUDwVb3tZogrhsl+16lf2MKNTk1/b6mfJf0pCH0rvW JN/aNOUxysKxLhf9XGBDSmBFhjHVcU7cgP4BGWM4+ijS0IUc7z0wh0B/N A==; X-CSE-ConnectionGUID: SWmFP1+0QsC7w3bTAQlLrw== X-CSE-MsgGUID: K1+q5G8WSXmiitivhtgCJg== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528912" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528912" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:52 -0700 X-CSE-ConnectionGUID: 4PaC6CtpT+GuQzFBrdSJHQ== X-CSE-MsgGUID: P7z+ufonTvGYuWgkcskn0w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757903" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:48 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 11/15] KVM: TDX: Factor out userspace return path from tdx_get_quote() Date: Fri, 22 May 2026 11:41:24 +0800 Message-Id: <20260522034128.3144354-12-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Separate the logic that returns GetQuote to userspace so that tdx_get_quote() can be extended to support in-kernel quote generation. No functional change intended. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/kvm/vmx/tdx.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index ed12805bbb44..9f7c39e0d4b5 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1524,6 +1524,20 @@ static int tdx_complete_simple(struct kvm_vcpu *vcpu) return 1; } =20 +static int tdx_get_quote_user(struct kvm_vcpu *vcpu, u64 gpa, u64 size) +{ + vcpu->run->exit_reason =3D KVM_EXIT_TDX; + vcpu->run->tdx.flags =3D 0; + vcpu->run->tdx.nr =3D TDVMCALL_GET_QUOTE; + vcpu->run->tdx.get_quote.ret =3D TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED; + vcpu->run->tdx.get_quote.gpa =3D gpa; + vcpu->run->tdx.get_quote.size =3D size; + + vcpu->arch.complete_userspace_io =3D tdx_complete_simple; + + return 0; +} + static int tdx_get_quote(struct kvm_vcpu *vcpu) { struct vcpu_tdx *tdx =3D to_tdx(vcpu); @@ -1536,16 +1550,9 @@ static int tdx_get_quote(struct kvm_vcpu *vcpu) return 1; } =20 - vcpu->run->exit_reason =3D KVM_EXIT_TDX; - vcpu->run->tdx.flags =3D 0; - vcpu->run->tdx.nr =3D TDVMCALL_GET_QUOTE; - vcpu->run->tdx.get_quote.ret =3D TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED; - vcpu->run->tdx.get_quote.gpa =3D gpa & ~gfn_to_gpa(kvm_gfn_direct_bits(td= x->vcpu.kvm)); - vcpu->run->tdx.get_quote.size =3D size; - - vcpu->arch.complete_userspace_io =3D tdx_complete_simple; + gpa &=3D ~gfn_to_gpa(kvm_gfn_direct_bits(vcpu->kvm)); =20 - return 0; + return tdx_get_quote_user(vcpu, gpa, size); } =20 static int tdx_setup_event_notify_interrupt(struct kvm_vcpu *vcpu) --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A94F736F910; Fri, 22 May 2026 04:05:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422757; cv=none; b=Aqq0AMlZbgz4zI7xreqCf7YRyuwJQr/0ziwULOlUD2dTT+cDvRw0C6TUUQwAk0aZmW9F8silXbunfhNnNs/xc8Ra7hljhbADBDk6Ofi7O3blTu3KKH/PfPhTDvMOg3xrup5avPrFVgCX5OJZiAoEKaYqCrZZT1MORBfRkZSzpCw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422757; c=relaxed/simple; bh=jfWMgmbUk563zhcrm+vODqwHxXh19W0SoPcTnCLRL6Y=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=O0zF5S3sIu7xir0rwSqW9uodBe1yaHAQeMB5Us9dcPKg48DwC77SZG0Ah7Mey51P1FAtuyprw2VXs1ytKm71wlRUN2u8ig6WjGypWFeFb4hhryMOt/P0gvAXTKaYrnrEEqt5uoBMB8M8ydoNU8RDeC9wZa7Qr2tZAvHtTJw68mY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=c8eAdZL+; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="c8eAdZL+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422756; x=1810958756; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=jfWMgmbUk563zhcrm+vODqwHxXh19W0SoPcTnCLRL6Y=; b=c8eAdZL+luQ/h5+XEDq8/fxDv+8g3kATfaPE6WMuX56T1u3/Cc+GMNtw