Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217056/?format=api
{ "id": 2217056, "url": "http://patchwork.ozlabs.org/api/patches/2217056/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-12-yilun.xu@linux.intel.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327160132.2946114-12-yilun.xu@linux.intel.com>", "list_archive_url": null, "date": "2026-03-27T16:01:12", "name": "[v2,11/31] x86/virt/tdx: Make TDX Module initialize Extensions", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "0e63ddc49244231c3dc13a25b180a52175eb3f62", "submitter": { "id": 87470, "url": "http://patchwork.ozlabs.org/api/people/87470/?format=api", "name": "Xu Yilun", "email": "yilun.xu@linux.intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-12-yilun.xu@linux.intel.com/mbox/", "series": [ { "id": 497793, "url": "http://patchwork.ozlabs.org/api/series/497793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=497793", "date": "2026-03-27T16:01:02", "name": "PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/497793/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217056/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217056/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-51297-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=GfViFb8a;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-pci+bounces-51297-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"GfViFb8a\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.14", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj5mf2Dr6z1y1P\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 03:33:22 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id 8893D30D6F0D\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 27 Mar 2026 16:25:47 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 8648136CE0E;\n\tFri, 27 Mar 2026 16:23:15 +0000 (UTC)", "from mgamail.intel.com (mgamail.intel.com [198.175.65.14])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D25A36BCFD;\n\tFri, 27 Mar 2026 16:23:14 +0000 (UTC)", "from fmviesa006.fm.intel.com ([10.60.135.146])\n by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 27 Mar 2026 09:23:13 -0700", "from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165])\n by fmviesa006.fm.intel.com with ESMTP; 27 Mar 2026 09:23:10 -0700" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774628595; cv=none;\n b=uim0lkKR+bUUZ9mZPNd0ZIIo0TGCCXCFwciCenH5uxH1c6GzspHeCbWfiokFgs0VqSVCThdDx5OEZSfCmo8BZY0hvP2HQWYeAMHiKhcclJomtCNObkh5CAtJ1xCUC+mBgDq4XOKZ6Bg3JpziGAnKNifseQc0vsGD8IGApk3yy/M=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774628595; c=relaxed/simple;\n\tbh=z5CL/0DGGrz7pQMCfp9DD/99lRybVld0TfABDp+3gMk=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=W71jCwErjXUa+ItNWyY3cSR+YyLGy1HDzf92lqR8w2R02ofR+PKGDTGtsBeQE95XyjydODoxRmEG4O4OtARSZESko5kTeG5Eps7GcWtyZZr3tWw9zILqWHv1fR1ZlvdlsBm3kxNy6IQ45AAoYdQCqka+PBf+g92hLGTYizsOQJw=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=GfViFb8a; arc=none smtp.client-ip=198.175.65.14", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1774628593; x=1806164593;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=z5CL/0DGGrz7pQMCfp9DD/99lRybVld0TfABDp+3gMk=;\n b=GfViFb8aUHoyYwhxZNtaocQ3sjQdWtAbnRUJc1snC8VsmaY/nd1B5IiL\n ZOvMMY5FidSdBECKU6geySpyHzNBGsRkNZEzBM6wI9HaQkckvxT7/XGTa\n vgMWsBGs7Sq3iAh/ST8AlcBMBzHO2XjaqD4lqkREaQEYrtTLLAlI1cvnQ\n /NSM7tKurWbKHWv+mHiD/lFhVSkjO0OuKQnfgtrcETyOhcddDWRBXBa99\n OG9uu767Klc/4nbCl+SJHejpDgRfZS/1UISKQzmMkkB2ToLVATPmX3WUz\n USIWAGo/EkFktijL+hI7x+wE3GT3rDlg0+/I2InkZMG59Iw3ps00CmpIe\n Q==;", "X-CSE-ConnectionGUID": [ "OoKRgvbcQBW1pOLX8eLdLA==", "BK74wRU+T86K0QGGrRTlww==" ], "X-CSE-MsgGUID": [ "7hxR6OkMSaiOszx05MH3lQ==", "V54k45S2Ro+2cOJ3jO7Q6g==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11741\"; a=\"79565554\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"79565554\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"220516201\"" ], "X-ExtLoop1": "1", "From": "Xu Yilun <yilun.xu@linux.intel.com>", "To": "linux-coco@lists.linux.dev,\n\tlinux-pci@vger.kernel.org,\n\tdan.j.williams@intel.com,\n\tx86@kernel.org", "Cc": "chao.gao@intel.com,\n\tdave.jiang@intel.com,\n\tbaolu.lu@linux.intel.com,\n\tyilun.xu@linux.intel.com,\n\tyilun.xu@intel.com,\n\tzhenzhong.duan@intel.com,\n\tkvm@vger.kernel.org,\n\trick.p.edgecombe@intel.com,\n\tdave.hansen@linux.intel.com,\n\tkas@kernel.org,\n\txiaoyao.li@intel.com,\n\tvishal.l.verma@intel.com,\n\tlinux-kernel@vger.kernel.org", "Subject": "[PATCH v2 11/31] x86/virt/tdx: Make TDX Module initialize Extensions", "Date": "Sat, 28 Mar 2026 00:01:12 +0800", "Message-Id": "<20260327160132.2946114-12-yilun.xu@linux.intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "References": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "After providing all required memory to TDX Module, initialize the\nExtensions via TDH.EXT.INIT, and then Extension-SEAMCALLs can be used.