Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217072/?format=api
{ "id": 2217072, "url": "http://patchwork.ozlabs.org/api/patches/2217072/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-26-yilun.xu@linux.intel.com/", "project": { "id": 28, "url": "http://patchwork.ozlabs.org/api/projects/28/?format=api", "name": "Linux PCI development", "link_name": "linux-pci", "list_id": "linux-pci.vger.kernel.org", "list_email": "linux-pci@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327160132.2946114-26-yilun.xu@linux.intel.com>", "list_archive_url": null, "date": "2026-03-27T16:01:26", "name": "[v2,25/31] x86/virt/tdx: Add SEAMCALL wrappers for SPDM management", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "cd601a4a65329070578c9dadd9a2bd8617f195c5", "submitter": { "id": 87470, "url": "http://patchwork.ozlabs.org/api/people/87470/?format=api", "name": "Xu Yilun", "email": "yilun.xu@linux.intel.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-pci/patch/20260327160132.2946114-26-yilun.xu@linux.intel.com/mbox/", "series": [ { "id": 497793, "url": "http://patchwork.ozlabs.org/api/series/497793/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-pci/list/?series=497793", "date": "2026-03-27T16:01:02", "name": "PCI/TSM: PCIe Link Encryption Establishment via TDX platform services", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/497793/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217072/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217072/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-pci+bounces-51311-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-pci@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=cItCTTno;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c04:e001:36c::12fc:5321; helo=tor.lore.kernel.org;\n envelope-from=linux-pci+bounces-51311-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=\"cItCTTno\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=198.175.65.14", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=linux.intel.com" ], "Received": [ "from tor.lore.kernel.org (tor.lore.kernel.org\n [IPv6:2600:3c04:e001:36c::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj5zZ216bz1y1x\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 28 Mar 2026 03:42:50 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby tor.lore.kernel.org (Postfix) with ESMTP id B184731AC430\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 27 Mar 2026 16:29:45 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id A860736214B;\n\tFri, 27 Mar 2026 16:24:07 +0000 (UTC)", "from mgamail.intel.com (mgamail.intel.com [198.175.65.14])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 44001401A30;\n\tFri, 27 Mar 2026 16:24:06 +0000 (UTC)", "from fmviesa006.fm.intel.com ([10.60.135.146])\n by orvoesa106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 27 Mar 2026 09:24:05 -0700", "from yilunxu-optiplex-7050.sh.intel.com ([10.239.159.165])\n by fmviesa006.fm.intel.com with ESMTP; 27 Mar 2026 09:24:02 -0700" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774628647; cv=none;\n