From: Chao Gao <chao.gao@intel.com>
To: <linux-coco@lists.linux.dev>, <linux-kernel@vger.kernel.org>,
<kvm@vger.kernel.org>, <x86@kernel.org>
Cc: <reinette.chatre@intel.com>, <ira.weiny@intel.com>,
<kai.huang@intel.com>, <dan.j.williams@intel.com>,
<yilun.xu@linux.intel.com>, <sagis@google.com>,
<vannapurve@google.com>, <paulmck@kernel.org>,
<nik.borisov@suse.com>, <zhenzhong.duan@intel.com>,
<seanjc@google.com>, <rick.p.edgecombe@intel.com>,
<kas@kernel.org>, <dave.hansen@linux.intel.com>,
<vishal.l.verma@intel.com>, <binbin.wu@linux.intel.com>,
<tony.lindgren@linux.intel.com>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH v4 24/24] [NOT-FOR-REVIEW] x86/virt/seamldr: Save and restore current VMCS
Date: Wed, 11 Mar 2026 20:50:18 +0800 [thread overview]
Message-ID: <abFlCkNd7tqaUyAP@intel.com> (raw)
In-Reply-To: <20260212143606.534586-25-chao.gao@intel.com>
On Thu, Feb 12, 2026 at 06:35:27AM -0800, Chao Gao wrote:
>P-SEAMLDR calls clobber the current VMCS as documented in Intel® Trust
>Domain CPU Architectural Extensions (May 2021 edition) Chapter 2.3 [1]:
>
> SEAMRET from the P-SEAMLDR clears the current VMCS structure pointed
> to by the current-VMCS pointer. A VMM that invokes the P-SEAMLDR using
> SEAMCALL must reload the current-VMCS, if required, using the VMPTRLD
> instruction.
>
>Save and restore the current VMCS using VMPTRST and VMPTRLD instructions
>to avoid breaking KVM.
>
>Signed-off-by: Chao Gao <chao.gao@intel.com>
>---
>This patch is needed for testing until microcode is updated to preserve
>the current VMCS across P-SEAMLDR calls. Otherwise, if some normal VMs
>are running before TDX Module updates, vmread/vmwrite errors may occur
>immediately after updates.
The agreed approach is to fix the CPU behavior rather than work around the
issue in the kernel. So, I'll include the following patch to handle this
erratum. Please let me know if you have any concerns.
From 04b53e83dc9daee1866e1c8f26e3d027e1a0be6a Mon Sep 17 00:00:00 2001
From: Chao Gao <chao.gao@intel.com>
Date: Tue, 10 Mar 2026 18:49:41 -0700
Subject: [PATCH] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with
erratum
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Some TDX-capable CPUs have an erratum, as documented in Intel® Trust
Domain CPU Architectural Extensions (May 2021 edition) Chapter 2.3:
SEAMRET from the P-SEAMLDR clears the current VMCS structure pointed
to by the current-VMCS pointer. A VMM that invokes the P-SEAMLDR using
SEAMCALL must reload the current-VMCS, if required, using the VMPTRLD
instruction.
Clearing the current VMCS behind KVM's back will break KVM.
This erratum is not present when IA32_VMX_BASIC[60] is set. Check for
the erratum and refuse to expose P-SEAMLDR features (e.g., TDX module
updates) on affected CPUs.
== Alternatives ==
Two workarounds were considered but both were rejected:
1. Save/restore the current VMCS around P-SEAMLDR calls. This produces ugly
assembly code [1] and doesn't play well with #MCE or #NMI if they
need to use the current VMCS.
2. Move KVM's VMCS tracking logic to the TDX core code, which would break
the boundary between KVM and the TDX core code [2].