WRisSjgVNC5pj8rYRLnV1PiUVHD440EGtkEiZDAbQ4cYchElLj9avIgzp T1zh1EmLVGGFS4vtJhPNpnDl2+zEcMLCFA7fwIYpA11uah41MB+5o6Keq UCzZfsONPkE4ze85QEMF5gKKbthWwtSO0/Wf+tUwlQRSboATbpElZcAl6 uXyVYfSO5rhXE0gM5BOnAzJmTLxVQbCAjJV7amR91UsoqxqmQ1SaW+3aw 8YhyOHLsUH3DdzGuHOl8vreHkYqsYCgDSR+mg51zHCXVHHMhidc1nJZ/Q w==; X-CSE-ConnectionGUID: jIdcWKX5SQaQMpOb/0UAIQ== X-CSE-MsgGUID: wv4rYH3FR8GyMhHqKe7Dqw== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528917" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528917" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:05:56 -0700 X-CSE-ConnectionGUID: 43lUnzLqQYGvusGc9f1COA== X-CSE-MsgGUID: ZYyTKD/TTAGvlPAlCFuPaw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757919" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:52 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 12/15] KVM: TDX: Add in-kernel Quote generation Date: Fri, 22 May 2026 11:41:25 +0800 Message-Id: <20260522034128.3144354-13-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Provide an in-kernel path for TDX Quote generation when handling TDG.VP.VMCALL, without requiring an exit to userspace. Use the core TDX API when the TDX Quoting extension is available. For simplicity, each KVM guest checks for availability only once during initialization. KVM does not handle Quoting service disruptions. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- arch/x86/include/asm/tdx.h | 9 +++ arch/x86/kvm/vmx/tdx.h | 6 ++ arch/x86/kvm/vmx/tdx.c | 135 ++++++++++++++++++++++++++++++++++++- virt/kvm/kvm_main.c | 1 + 4 files changed, 150 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 945e6817abb2..5863d6748100 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -115,6 +115,15 @@ struct tdx_quote_req { u32 out_len; u8 data[]; }; + +#define TDX_QUOTE_REQ_HDR_SIZE (offsetof(struct tdx_quote_req, data)) + +/* + * TDG.VP.VMCALL Status Codes + */ +#define TDX_QUOTE_STATUS_SUCCESS 0x0000000000000000ULL +#define TDX_QUOTE_STATUS_ERROR 0x8000000000000000ULL +#define TDX_QUOTE_STATUS_UNAVAILABLE 0x8000000000000001ULL #endif /* CONFIG_INTEL_TDX_GUEST || CONFIG_KVM_INTEL_TDX */ =20 #ifdef CONFIG_INTEL_TDX_HOST diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index ac8323a68b16..18c93e80c0ec 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -47,6 +47,12 @@ struct kvm_tdx { * Set/unset is protected with kvm->mmu_lock. */ bool wait_for_sept_zap; + + /* + * Whether to get TDX quote directly in kernel, without exiting to + * userspace. + */ + bool get_quote_in_kernel; }; =20 /* TDX module vCPU states */ diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 9f7c39e0d4b5..bade046da5a1 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1538,11 +1538,133 @@ static int tdx_get_quote_user(struct kvm_vcpu *vcp= u, u64 gpa, u64 size) return 0; } =20 +static bool write_quote_status_to_guest(struct kvm_vcpu *vcpu, u64 status, + gpa_t gpa) +{ + if (kvm_vcpu_write_guest(vcpu, + gpa + offsetof(struct tdx_quote_req, status), + &status, sizeof(status))) + return false; + + return true; +} + +static bool write_quote_to_guest(struct kvm_vcpu *vcpu, void *quote_data, + u32 quote_len, gpa_t gpa) +{ + if (kvm_vcpu_write_guest(vcpu, + gpa + TDX_QUOTE_REQ_HDR_SIZE, + quote_data, quote_len)) + return false; + + if (kvm_vcpu_write_guest(vcpu, + gpa + offsetof(struct tdx_quote_req, out_len), + "e_len, sizeof(quote_len))) + return false; + + return true; +} + +static u64 __get_quote_kernel(struct kvm_vcpu *vcpu, struct tdx_quote_req = *req, + size_t req_len, gpa_t req_gpa, size_t total_len) +{ + struct tdx_td *td =3D &to_kvm_tdx(vcpu->kvm)->td; + + /* Only support version 1 as defined in the GHCI spec */ + if (req->version !