\n\nThe initialization of Extensions touches the required memory (previously\nprovided by TDH.EXT.MEM.ADD) in private manner. If failed, flush cache\nbefore freeing these memory, to avoid private cache write back damages\nthe shared pages.\n\nTDX should use movdir64b to clear private pages when reclaiming them on\nolder platforms with the X86_BUG_TDX_PW_MCE erratum. For simplicity,\ndon't expect this errata on any TDX Extensions supported platform. So\nTDX Extensions & all features that require TDX Extensions (e.g. TDX\nConnect) will not call the clearing helpers.\n\nNote the \"ext_required\" global metadata specifies if TDH.EXT.INIT call\nis needed. If 0, the Extensions are already working, so skip the SEAMCALL.\n\nCo-developed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>\nSigned-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>\nSigned-off-by: Xu Yilun <yilun.xu@linux.intel.com>\n---\n arch/x86/virt/vmx/tdx/tdx.h | 1 +\n arch/x86/virt/vmx/tdx/tdx.c | 45 +++++++++++++++++++++++++++++++++++++\n 2 files changed, 46 insertions(+)", "diff": "diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h\nindex 31ccdfcf518c..a26fe94c07ff 100644\n--- a/arch/x86/virt/vmx/tdx/tdx.h\n+++ b/arch/x86/virt/vmx/tdx/tdx.h\n@@ -60,6 +60,7 @@\n #define TDH_VP_WR\t\t\t43\n #define TDH_SYS_CONFIG_V0\t\t45\n #define TDH_SYS_CONFIG\t\t\tSEAMCALL_LEAF_VER(TDH_SYS_CONFIG_V0, 1)\n+#define TDH_EXT_INIT\t\t\t60\n #define TDH_EXT_MEM_ADD\t\t\t61\n \n /* TDX page types */\ndiff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c\nindex 5fae17c13191..4134f92425da 100644\n--- a/arch/x86/virt/vmx/tdx/tdx.c\n+++ b/arch/x86/virt/vmx/tdx/tdx.c\n@@ -1519,6 +1519,23 @@ static void tdx_clflush_page_array(struct tdx_page_array *array)\n \t\ttdx_clflush_page(array->pages[array->offset + i]);\n }\n \n+/* Initialize the TDX Module Extensions then Extension-SEAMCALLs can be used */\n+static int tdx_ext_init(void)\n+{\n+\tstruct tdx_module_args args = {};\n+\tu64 r;\n+\n+\tdo {\n+\t\tr = seamcall(TDH_EXT_INIT, &args);\n+\t\tcond_resched();\n+\t} while (r == TDX_INTERRUPTED_RESUMABLE);\n+\n+\tif (r != TDX_SUCCESS)\n+\t\treturn -EFAULT;\n+\n+\treturn 0;\n+}\n+\n static int tdx_ext_mem_add(struct tdx_page_array *ext_mem)\n {\n \tstruct tdx_module_args args = {\n@@ -1572,6 +1589,17 @@ static int __maybe_unused init_tdx_ext(void)\n \tif (!(tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_EXT))\n \t\treturn 0;\n \n+\t/*\n+\t * With this errata, TDX should use movdir64b to clear private pages\n+\t * when reclaiming them. See tdx_quirk_reset_paddr().\n+\t *\n+\t * Don't expect this errata on any TDX Extensions supported platform.\n+\t * All features require TDX Extensions (including TDX Extensions\n+\t * itself) will never call tdx_quirk_reset_paddr().\n+\t */\n+\tif (boot_cpu_has_bug(X86_BUG_TDX_PW_MCE))\n+\t\treturn -ENXIO;\n+\n \tnr_pages = tdx_sysinfo.ext.memory_pool_required_pages;\n \t/*\n \t * memory_pool_required_pages == 0 means no need to add more pages,\n@@ -1587,6 +1615,20 @@ static int __maybe_unused init_tdx_ext(void)\n \t\t\tgoto out_ext_mem;\n \t}\n \n+\t/*\n+\t * ext_required == 0 means no need to call TDH.EXT.INIT, the Extensions\n+\t * are already working.\n+\t */\n+\tif (tdx_sysinfo.ext.ext_required) {\n+\t\tret = tdx_ext_init();\n+\t\t/*\n+\t\t * Some pages may have been touched by the TDX module.\n+\t\t * Flush cache before returning these pages to kernel.\n+\t\t */\n+\t\tif (ret)\n+\t\t\tgoto out_flush;\n+\t}\n+\n \t/* Extension memory is never reclaimed once assigned */\n \ttdx_page_array_ctrl_leak(ext_mem);\n \n@@ -1595,6 +1637,9 @@ static int __maybe_unused init_tdx_ext(void)\n \n \treturn 0;\n \n+out_flush:\n+\tif (ext_mem)\n+\t\twbinvd_on_all_cpus();\n out_ext_mem:\n \ttdx_page_array_free(ext_mem);\n \n", "prefixes": [ "v2", "11/31" ] }