From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4AF713F2114 for ; Tue, 31 Mar 2026 12:43:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774961022; cv=none; b=JeA3sOx8dyLGb+20Z4Pzi1x2D+gvW84VhMkx++XLebUpZnYLtM4mL6xcPRCHu51G9gCid3sJOeKOOfdg63Hv2zV976wqxNncVZQrxbP9gJBeKRcUitC/79JmwlZgB9vPVQRDFzbqV/oW8mZeyePepnBjg7EsQ7owny+CxRVczqY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774961022; c=relaxed/simple; bh=IKMY/tSbdxykw6FYlujcG8NUzhWOU1YAtZSS3GV2i9w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TrB9TJkh9Swj5N5aIFd1V9xL4o/Yw3N0O5A4AFw6Znkt1jKeqkZGMnemJjZJI5MngRDIp4ThEFfKp/iiu04yqwg3LUpnIziTXkDfZrpv/ybayhk+PziTfys3y10vg/gpzR79yYrskTtgRESdIpYUx2+hYZx3DGNYFlV6Z+qGomE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=G/wd66hz; arc=none smtp.client-ip=192.198.163.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="G/wd66hz" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1774961021; x=1806497021; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=IKMY/tSbdxykw6FYlujcG8NUzhWOU1YAtZSS3GV2i9w=; b=G/wd66hzb4TpQmt5D0Q5TWTgAqTeOPhGyLw0KYRg1B++vrm3jlUPttQa muHBTIl/Z+QInjhx6/WetPGyxhzqsm3CgnRCULEVMW4OBrL1K75wwH5h7 +xGfeYLu5m2t79sVUutuXv5FRynp524Y0UngI5nKtJWpwJbo4Ifq335e6 2YejAvBKzaYLDgInrNLqfWfAxzD8p0zTxCMGx7HVI2tht2Rgz4mNuWW85 vAvDHt9iEWWjAsZiWG/ryv8W3JF6FVaFqvqQcuwOuHpHumHyp4OeUTpkd Fz8LnzvbNq84BfGPgzUftLVWe5M8bNq6pfoiSdSv35w+cRH4v4nRuSff2 Q==; X-CSE-ConnectionGUID: fhhCh1KgThC6N884mhcZrg== X-CSE-MsgGUID: xhiVENXTRwO3i1tc3jLwng== X-IronPort-AV: E=McAfee;i="6800,10657,11745"; a="76084582" X-IronPort-AV: E=Sophos;i="6.23,151,1770624000"; d="scan'208";a="76084582" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa109.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2026 05:43:41 -0700 X-CSE-ConnectionGUID: 7lQCuL7DQia4MihzwAwDWA== X-CSE-MsgGUID: 6+YXZY9NQcCAx7Qi0kOXgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,151,1770624000"; d="scan'208";a="221492224" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2026 05:43:40 -0700 From: Chao Gao To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-coco@lists.linux.dev Cc: binbin.wu@linux.intel.com, dan.j.williams@intel.com, dave.hansen@linux.intel.com, ira.weiny@intel.com, kai.huang@intel.com, kas@kernel.org, nik.borisov@suse.com, paulmck@kernel.org, pbonzini@redhat.com, reinette.chatre@intel.com, rick.p.edgecombe@intel.com, sagis@google.com, seanjc@google.com, tony.lindgren@linux.intel.com, vannapurve@google.com, vishal.l.verma@intel.com, yilun.xu@linux.intel.com, xiaoyao.li@intel.com, yan.y.zhao@intel.com, Chao Gao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Subject: [PATCH v7 18/22] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum Date: Tue, 31 Mar 2026 05:41:31 -0700 Message-ID: <20260331124214.117808-19-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260331124214.117808-1-chao.gao@intel.com> References: <20260331124214.117808-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some TDX-capable CPUs have an erratum, as documented in IntelĀ® Trust Domain CPU Architectural Extensions (May 2021 edition) Chapter 2.3: SEAMRET from the P-SEAMLDR clears the current VMCS structure pointed to by the current-VMCS pointer. A VMM that invokes the P-SEAMLDR using SEAMCALL must reload the current-VMCS, if required, using the VMPTRLD instruction. Clearing the current VMCS behind KVM's back will break KVM. This erratum is not present when IA32_VMX_BASIC[60] is set. Add a CPU bug bit for this erratum