=3D 1) + return TDX_QUOTE_STATUS_ERROR; + + if ((size_t)req->in_len + TDX_QUOTE_REQ_HDR_SIZE > req_len) + return TDX_QUOTE_STATUS_ERROR; + + /* The caller frees the quote data */ + void *quote_data __free(kvfree) =3D + tdx_quote_generate(td, req->data, req->in_len, &req->out_len); + + if (!quote_data) + return TDX_QUOTE_STATUS_UNAVAILABLE; + + if ((size_t)req->out_len + TDX_QUOTE_REQ_HDR_SIZE > total_len) + return TDX_QUOTE_STATUS_ERROR; + + if (!write_quote_to_guest(vcpu, quote_data, req->out_len, req_gpa)) + return TDX_QUOTE_STATUS_ERROR; + + return TDX_QUOTE_STATUS_SUCCESS; +} + +static u64 tdx_get_quote_check_args(struct kvm_vcpu *vcpu, u64 gpa, u64 si= ze) +{ + gfn_t gfn_start, gfn_end; + u64 end; + + if (!size) + return TDVMCALL_STATUS_INVALID_OPERAND; + + if (!PAGE_ALIGNED(gpa) || !PAGE_ALIGNED(size)) + return TDVMCALL_STATUS_ALIGN_ERROR; + + if (check_add_overflow(gpa, size, &end)) + return TDVMCALL_STATUS_INVALID_OPERAND; + + gfn_start =3D gpa_to_gfn(gpa); + gfn_end =3D gpa_to_gfn(end); + + /* + * Reject if the guest didn't explicitly convert its quote pages to + * shared. + */ + if (!kvm_range_has_memory_attributes(vcpu->kvm, gfn_start, gfn_end, + KVM_MEMORY_ATTRIBUTE_PRIVATE, 0)) + return TDVMCALL_STATUS_INVALID_OPERAND; + + return TDVMCALL_STATUS_SUCCESS; +} + +static int tdx_get_quote_kernel(struct kvm_vcpu *vcpu, u64 gpa, u64 size) +{ + void *first_page =3D NULL; + u64 err, qerr; + + err =3D tdx_get_quote_check_args(vcpu, gpa, size); + if (err !=3D TDVMCALL_STATUS_SUCCESS) + goto out; + + err =3D TDVMCALL_STATUS_INVALID_OPERAND; + + first_page =3D kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!first_page) + goto out; + + /* + * Read the first GetQuote page for its header + in_data. The check + * above ensures that this GetQuote message is at least one page in + * size. in_data spanning more than a page is not supported. + */ + if (kvm_vcpu_read_guest(vcpu, gpa, first_page, PAGE_SIZE)) + goto out; + + qerr =3D __get_quote_kernel(vcpu, first_page, PAGE_SIZE, + (gpa_t)gpa, size); + + if (write_quote_status_to_guest(vcpu, qerr, (gpa_t)gpa) && + qerr =3D=3D TDX_QUOTE_STATUS_SUCCESS) + err =3D TDVMCALL_STATUS_SUCCESS; + +out: + kfree(first_page); + tdvmcall_set_return_code(vcpu, err); + + return 1; +} + static int tdx_get_quote(struct kvm_vcpu *vcpu) { + struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(vcpu->kvm); struct vcpu_tdx *tdx =3D to_tdx(vcpu); u64 gpa =3D tdx->vp_enter_args.r12; u64 size =3D tdx->vp_enter_args.r13; + int ret; =20 /* The gpa of buffer must have shared bit set. */ if (vt_is_tdx_private_gpa(vcpu->kvm, gpa)) { @@ -1552,7 +1674,12 @@ static int tdx_get_quote(struct kvm_vcpu *vcpu) =20 gpa &=3D ~gfn_to_gpa(kvm_gfn_direct_bits(vcpu->kvm)); =20 - return tdx_get_quote_user(vcpu, gpa, size); + if (kvm_tdx->get_quote_in_kernel) + ret =3D tdx_get_quote_kernel(vcpu, gpa, size); + else + ret =3D tdx_get_quote_user(vcpu, gpa, size); + + return ret; } =20 static int tdx_setup_event_notify_interrupt(struct kvm_vcpu *vcpu) @@ -2751,6 +2878,12 @@ static int tdx_td_init(struct kvm *kvm, struct kvm_t= dx_cmd *cmd) else kvm->arch.gfn_direct_bits =3D TDX_SHARED_BIT_PWL_4; =20 + /* + * Check only once at TD creation. If the quoting service gets disrupted + * during TD runtime, let the user handle it. + */ + kvm_tdx->get_quote_in_kernel =3D tdx_quote_enabled(); + kvm_tdx->state =3D TD_STATE_INITIALIZED; out: /* kfree() accepts NULL. */ diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 89489996fbc1..599f88a13071 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2461,6 +2461,7 @@ bool kvm_range_has_memory_attributes(struct kvm *kvm,= gfn_t start, gfn_t end, =20 return true; } +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_range_has_memory_attributes); =20 static __always_inline void kvm_handle_gfn_range(struct kvm *kvm, struct kvm_mmu_notifier_range *range) --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55E52371CF4; Fri, 22 May 2026 04:05:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422760; cv=none; b=SK3sVHkH59+oVF7gCXi5NFxqkaUO7nptUWv5gUprLyeTC5NCL6KUcn293LksdePQklOYfxyWB9G/We4OcbTJ0SZOTkS9hGnaJzxKh4MNsvthjQF2O5V5xDqkjipqNOwjC5xv8YtWYpncvU4VsivBUaL/L2u1v99sofVSbhC4Njo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422760; c=relaxed/simple; bh=8ymCjBYlGqF8pPYfR9+OToil8KwvC5uuqR0U1MvIwag=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bQVFldlOO2tpbJLvUyDKMz9M6zkPldZTMkDr6+DKm5sjwRjBXqQcIQvVL6LRLclaV1sgCzLWjDPSTyIthMqxfNHbhNEWErjyFb26EmDWGvS6k10DUelzTHWxvP6bZVnaKVpCFcOKppt9H7zifbTTdqX3RjcLyoyyC4D1lKLG4Pg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=DjF/GZnE; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DjF/GZnE" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422760; x=1810958760; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8ymCjBYlGqF8pPYfR9+OToil8KwvC5uuqR0U1MvIwag=; b=DjF/GZnEViqA2VYPXwRSRflA94b4MeIGta5N2cYFquZjk4RwLK2FFEx+ DLDtU6/u/04H7ma0V4BEfpJ+7flO0XCQ7Dv0OXAabBPf0MckTRvw89kK5 cmHhkw8PmFyC86aV2W3X/mjgZ/SJo+Wg46EonWp4RKdSyXcWosKU3eyaq 8LJe9KM32F9xdl/j10awBQLDwPWmaHpNzFp2VZV1Rl+FSWSrjUk10EuVU na9I8LUriA0WFmzZJ8ykDeoehUihVp/0Pb1OUq0zB6Wu3KWHG9ekWdh4g F1Ovv2Efh2v5UXYZJUFDoOiqt6rWnhftd7E0VfEUJbMsQPyV0lbcVRol5 g==; X-CSE-ConnectionGUID: 6nTSB2/qSpKfrJX/Azi7Aw== X-CSE-MsgGUID: bhNndQUERFm40lV1qMwtrA== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528924" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528924" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:06:00 -0700 X-CSE-ConnectionGUID: JHPT7t9PRlOsLysMRo9Acw== X-CSE-MsgGUID: ZbGWsh5sQXSbHMXb+vftww== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757929" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:55 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 13/15] KVM: TDX: Support event-notify interrupts only with userspace quoting Date: Fri, 22 May 2026 11:41:26 +0800 Message-Id: <20260522034128.3144354-14-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Tie userspace SetupEventNotifyInterrupt support to userspace Quote generation. Delivering event-notify interrupts via userspace breaks if KVM never exits to userspace in the first place. No known guest currently requires event-notify interrupt support, so defer adding in-kernel support for now. Linux TDX guests use polling only. Update the KVM API Documentation to reflect the change. Signed-off-by: Peter Fang Signed-off-by: Xu Yilun --- Documentation/virt/kvm/api.rst | 8 +++++++- arch/x86/kvm/vmx/tdx.c | 20 +++++++++++++++++--- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 52bbbb553ce1..8a02745a36ee 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -7335,6 +7335,9 @@ inputs and outputs of the TDVMCALL. Currently the fo= llowing values of queued successfully, the TDX guest can poll the status field in the shared-memory area to check whether the Quote generation is completed or not. When completed, the generated Quote is returned via the same buffe= r. + If the host kernel generates Quotes through the TDX