From: Chao Gao <chao.gao@intel.com>
To: "Huang, Kai" <kai.huang@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"kas@kernel.org" <kas@kernel.org>,
"seanjc@google.com" <seanjc@google.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"Weiny, Ira" <ira.weiny@intel.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"Verma, Vishal L" <vishal.l.verma@intel.com>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"sagis@google.com" <sagis@google.com>,
"Chen, Farrah" <farrah.chen@intel.com>,
"Duan, Zhenzhong" <zhenzhong.duan@intel.com>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
"paulmck@kernel.org" <paulmck@kernel.org>,
"Annapurve, Vishal" <vannapurve@google.com>,
"yilun.xu@linux.intel.com" <yilun.xu@linux.intel.com>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"bp@alien8.de" <bp@alien8.de>
Subject: Re: [PATCH v3 13/26] x86/virt/seamldr: Allocate and populate a module update request
Date: Wed, 28 Jan 2026 19:28:57 +0800 [thread overview]
Message-ID: <aXny+UkkEzU425k6@intel.com> (raw)
In-Reply-To: <fc3e72ec4443afd79ccade31e9e0036e645e567b.camel@intel.com>
On Tue, Jan 27, 2026 at 11:21:06AM +0800, Huang, Kai wrote:
>
>> +/*
>> + * Allocate and populate a seamldr_params.
>> + * Note that both @module and @sig should be vmalloc'd memory.
>> + */
>> +static struct seamldr_params *alloc_seamldr_params(const void *module, unsigned int module_size,
>> + const void *sig, unsigned int sig_size)
>> +{
>> + struct seamldr_params *params;
>> + const u8 *ptr;
>> + int i;
>> +
>> + BUILD_BUG_ON(sizeof(struct seamldr_params) != SZ_4K);
>> + if (module_size > SEAMLDR_MAX_NR_MODULE_4KB_PAGES * SZ_4K)
>> + return ERR_PTR(-EINVAL);
>> +
>> + if (!IS_ALIGNED(module_size, SZ_4K) || sig_size != SZ_4K ||
>> + !IS_ALIGNED((unsigned long)module, SZ_4K) ||
>> + !IS_ALIGNED((unsigned long)sig, SZ_4K))
>> + return ERR_PTR(-EINVAL);
>> +
>
>Based on the the blob format link below, we have
>
>struct tdx_blob
>{
> ...
> _u64 sigstruct[256]; // 2KB sigstruct,intel_tdx_module.so.sigstruct
> _u64 reserved2[256]; // Reserved space
> ...
>}
>
>So it's clear SIGSTRUCT is just 2KB and the second half 2KB is "reserved
>space".
>
>Why is the "reserved space" treated as part of SIGSTRUCT here?
Good question. Because the space is reserved for sigstruct expansion.
The __current__ SEAMLDR ABI accepts one 4KB page, but all __existing__
sigstructs are only 2KB. so, tdx_blob currently defines a 2KB sigstruct field
followed by 2KB of reserved space. We anticipate that sigstructs will
eventually exceed 4KB, so we added reserved3[N*512] to accommodate future
growth.
You're right. The current tdx_blob definition doesn't clearly indicate that
reserved2/3 are actually part of the sigstruct.
Does this revised tdx_blob definition make that clearer and better align with
this patch? The idea is to make tdx_blob generic enough to clearly represent:
a 4KB header, followed by 4KB-aligned sigstruct, followed by the TDX Module
binary. Current SEAMLDR ABI details or current sigstruct sizes are irrelevant.
struct tdx_blob
{
_u16 version; // Version number
_u16 checksum; // Checksum of the entire blob should be zero
_u32 offset_of_module; // Offset of the module binary intel_tdx_module.bin in bytes
_u8 signature[8]; // Must be "TDX-BLOB"
_u32 length; // The length in bytes of the entire blob
_u32 reserved0; // Reserved space
_u64 reserved1[509]; // Reserved space
_u64 sigstruct[512 + N*512]; // sigstruct, 4KB aligned
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
_u8 module[]; // intel_tdx_module.bin, 4KB aligned, to the end of the file
}
>
>> +
>> +/*
>> + * Intel TDX Module blob. Its format is defined at:
>> + * https://github.com/intel/tdx-module-binaries/blob/main/blob_structure.txt
>> + */
>> +struct tdx_blob {
>> + u16 version;
>> + u16 checksum;
>> + u32 offset_of_module;
>> + u8 signature[8];
>> + u32 len;
>> + u32 resv1;
>> + u64 resv2[509];
>
>Nit: Perhaps s/resv/rsvd ?
>
Sure. Will do.
>"#grep rsvd arch/x86 -Rn" gave me a bunch of results but "#grep resv" gave
>me much less (and part of the results were 'resvd' and 'resv_xx' instead of
>plain 'resv').
>
>> + u8 data[];
>> +} __packed;
>
>For this structure, I need to click the link and open it in a browser to
>understand where is the sigstruct and module, and ...