b=ssk2EtSQA3Hd7MfRqJlPFDLMhtKocDcIgX4IGfbIpNSU2L95TlW0diuZ+g9OWW57bhUik8lkG/m+AQP+gdTVOS6Jr8C7zWAR6vG6GkXUVD4hjIBYMLU7AVQFdQulm6EUGdpyA3RNnNBijQQuqlrXo3yhSqj7tgNYynvz4JuxAnk=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774628647; c=relaxed/simple;\n\tbh=d5v7kombDkpimMLhqFIFaDnGOds7NdDu5NS7qDGKkQQ=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=GJb9flL6xva3WJtF1vHe5xRr/NtQ3oCNM0rutGYHS9EIufu6zKgQlkpzOmlRfbAjmnIWolcay4u73xzUCKSSXQGu2fv2nvMs5F2T/2ntcBWVtWMotg6eCAVgh/wg674svs5H/FwcVlrjIFlZJ5/qjhE0izDSzHBfJmkbkT2dprI=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=linux.intel.com;\n spf=pass smtp.mailfrom=linux.intel.com;\n dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com\n header.b=cItCTTno; arc=none smtp.client-ip=198.175.65.14", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n t=1774628646; x=1806164646;\n h=from:to:cc:subject:date:message-id:in-reply-to:\n references:mime-version:content-transfer-encoding;\n bh=d5v7kombDkpimMLhqFIFaDnGOds7NdDu5NS7qDGKkQQ=;\n b=cItCTTno3cWJQBKSSyco1N9pQ12QOIO6n7k4ZTTZNp8QEvzzXFBv8vbN\n J4kbhUTBld5M9MWkQr8hD8xWs6k21bxE61YTJGG0k7jKwWntjubXjCcJN\n If1PT6y18djYE6cb2nFXkxKvc33DM/lLPuVkwO5b7+nfWbLBI9ar0HcEF\n /cQmSGXeRRjBzv5fybldDQHafntyIfKEmU/n8DeGGWkFsMiQ/rzTzW+W8\n 9MYxaqeA7F6+BL9MRJKY9FWjAt0eqLYw4yhE/L61YPypKrwk9DndjGV13\n lI6yyQD5uULGi0X1bcoay6OV0t7pnCD+QY7aKB9VH1nT5yqLrWyb/kMUG\n g==;", "X-CSE-ConnectionGUID": [ "E5CfgM7CQH23y/CaAlNTSA==", "uPp5MI4jQcKo/WTcMstNsw==" ], "X-CSE-MsgGUID": [ "loGfHvF6TUyUKha8c4Fk5A==", "fmhf5p5NSIGthkwPzkRFIw==" ], "X-IronPort-AV": [ "E=McAfee;i=\"6800,10657,11741\"; a=\"79565666\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"79565666\"", "E=Sophos;i=\"6.23,144,1770624000\";\n d=\"scan'208\";a=\"220516357\"" ], "X-ExtLoop1": "1", "From": "Xu Yilun <yilun.xu@linux.intel.com>", "To": "linux-coco@lists.linux.dev,\n\tlinux-pci@vger.kernel.org,\n\tdan.j.williams@intel.com,\n\tx86@kernel.org", "Cc": "chao.gao@intel.com,\n\tdave.jiang@intel.com,\n\tbaolu.lu@linux.intel.com,\n\tyilun.xu@linux.intel.com,\n\tyilun.xu@intel.com,\n\tzhenzhong.duan@intel.com,\n\tkvm@vger.kernel.org,\n\trick.p.edgecombe@intel.com,\n\tdave.hansen@linux.intel.com,\n\tkas@kernel.org,\n\txiaoyao.li@intel.com,\n\tvishal.l.verma@intel.com,\n\tlinux-kernel@vger.kernel.org", "Subject": "[PATCH v2 25/31] x86/virt/tdx: Add SEAMCALL wrappers for SPDM\n management", "Date": "Sat, 28 Mar 2026 00:01:26 +0800", "Message-Id": "<20260327160132.2946114-26-yilun.xu@linux.intel.com>", "X-Mailer": "git-send-email 2.25.1", "In-Reply-To": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "References": "<20260327160132.2946114-1-yilun.xu@linux.intel.com>", "Precedence": "bulk", "X-Mailing-List": "linux-pci@vger.kernel.org", "List-Id": "<linux-pci.vger.kernel.org>", "List-Subscribe": "<mailto:linux-pci+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-pci+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "From: Zhenzhong Duan <zhenzhong.duan@intel.com>\n\nAdd several SEAMCALL wrappers for SPDM management. TDX Module requires\nHPA_ARRAY_T structure as input/output parameters for these SEAMCALLs.\nSo use tdx_page_array for these wrappers.\n\n- TDH.SPDM.CREATE creates SPDM session metadata buffers for TDX Module.\n- TDH.SPDM.DELETE destroys SPDM session metadata and returns these\n buffers to host, after checking no reference attached to the metadata.\n- TDH.SPDM.CONNECT establishes a new SPDM session with the device.\n- TDH.SPDM.DISCONNECT tears down the SPDM session with the device.\n- TDH.SPDM.MNG supports three SPDM runtime operations: HEARTBEAT,\n KEY_UPDATE and DEV_INFO_RECOLLECTION.