Quoting service pro= vided + by the TDX module, KVM processes the GetQuote request and it will not a= ppear + in userspace. KVM only supports version 1 of the GetQuote request. =20 * ``TDVMCALL_GET_TD_VM_CALL_INFO``: the guest has requested the support status of TDVMCALLs. The output values for the given leaf should be @@ -7342,7 +7345,10 @@ inputs and outputs of the TDVMCALL. Currently the f= ollowing values of field of the union. =20 * ``TDVMCALL_SETUP_EVENT_NOTIFY_INTERRUPT``: the guest has requested to - set up a notification interrupt for vector ``vector``. + set up a notification interrupt for vector ``vector``. Since this TDVM= CALL + is used to optimize ``TDVMCALL_GET_QUOTE``, KVM disables this support in + userspace VMM if ``TDVMCALL_GET_QUOTE`` is completely handled in the ke= rnel. + KVM may add kernel support for this in the future. =20 KVM may add support for more values in the future that may cause a userspa= ce exit, even without calls to ``KVM_ENABLE_CAP`` or similar. In this case, diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index bade046da5a1..5aebbec7fa6e 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -185,7 +185,7 @@ static void td_init_cpuid_entry2(struct kvm_cpuid_entry= 2 *entry, unsigned char i tdx_clear_unsupported_cpuid(entry); } =20 -#define TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT BIT(1) +#define TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT BIT_ULL(1) =20 static int init_kvm_tdx_caps(const struct tdx_sys_info_td_conf *td_conf, struct kvm_tdx_capabilities *caps) @@ -202,8 +202,15 @@ static int init_kvm_tdx_caps(const struct tdx_sys_info= _td_conf *td_conf, =20 caps->cpuid.nent =3D td_conf->num_cpuid_config; =20 - caps->user_tdvmcallinfo_1_r11 =3D - TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT; + /* + * Don't advertise userspace event-notify interrupt support if TDX + * quoting service is enabled, as quote generation will be done entirely + * in the kernel. Support in the kernel can be added later if needed. + */ + if (!tdx_quote_enabled()) { + caps->user_tdvmcallinfo_1_r11 |=3D + TDVMCALLINFO_SETUP_EVENT_NOTIFY_INTERRUPT; + } =20 for (i =3D 0; i < td_conf->num_cpuid_config; i++) td_init_cpuid_entry2(&caps->cpuid.entries[i], i); @@ -1684,9 +1691,16 @@ static int tdx_get_quote(struct kvm_vcpu *vcpu) =20 static int tdx_setup_event_notify_interrupt(struct kvm_vcpu *vcpu) { + struct kvm_tdx *kvm_tdx =3D to_kvm_tdx(vcpu->kvm); struct vcpu_tdx *tdx =3D to_tdx(vcpu); u64 vector =3D tdx->vp_enter_args.r12; =20 + /* See init_kvm_tdx_caps() for comments */ + if (kvm_tdx->get_quote_in_kernel) { + tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_SUBFUNC_UNSUPPORTED); + return 1; + } + if (vector < 32 || vector > 255) { tdvmcall_set_return_code(vcpu, TDVMCALL_STATUS_INVALID_OPERAND); return 1; --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0730836F906; Fri, 22 May 2026 04:06:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422764; cv=none; b=mQVfNnSsDnKJjnQoDcz8ZA+3imfPGUQ9JgtLPSyazwNe7IEcZG8toNp6jaUKNsJhi4pMxKdiAPTTZYPFEzPatQw53Hedd7BIU8knPd2efxP8cX0HcHWwJ02S6Ir1hDrPonqtIJ4gzs61adq/C64NGoB2d1V3U7Md3VE5saLcAvQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422764; c=relaxed/simple; bh=aDZKpalIG8poSUU5P/VEw+KG1TVNT7uoOGEiPHoS6Gs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iGN/f3Q9XBycYUaQR1mHoalk2X9W7LUhX3QzSAarJ+tyQ07Zrv0rIZ7/cy6qBjRhHj5aWlYI9xprFSrOKBCn29x1bfADjYsIR45qejHJ6lA5p86o3DyffGjUVTStY8eg2y37metP+rs4R1AAqNzgb0soaqYOkdhGRVl2bSvRsvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=CgaZq1lv; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="CgaZq1lv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422764; x=1810958764; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=aDZKpalIG8poSUU5P/VEw+KG1TVNT7uoOGEiPHoS6Gs=; b=CgaZq1lvDfxAKlRdwnuaEMnYq+msF+bfFTc2DnmI8kgTs87ggYUCysd+ dXXifO5cFSaLPdeXLtE+aQ/PMMmiGf8f9xLMzLM6pW+CkLCY/kCACyG5R aTWuCzQQ2REt1RCi/wWXdFh4MnKdVigxTiUFCn2dRsMzVYKbM1FLA878k X6ieo83HhYe3Mwye7/i+L8p9Xrnh0wl0+yFpV1gqx1CzWoQCad7SyTE5I FMJBOJOg+svwH/LlcpGDmyWffZul4GJQAiNTv+0z4JQUd6leWWPUBtx2J WQ+srsUwizR+GnBLTH2UR4H1OaVpi9as6ayZGpns6/8WPh+xilIPDrzvn w==; X-CSE-ConnectionGUID: SaK3grsOSjKXpNwY0r+5DA== X-CSE-MsgGUID: 1/Sz5Sc8SPCVdZ3b51Ji2w== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528931" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528931" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:06:03 -0700 X-CSE-ConnectionGUID: Up3E0bjvTX2f1ygYn0sX3w== X-CSE-MsgGUID: 77W7QGREREC2Lx+oMDptPQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757953" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:05:59 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 14/15] x86/virt/tdx: Embed version info in SEAMCALL leaf function definitions Date: Fri, 22 May 2026 11:41:27 +0800 Message-Id: <20260522034128.3144354-15-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Embed version information in SEAMCALL leaf function definitions rather than let the caller open code them. For now, only TDH.VP.INIT is involved. Don't bother the caller to choose the SEAMCALL version if unnecessary. New version SEAMCALLs are guaranteed to be backward compatible, so ideally kernel doesn't need to keep version history and only uses the latest version SEAMCALLs. The concern is some old TDX Modules don't recognize new version SEAMCALLs. Multiple SEAMCALL versions co-exist when kernel should support these old Modules. As time goes by, the old Modules deprecate and old version SEAMCALL definitions should disappear. The old TDX Modules that only support TDH.VP.INIT v0 are all deprecated, so only provide the latest (v1) definition. Signed-off-by: Xu Yilun --- arch/x86/virt/vmx/tdx/tdx.h | 23 ++++++++++++++--------- arch/x86/virt/vmx/tdx/tdx.c | 4 ++-- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 01a7d7d8ada9..10aff23cd01f 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -2,6 +2,7 @@ #ifndef _X86_VIRT_TDX_H #define _X86_VIRT_TDX_H =20 +#include #include =20 /* @@ -11,6 +12,18 @@ * architectural definitions come first. */ =20 +/* + * SEAMCALL leaf: + * + * Bit 15:0 Leaf number + * Bit 23:16 Version number + */ +#define SEAMCALL_LEAF GENMASK(15, 0) +#define SEAMCALL_VER GENMASK(23, 16) + +#define SEAMCALL_LEAF_VER(l, v) (FIELD_PREP(SEAMCALL_LEAF, l) | \ + FIELD_PREP(SEAMCALL_VER, v)) + /* * TDX module SEAMCALL leaf functions */ @@ -31,7 +44,7 @@ #define TDH_VP_CREATE 10 #define TDH_MNG_KEY_FREEID 20 #define TDH_MNG_INIT 21 -#define TDH_VP_INIT 22 +#define TDH_VP_INIT SEAMCALL_LEAF_VER(22, 1) #define TDH_PHYMEM_PAGE_RDMD 24 #define TDH_VP_RD 26 #define TDH_PHYMEM_PAGE_RECLAIM 28 @@ -52,14 +65,6 @@ #define TDH_QUOTE_GET 98 #define TDH_QUOTE_INIT 100 =20 -/* - * SEAMCALL leaf: - * - * Bit 15:0 Leaf number - * Bit 23:16 Version number - */ -#define TDX_VERSION_SHIFT 16 - /* TDX page types */ #define PT_NDA 0x0 #define PT_RSVD 0x1 diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 821f677e9a86..f7600f930c6e 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -2217,8 +2217,8 @@ u64 tdh_vp_init(struct tdx_vp *vp, u64 initial_rcx, u= 32 x2apicid) .r8 =3D x2apicid, }; =20 - /* apicid requires version =3D=3D 1. */ - return seamcall(TDH_VP_INIT | (1ULL << TDX_VERSION_SHIFT), &args); + /* apicid requires version =3D=3D 1. See TDH_VP_INIT definition.