and refuse to expose P-SEAMLDR features (e.g., TDX module updates) on affected CPUs. == Alternatives == Two workarounds were considered but both were rejected: 1. Save/restore the current VMCS around P-SEAMLDR calls. This produces ugly assembly code [1] and doesn't play well with #MCE or #NMI if they need to use the current VMCS. 2. Move KVM's VMCS tracking logic to the TDX core code, which would break the boundary between KVM and the TDX core code [2]. Signed-off-by: Chao Gao Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Link: https://lore.kernel.org/kvm/fedb3192-e68c-423c-93b2-a4dc2f964148@intel.com/ # [1] Link: https://lore.kernel.org/kvm/aYIXFmT-676oN6j0@google.com/ # [2] --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/vmx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 11 +++++++++++ drivers/virt/coco/tdx-host/tdx-host.c | 8 ++++++++ 4 files changed, 21 insertions(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index dbe104df339b..377d009b7e2e 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -572,4 +572,5 @@ #define X86_BUG_ITS_NATIVE_ONLY X86_BUG( 1*32+ 8) /* "its_native_only" CPU is affected by ITS, VMX is not affected */ #define X86_BUG_TSA X86_BUG( 1*32+ 9) /* "tsa" CPU is affected by Transient Scheduler Attacks */ #define X86_BUG_VMSCAPE X86_BUG( 1*32+10) /* "vmscape" CPU is affected by VMSCAPE attacks from guests */ +#define X86_BUG_SEAMRET_INVD_VMCS X86_BUG( 1*32+11) /* "seamret_invd_vmcs" SEAMRET from P-SEAMLDR clears the current VMCS */ #endif /* _ASM_X86_CPUFEATURES_H */ diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index b92ff87e3560..a5a5b373ec42 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -136,6 +136,7 @@ #define VMX_BASIC_INOUT BIT_ULL(54) #define VMX_BASIC_TRUE_CTLS BIT_ULL(55) #define VMX_BASIC_NO_HW_ERROR_CODE_CC BIT_ULL(56) +#define VMX_BASIC_NO_SEAMRET_INVD_VMCS BIT_ULL(60) static inline u32 vmx_basic_vmcs_revision_id(u64 vmx_basic) { diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index d144860e17c2..92ab1d98e1b8 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -39,6 +39,7 @@ #include #include #include +#include #include "seamcall_internal.h" #include "tdx.h" @@ -1462,6 +1463,8 @@ static struct notifier_block tdx_memory_nb = { static void __init check_tdx_erratum(void) { + u64 basic_msr; + /* * These CPUs have an erratum. A partial write from non-TD * software (e.g. via MOVNTI variants or UC/WC mapping) to TDX @@ -1473,6 +1476,14 @@ static void __init check_tdx_erratum(void) case INTEL_EMERALDRAPIDS_X: setup_force_cpu_bug(X86_BUG_TDX_PW_MCE); } + + /* + * Some TDX-capable CPUs have an erratum where the current VMCS is + * cleared after calling into P-SEAMLDR. + */ + rdmsrq(MSR_IA32_VMX_BASIC, basic_msr); + if (!(basic_msr & VMX_BASIC_NO_SEAMRET_INVD_VMCS)) + setup_force_cpu_bug(X86_BUG_SEAMRET_INVD_VMCS); } void __init tdx_init(void) diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c index 746a5eef004d..71ea94da8e22 100644 --- a/drivers/virt/coco/tdx-host/tdx-host.c +++ b/drivers/virt/coco/tdx-host/tdx-host.c @@ -100,6 +100,14 @@ static bool can_expose_seamldr(void) if (!sysinfo) return false; + /* + * Calling P-SEAMLDR on CPUs with the seamret_invd_vmcs bug clears + * the current VMCS, which breaks KVM. Verify the erratum is not + * present before exposing P-SEAMLDR features. + */ + if (boot_cpu_has_bug(X86_BUG_SEAMRET_INVD_VMCS)) + return false; + return tdx_supports_runtime_update(sysinfo); } -- 2.47.3