>
>> +static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
>> +{
>> + const struct tdx_blob *blob = (const void *)data;
>> + int module_size, sig_size;
>> + const void *sig, *module;
>> +
>> + if (blob->version != 0x100) {
>> + pr_err("unsupported blob version: %x\n", blob->version);
>> + return ERR_PTR(-EINVAL);
>> + }
>> +
>> + if (blob->resv1 || memchr_inv(blob->resv2, 0, sizeof(blob->resv2))) {
>> + pr_err("non-zero reserved fields\n");
>> + return ERR_PTR(-EINVAL);
>> + }
>> +
>> + /* Split the given blob into a sigstruct and a module */
>> + sig = blob->data;
>> + sig_size = blob->offset_of_module - sizeof(struct tdx_blob);
>> + module = data + blob->offset_of_module;
>> + module_size = size - blob->offset_of_module;
>> +
>
>... to see whether this code makes sense.
>
>I understand the
>
> ...
> u64 rsvd[N*512];
> u8 module[];
>
>is painful to be declared explicitly in 'struct tdx_blob' because IIUC we
>cannot put two flexible array members at the end of the structure.
Yes.
>
>But I think if we add 'sigstruct' to the 'struct tdx_blob', e.g.,
>
>struct tdx_blob {
> u16 version;
> ...
> u64 rsvd2[509];
> u64 sigstruct[256];
> u64 rsvd3[256];
> u64 data;
>} __packed;
>
>.. we can just use
>
> sig = blob->sigstruct;
> sig_size = 2K (or 4K I don't quite follow);
>
>which is clearer to read IMHO?
The problem is hard-coding the sigstruct size to 2KB/4KB. This will soon no
longer hold.
But
sig = blob->data;
sig_size = blob->offset_of_module - sizeof(struct tdx_blob);
doesn't make that assumption, making it more future-proof.
>
>> + return alloc_seamldr_params(module, module_size, sig, sig_size);
>> +}
>> +
>
>
>
next prev parent reply other threads:[~2026-01-28 11:29 UTC|newest]
Thread overview: 132+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-23 14:55 [PATCH v3 00/26] Runtime TDX Module update support Chao Gao
2026-01-23 14:55 ` [PATCH v3 01/26] x86/virt/tdx: Print SEAMCALL leaf numbers in decimal Chao Gao
2026-01-26 10:01 ` Tony Lindgren
2026-01-28 1:28 ` Binbin Wu
2026-01-28 16:26 ` Dave Hansen
2026-01-29 5:44 ` Chao Gao
2026-01-23 14:55 ` [PATCH v3 02/26] x86/virt/tdx: Use %# prefix for hex values in SEAMCALL error messages Chao Gao
2026-01-26 10:02 ` Tony Lindgren
2026-01-28 1:34 ` Binbin Wu
2026-01-28 12:16 ` Chao Gao
2026-01-28 15:18 ` Dave Hansen
2026-01-23 14:55 ` [PATCH v3 03/26] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2026-01-26 10:02 ` Tony Lindgren
2026-01-28 1:37 ` Binbin Wu
2026-01-28 12:42 ` Chao Gao
2026-01-28 16:31 ` Dave Hansen
2026-01-29 14:02 ` Chao Gao
2026-01-29 16:03 ` Dave Hansen
2026-01-28 16:37 ` Dave Hansen
2026-01-29 8:04 ` Chao Gao
2026-01-23 14:55 ` [PATCH v3 04/26] coco/tdx-host: Introduce a "tdx_host" device Chao Gao
2026-01-26 9:52 ` Tony Lindgren
2026-01-28 16:53 ` Dave Hansen
2026-01-28 3:24 ` Binbin Wu
2026-01-29 7:26 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 05/26] coco/tdx-host: Expose TDX Module version Chao Gao
2026-01-26 9:54 ` Tony Lindgren
2026-01-28 3:48 ` Binbin Wu
2026-01-28 17:01 ` Dave Hansen
2026-01-29 14:07 ` Chao Gao
2026-01-29 7:38 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 06/26] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs Chao Gao
2026-01-26 10:05 ` Tony Lindgren
2026-01-28 5:58 ` Binbin Wu
2026-01-28 23:03 ` Dave Hansen
2026-01-29 9:46 ` Xu Yilun
2026-01-29 16:08 ` Dave Hansen
2026-01-29 14:55 ` Chao Gao
2026-01-29 16:59 ` Dave Hansen
2026-01-23 14:55 ` [PATCH v3 07/26] x86/virt/seamldr: Introduce a wrapper for " Chao Gao
2026-01-26 10:12 ` Tony Lindgren
2026-01-28 6:38 ` Binbin Wu
2026-01-28 23:04 ` Dave Hansen
2026-01-30 8:08 ` Chao Gao
2026-01-30 16:23 ` Dave Hansen
2026-01-28 23:36 ` Dave Hansen
2026-01-30 13:21 ` Chao Gao
2026-01-30 16:18 ` Dave Hansen
2026-02-03 12:15 ` Chao Gao
2026-02-03 15:41 ` Sean Christopherson
2026-02-03 16:12 ` Dave Hansen
2026-02-03 23:54 ` Chao Gao
2026-02-05 16:29 ` Sean Christopherson
2026-02-05 16:37 ` Dave Hansen
2026-01-23 14:55 ` [PATCH v3 08/26] x86/virt/seamldr: Retrieve P-SEAMLDR information Chao Gao