*/ + return seamcall(TDH_VP_INIT, &args); } EXPORT_SYMBOL_FOR_KVM(tdh_vp_init); =20 --=20 2.25.1 From nobody Sun May 24 19:33:40 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8ED6B377007; Fri, 22 May 2026 04:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.16 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422768; cv=none; b=JSlIx+aRKoqSGfslgAa+cWOeSzFbNCkpz7d7QvN8F/NawCSrqMMufoVAXuGKABRi/s2W4I5u+cEvhay+dE4jP9ZMCTPJZJ4kNUjOlxn9Ds0XYwz92BEX7HOek3bXeyEw+2ffw/4K1y2j4t4De5xPVGPKpZeA1/0+PkzZSjN1SEM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779422768; c=relaxed/simple; bh=4Stvo2XFlVxPfHj+dM/JOUHcILSlwmXS/k3FEGF2pm8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=k+nHWkdBbuH9g6vVRYIkolr/OjcFeUDaRD2ahYyZhUcibGeUdacBzkvK4zJAB7dvmkqGQcB3nNcVyocxgfRE8poVSZtshhW2yJbNlRBJrka/6MGjXGg289QcEoTHIQmBJULtN9wrntiz/ZTFE66QvsePXjCxZWg/eQH4jCjMHCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=guvOn5v8; arc=none smtp.client-ip=198.175.65.16 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="guvOn5v8" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1779422767; x=1810958767; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4Stvo2XFlVxPfHj+dM/JOUHcILSlwmXS/k3FEGF2pm8=; b=guvOn5v89sf7M6AeFjoVjFk2otvx6Wj+bXsBkOci69v3EuzZS/NDpo6u StOIyAK8ZGaskELiSDe5Z/Tn3Fur7T8YeSOOEStJ0bjgv9vk47Jl58zvX 1SiLClevEUDBzaDp4DzfV87coguOCLjRZy4i7S3Bj17SD4/TuSvA+5HFy CECZrxF5TUzkKW0/GY0JYSoRTB8oG9EdW41SzduAVRANBIPKTO3s445Yk qy5Sa/E6SJEgQVHOJ/NTmPkiRMbffyVG7y9eHADaUCcx5JGY9T+kNb6wB jCCVxNYyGl9KybymFfqxUeC0QhfUIk8NQQ62yU+ioO5QtGbyZQzoqOnep w==; X-CSE-ConnectionGUID: OMak20nqSyqYGStRAUaSrA== X-CSE-MsgGUID: JiVAAdwsRcioseUdg+w/Bw== X-IronPort-AV: E=McAfee;i="6800,10657,11793"; a="80528936" X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="80528936" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa108.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 May 2026 21:06:07 -0700 X-CSE-ConnectionGUID: vdnPNLHdQyyext91gtCB5g== X-CSE-MsgGUID: msPiaawYRy+msVJ7kQJ89Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.24,161,1774335600"; d="scan'208";a="239757961" Received: from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165]) by orviesa006.jf.intel.com with ESMTP; 21 May 2026 21:06:03 -0700 From: Xu Yilun To: kas@kernel.org, djbw@kernel.org, rick.p.edgecombe@intel.com, x86@kernel.org, peter.fang@intel.com Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, sohil.mehta@intel.com, yilun.xu@intel.com, yilun.xu@linux.intel.com, baolu.lu@linux.intel.com, zhenzhong.duan@intel.com, xiaoyao.li@intel.com Subject: [RFC PATCH 15/15] x86/virt/tdx: Enable TDX Quoting extension Date: Fri, 22 May 2026 11:41:28 +0800 Message-Id: <20260522034128.3144354-16-yilun.xu@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20260522034128.3144354-1-yilun.xu@linux.intel.com> References: <20260522034128.3144354-1-yilun.xu@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Peter Fang Enable the TDX Quoting feature via TDH.SYS.CONFIG when supported by the TDX module. The TDX Quoting extension generates TDX attestation Quotes via a SEAMCALL, without using a discrete Quoting engine. TDX Module supports add-on TDX features (e.g. TDX Quoting & TDX Module Extensions) that should be manually enabled by host. It extends TDH.SYS.CONFIG for host to choose to enable them on bootup. Call TDH.SYS.CONFIG with a new