\n\nCo-developed-by: Xu Yilun <yilun.xu@linux.intel.com>\nSigned-off-by: Xu Yilun <yilun.xu@linux.intel.com>\nSigned-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>\n---\n arch/x86/include/asm/tdx.h | 13 ++++\n arch/x86/virt/vmx/tdx/tdx.h | 5 ++\n arch/x86/virt/vmx/tdx/tdx.c | 114 +++++++++++++++++++++++++++++++++++-\n 3 files changed, 130 insertions(+), 2 deletions(-)", "diff": "diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h\nindex a59e0e43e465..8abdad084972 100644\n--- a/arch/x86/include/asm/tdx.h\n+++ b/arch/x86/include/asm/tdx.h\n@@ -247,6 +247,19 @@ u64 tdh_phymem_page_wbinvd_tdr(struct tdx_td *td);\n u64 tdh_phymem_page_wbinvd_hkid(u64 hkid, struct page *page);\n u64 tdh_iommu_setup(u64 vtbar, struct tdx_page_array *iommu_mt, u64 *iommu_id);\n u64 tdh_iommu_clear(u64 iommu_id, struct tdx_page_array *iommu_mt);\n+u64 tdh_spdm_create(u64 func_id, struct tdx_page_array *spdm_mt, u64 *spdm_id);\n+u64 tdh_spdm_delete(u64 spdm_id, struct tdx_page_array *spdm_mt,\n+\t\t unsigned int *nr_released, u64 *released_hpa);\n+u64 tdh_exec_spdm_connect(u64 spdm_id, struct page *spdm_conf,\n+\t\t\t struct page *spdm_rsp, struct page *spdm_req,\n+\t\t\t struct tdx_page_array *spdm_out,\n+\t\t\t u64 *spdm_req_or_out_len);\n+u64 tdh_exec_spdm_disconnect(u64 spdm_id, struct page *spdm_rsp,\n+\t\t\t struct page *spdm_req, u64 *spdm_req_len);\n+u64 tdh_exec_spdm_mng(u64 spdm_id, u64 spdm_op, struct page *spdm_param,\n+\t\t struct page *spdm_rsp, struct page *spdm_req,\n+\t\t struct tdx_page_array *spdm_out,\n+\t\t u64 *spdm_req_or_out_len);\n #else\n static inline void tdx_init(void) { }\n static inline int tdx_cpu_enable(void) { return -ENODEV; }\ndiff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h\nindex b25c418f6e61..4784db2d1d92 100644\n--- a/arch/x86/virt/vmx/tdx/tdx.h\n+++ b/arch/x86/virt/vmx/tdx/tdx.h\n@@ -64,6 +64,11 @@\n #define TDH_EXT_MEM_ADD\t\t\t61\n #define TDH_IOMMU_SETUP\t\t\t128\n #define TDH_IOMMU_CLEAR\t\t\t129\n+#define TDH_SPDM_CREATE\t\t\t130\n+#define TDH_SPDM_DELETE\t\t\t131\n+#define TDH_SPDM_CONNECT\t\t142\n+#define TDH_SPDM_DISCONNECT\t\t143\n+#define TDH_SPDM_MNG\t\t\t144\n \n /* TDX page types */\n #define\tPT_NDA\t\t0x0\ndiff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c\nindex 790713881f1f..02882c2ad177 100644\n--- a/arch/x86/virt/vmx/tdx/tdx.c\n+++ b/arch/x86/virt/vmx/tdx/tdx.c\n@@ -654,7 +654,7 @@ static u64 hpa_list_info_assign_raw(struct tdx_page_array *array)\n #define HPA_ARRAY_T_PFN\t\tGENMASK_U64(51, 12)\n #define HPA_ARRAY_T_SIZE\tGENMASK_U64(63, 55)\n \n-static u64 __maybe_unused hpa_array_t_assign_raw(struct tdx_page_array *array)\n+static u64 hpa_array_t_assign_raw(struct tdx_page_array *array)\n {\n \tunsigned long pfn;\n \n@@ -667,7 +667,7 @@ static u64 __maybe_unused hpa_array_t_assign_raw(struct tdx_page_array *array)\n \t FIELD_PREP(HPA_ARRAY_T_SIZE, array->nents - 1);\n }\n \n-static u64 __maybe_unused hpa_array_t_release_raw(struct tdx_page_array *array)\n+static u64 hpa_array_t_release_raw(struct tdx_page_array *array)\n {\n \tif (array->nents == 1)\n \t\treturn 0;\n@@ -2107,6 +2107,15 @@ static u64 __seamcall_ir_resched(sc_func_t sc_func, u64 fn,\n #define seamcall_ret_ir_resched(fn, args)\t\\\n \t__seamcall_ir_resched(__seamcall_ret, fn, args)\n \n+/*\n+ * seamcall_ret_ir_exec() aliases seamcall_ret_ir_resched() for\n+ * documentation purposes. It documents the TDX Module extension\n+ * seamcalls that are long running / hard-irq preemptible flows that\n+ * generate events. The calls using seamcall_ret_ir_resched() are long\n+ * running flows, that periodically yield.