2026-01-26 10:15 ` Tony Lindgren
2026-01-28 6:50 ` Binbin Wu
2026-01-28 23:54 ` Dave Hansen
2026-01-30 4:01 ` Xu Yilun
2026-01-30 16:35 ` Dave Hansen
2026-02-02 0:16 ` Xu Yilun
2026-01-30 13:55 ` Chao Gao
2026-01-30 16:06 ` Dave Hansen
2026-01-28 23:57 ` Dave Hansen
2026-01-30 13:30 ` Chao Gao
2026-01-23 14:55 ` [PATCH v3 09/26] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2026-01-26 9:56 ` Tony Lindgren
2026-01-28 3:07 ` Huang, Kai
2026-01-29 0:08 ` Dave Hansen
2026-01-30 14:44 ` Chao Gao
2026-01-30 16:02 ` Dave Hansen
2026-01-23 14:55 ` [PATCH v3 10/26] coco/tdx-host: Implement FW_UPLOAD sysfs ABI for TDX Module updates Chao Gao
2026-01-26 10:00 ` Tony Lindgren
2026-01-28 3:30 ` Huang, Kai
2026-01-30 14:07 ` Xu Yilun
2026-02-06 17:15 ` Xing, Cedric
2026-01-23 14:55 ` [PATCH v3 11/26] x86/virt/seamldr: Block TDX Module updates if any CPU is offline Chao Gao
2026-01-26 10:16 ` Tony Lindgren
2026-02-02 0:31 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 12/26] x86/virt/seamldr: Verify availability of slots for TDX Module updates Chao Gao
2026-01-26 10:17 ` Tony Lindgren
2026-01-23 14:55 ` [PATCH v3 13/26] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2026-01-26 10:23 ` Tony Lindgren
2026-01-27 3:21 ` Huang, Kai
2026-01-28 11:28 ` Chao Gao [this message]
2026-01-28 22:33 ` Huang, Kai
2026-01-28 4:03 ` Huang, Kai
2026-01-30 14:56 ` Chao Gao
2026-02-02 3:08 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 14/26] x86/virt/seamldr: Introduce skeleton for TDX Module updates Chao Gao
2026-01-26 10:28 ` Tony Lindgren
2026-02-02 6:01 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 15/26] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2026-01-26 10:31 ` Tony Lindgren
2026-02-02 6:08 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 16/26] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2026-01-26 10:42 ` Tony Lindgren
2026-02-02 6:31 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 17/26] x86/virt/tdx: Reset software states after TDX module shutdown Chao Gao
2026-01-26 10:43 ` Tony Lindgren
2026-01-23 14:55 ` [PATCH v3 18/26] x86/virt/seamldr: Log TDX Module update failures Chao Gao
2026-01-26 10:45 ` Tony Lindgren
2026-02-02 7:11 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 19/26] x86/virt/seamldr: Install a new TDX Module Chao Gao
2026-01-26 10:52 ` Tony Lindgren
2026-01-23 14:55 ` [PATCH v3 20/26] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2026-01-26 10:53 ` Tony Lindgren
2026-02-02 7:32 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 21/26] x86/virt/tdx: Establish contexts for the new TDX Module Chao Gao
2026-01-26 10:54 ` Tony Lindgren
2026-01-23 14:55 ` [PATCH v3 22/26] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2026-01-26 11:07 ` Tony Lindgren
2026-02-02 7:33 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 23/26] x86/virt/tdx: Enable TDX Module runtime updates Chao Gao
2026-01-26 11:14 ` Tony Lindgren
2026-02-04 10:03 ` Tony Lindgren
2026-02-02 7:41 ` Xu Yilun
2026-01-23 14:55 ` [PATCH v3 24/26] x86/virt/seamldr: Extend sigstruct to 16KB Chao Gao
2026-01-26 11:15 ` Tony Lindgren
2026-01-27 3:58 ` Huang, Kai
2026-01-28 23:01 ` Huang, Kai
2026-01-30 14:25 ` Chao Gao
2026-02-02 11:57 ` Huang, Kai
2026-01-23 14:55 ` [PATCH v3 25/26] x86/virt/tdx: Avoid updates during update-sensitive operations Chao Gao
2026-01-26 11:23 ` Tony Lindgren
2026-01-23 14:55 ` [PATCH v3 26/26] coco/tdx-host: Set and document TDX Module update expectations Chao Gao
2026-01-26 11:28 ` Tony Lindgren
2026-01-26 22:14 ` dan.j.williams
2026-01-27 12:17 ` Chao Gao
2026-01-27 17:23 ` dan.j.williams
2026-01-28 17:52 ` [PATCH v3 00/26] Runtime TDX Module update support Sagi Shahar
2026-01-29 1:51 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aXny+UkkEzU425k6@intel.com \
--to=chao.gao@intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=farrah.chen@intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=vannapurve@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.