bitmap input parameter to specify which features to enable. The bitmap uses the same definitions as TDX_FEATURES0. But note not all bits in TDX_FEATURES0 are valid for configuration, e.g. TDX Module Extensions is a service that supports TDX Quoting, it is implicitly enabled when TDX Quoting is enabled. Setting TDX_FEATURES0_EXT in the bitmap has no effect. TDX Module advances the version of TDH.SYS.CONFIG for the change, so use the latest version (v1) for add-on feature enabling. But supporting existing Modules which only support v0 is still necessary until they are deprecated. In fact, it is unlikely that TDH.SYS.CONFIG ever needs to change again and the code would stay in v1. So there is little value in worrying about deprecating v0 to save a couple lines of code in 5-7 years when these original TDX platforms sunset. TDX Module updates global metadata when add-on features are enabled. Host should update the cached tdx_sysinfo to reflect these changes. Co-developed-by: Xu Yilun Signed-off-by: Xu Yilun Signed-off-by: Peter Fang --- arch/x86/virt/vmx/tdx/tdx.h | 4 +++- arch/x86/virt/vmx/tdx/tdx.c | 24 ++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 10aff23cd01f..524a14c01aa6 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -58,7 +58,8 @@ #define TDH_PHYMEM_CACHE_WB 40 #define TDH_PHYMEM_PAGE_WBINVD 41 #define TDH_VP_WR 43 -#define TDH_SYS_CONFIG 45 +#define TDH_SYS_CONFIG_V0 45 +#define TDH_SYS_CONFIG SEAMCALL_LEAF_VER(TDH_SYS_CONFIG_V0, 1) #define TDH_EXT_INIT 60 #define TDH_EXT_MEM_ADD 61 #define TDH_SYS_DISABLE 69 @@ -97,6 +98,7 @@ struct tdmr_info { /* Bit definitions of TDX_FEATURES0 metadata field */ #define TDX_FEATURES0_NO_RBP_MOD BIT(18) #define TDX_FEATURES0_EXT BIT_ULL(39) +#define TDX_FEATURES0_QUOTE BIT_ULL(50) =20 /* * Do not put any hardware-defined TDX structure representations below diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index f7600f930c6e..86e5b7ad19b3 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1049,6 +1049,7 @@ static __init int construct_tdmrs(struct list_head *t= mb_list, static __init int config_tdx_module(struct tdmr_info_list *tdmr_list, u64 global_keyid) { + u64 seamcall_fn =3D TDH_SYS_CONFIG_V0; struct tdx_module_args args =3D {}; u64 *tdmr_pa_array; size_t array_sz; @@ -1074,8 +1075,22 @@ static __init int config_tdx_module(struct tdmr_info= _list *tdmr_list, args.rcx =3D __pa(tdmr_pa_array); args.rdx =3D tdmr_list->nr_consumed_tdmrs; args.r8 =3D global_keyid; - ret =3D seamcall_prerr(TDH_SYS_CONFIG, &args); =20 + if (tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_QUOTE) { + args.r9 |=3D TDX_FEATURES0_QUOTE; + /* These parameters require version >=3D 1 */ + seamcall_fn =3D TDH_SYS_CONFIG; + } + + ret =3D seamcall_prerr(seamcall_fn, &args); + if (ret) + goto free_tdmr; + + /* enabling TDX Quoting may change tdx_sysinfo, update it */ + if (tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_QUOTE) + ret =3D get_tdx_sys_info(&tdx_sysinfo); + +free_tdmr: /* Free the array as it is not required anymore. */ kfree(tdmr_pa_array); =20 @@ -1384,12 +1399,17 @@ static void tdx_quote_init(void) unsigned int nr_quote_pages; u64 r; =20 + if (!(tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_QUOTE)) + return; + do { r =3D seamcall(TDH_QUOTE_INIT, &args); } while (r =3D=3D TDX_INTERRUPTED_RESUMABLE); =20 - if (r) + if (r) { + pr_err("Failed to enable quoting extension: 0x%llx\n", r); return; + } =20 /* Quoting metadata is valid only after initialization */ if (get_tdx_sys_info_quote(&tdx_sysinfo.quote)) --=20 2.25.1