\n+ */\n+#define seamcall_ret_ir_exec seamcall_ret_ir_resched\n+\n noinstr u64 tdh_vp_enter(struct tdx_vp *td, struct tdx_module_args *args)\n {\n \targs->rcx = td->tdvpr_pa;\n@@ -2506,3 +2515,104 @@ u64 tdh_iommu_clear(u64 iommu_id, struct tdx_page_array *iommu_mt)\n \treturn seamcall_ret_ir_resched(TDH_IOMMU_CLEAR, &args);\n }\n EXPORT_SYMBOL_FOR_MODULES(tdh_iommu_clear, \"tdx-host\");\n+\n+u64 tdh_spdm_create(u64 func_id, struct tdx_page_array *spdm_mt, u64 *spdm_id)\n+{\n+\tstruct tdx_module_args args = {\n+\t\t.rcx = func_id,\n+\t\t.rdx = hpa_array_t_assign_raw(spdm_mt)\n+\t};\n+\tu64 r;\n+\n+\ttdx_clflush_page_array(spdm_mt);\n+\n+\tr = seamcall_ret(TDH_SPDM_CREATE, &args);\n+\n+\t*spdm_id = args.rcx;\n+\n+\treturn r;\n+}\n+EXPORT_SYMBOL_FOR_MODULES(tdh_spdm_create, \"tdx-host\");\n+\n+u64 tdh_spdm_delete(u64 spdm_id, struct tdx_page_array *spdm_mt,\n+\t\t unsigned int *nr_released, u64 *released_hpa)\n+{\n+\tstruct tdx_module_args args = {\n+\t\t.rcx = spdm_id,\n+\t\t.rdx = hpa_array_t_release_raw(spdm_mt),\n+\t};\n+\tu64 r;\n+\n+\tr = seamcall_ret(TDH_SPDM_DELETE, &args);\n+\tif (r != TDX_SUCCESS)\n+\t\treturn r;\n+\n+\t*nr_released = FIELD_GET(HPA_ARRAY_T_SIZE, args.rcx) + 1;\n+\t*released_hpa = FIELD_GET(HPA_ARRAY_T_PFN, args.rcx) << PAGE_SHIFT;\n+\n+\treturn r;\n+}\n+EXPORT_SYMBOL_FOR_MODULES(tdh_spdm_delete, \"tdx-host\");\n+\n+u64 tdh_exec_spdm_connect(u64 spdm_id, struct page *spdm_conf,\n+\t\t\t struct page *spdm_rsp, struct page *spdm_req,\n+\t\t\t struct tdx_page_array *spdm_out,\n+\t\t\t u64 *spdm_req_or_out_len)\n+{\n+\tstruct tdx_module_args args = {\n+\t\t.rcx = spdm_id,\n+\t\t.rdx = page_to_phys(spdm_conf),\n+\t\t.r8 = page_to_phys(spdm_rsp),\n+\t\t.r9 = page_to_phys(spdm_req),\n+\t\t.r10 = hpa_array_t_assign_raw(spdm_out),\n+\t};\n+\tu64 r;\n+\n+\tr = seamcall_ret_ir_exec(TDH_SPDM_CONNECT, &args);\n+\n+\t*spdm_req_or_out_len = args.rcx;\n+\n+\treturn r;\n+}\n+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_connect, \"tdx-host\");\n+\n+u64 tdh_exec_spdm_disconnect(u64 spdm_id, struct page *spdm_rsp,\n+\t\t\t struct page *spdm_req, u64 *spdm_req_len)\n+{\n+\tstruct tdx_module_args args = {\n+\t\t.rcx = spdm_id,\n+\t\t.rdx = page_to_phys(spdm_rsp),\n+\t\t.r8 = page_to_phys(spdm_req),\n+\t};\n+\tu64 r;\n+\n+\tr = seamcall_ret_ir_exec(TDH_SPDM_DISCONNECT, &args);\n+\n+\t*spdm_req_len = args.rcx;\n+\n+\treturn r;\n+}\n+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_disconnect, \"tdx-host\");\n+\n+u64 tdh_exec_spdm_mng(u64 spdm_id, u64 spdm_op, struct page *spdm_param,\n+\t\t struct page *spdm_rsp, struct page *spdm_req,\n+\t\t struct tdx_page_array *spdm_out,\n+\t\t u64 *spdm_req_or_out_len)\n+{\n+\tstruct tdx_module_args args = {\n+\t\t.rcx = spdm_id,\n+\t\t.rdx = spdm_op,\n+\t\t.r8 = spdm_param ? page_to_phys(spdm_param) : -1,\n+\t\t.r9 = page_to_phys(spdm_rsp),\n+\t\t.r10 = page_to_phys(spdm_req),\n+\t\t.r11 = spdm_out ? hpa_array_t_assign_raw(spdm_out) : -1,\n+\t};\n+\tu64 r;\n+\n+\tr = seamcall_ret_ir_exec(TDH_SPDM_MNG, &args);\n+\n+\t*spdm_req_or_out_len = args.rcx;\n+\n+\treturn r;\n+}\n+EXPORT_SYMBOL_FOR_MODULES(tdh_exec_spdm_mng, \"tdx-host\");\n", "prefixes": [ "v2", "25/31" ] }