Signed-off-by: Chao Gao <chao.gao@intel.com>
Link: https://lore.kernel.org/kvm/fedb3192-e68c-423c-93b2-a4dc2f964148@intel.com/ # [1]
Link: https://lore.kernel.org/kvm/aYIXFmT-676oN6j0@google.com/ # [2]
---
arch/x86/include/asm/vmx.h | 1 +
drivers/virt/coco/tdx-host/tdx-host.c | 12 ++++++++++++
2 files changed, 13 insertions(+)
diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h
index c85c50019523..d066c50b9051 100644
--- a/arch/x86/include/asm/vmx.h
+++ b/arch/x86/include/asm/vmx.h
@@ -135,6 +135,7 @@
#define VMX_BASIC_INOUT BIT_ULL(54)
#define VMX_BASIC_TRUE_CTLS BIT_ULL(55)
#define VMX_BASIC_NO_HW_ERROR_CODE_CC BIT_ULL(56)
+#define VMX_BASIC_PRESERVE_CURRENT_VMCS BIT_ULL(60)
static inline u32 vmx_basic_vmcs_revision_id(u64 vmx_basic)
{
diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c
index 891cc6a083e0..13c23769d09d 100644
--- a/drivers/virt/coco/tdx-host/tdx-host.c
+++ b/drivers/virt/coco/tdx-host/tdx-host.c
@@ -12,8 +12,10 @@
#include <linux/sysfs.h>
#include <asm/cpu_device_id.h>
+#include <asm/msr.h>
#include <asm/seamldr.h>
#include <asm/tdx.h>
+#include <asm/vmx.h>
static const struct x86_cpu_id tdx_host_ids[] = {
X86_MATCH_FEATURE(X86_FEATURE_TDX_HOST_PLATFORM, NULL),
@@ -175,6 +177,7 @@ static int seamldr_init(struct device *dev)
{
const struct tdx_sys_info *tdx_sysinfo = tdx_get_sysinfo();
struct fw_upload *tdx_fwl;
+ u64 basic_msr;
if (WARN_ON_ONCE(!tdx_sysinfo))
return -EIO;
@@ -182,6 +185,15 @@ static int seamldr_init(struct device *dev)
if (!tdx_supports_runtime_update(tdx_sysinfo))
return 0;
+ /*
+ * Some TDX-capable CPUs have an erratum where the current VMCS may
+ * be cleared after calling into P-SEAMLDR. Ensure no such erratum
+ * exists before exposing any P-SEAMLDR functions.
+ */
+ rdmsrq(MSR_IA32_VMX_BASIC, basic_msr);
+ if (!(basic_msr & VMX_BASIC_PRESERVE_CURRENT_VMCS))
+ return 0;
+
tdx_fwl = firmware_upload_register(THIS_MODULE, dev, "tdx_module",
&tdx_fw_ops, NULL);
if (IS_ERR(tdx_fwl))
--
2.47.3
next prev parent reply other threads:[~2026-03-11 12:50 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-12 14:35 [PATCH v4 00/24] Runtime TDX Module update support Chao Gao
2026-02-12 14:35 ` [PATCH v4 01/24] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2026-03-02 12:24 ` Chao Gao
2026-03-05 9:24 ` Binbin Wu
2026-02-12 14:35 ` [PATCH v4 02/24] coco/tdx-host: Introduce a "tdx_host" device Chao Gao
2026-02-20 0:15 ` Huang, Kai
2026-02-24 1:11 ` Chao Gao
2026-03-05 9:25 ` Binbin Wu
2026-03-06 2:13 ` Chao Gao
2026-03-06 4:17 ` Dave Hansen
2026-03-06 5:12 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 03/24] coco/tdx-host: Expose TDX Module version Chao Gao
2026-02-20 0:40 ` Huang, Kai
2026-02-24 2:02 ` Chao Gao
2026-02-24 10:18 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 04/24] x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs Chao Gao
2026-02-20 1:12 ` Huang, Kai
2026-02-24 2:31 ` Chao Gao
2026-02-24 10:25 ` Huang, Kai
2026-03-12 20:15 ` Dave Hansen
2026-03-05 9:51 ` Binbin Wu
2026-03-12 20:14 ` Dave Hansen
2026-03-13 8:02 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 05/24] x86/virt/seamldr: Retrieve P-SEAMLDR information Chao Gao
2026-02-20 9:36 ` Huang, Kai
2026-02-24 2:59 ` Chao Gao
2026-02-24 10:30 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 06/24] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2026-03-06 9:29 ` Binbin Wu
2026-02-12 14:35 ` [PATCH v4 07/24] coco/tdx-host: Implement firmware upload sysfs ABI for TDX Module updates Chao Gao
2026-02-27 3:30 ` Xu Yilun
2026-02-27 4:36 ` Xu Yilun
2026-03-10 2:31 ` Yan Zhao
2026-03-12 20:20 ` Dave Hansen
2026-03-13 8:28 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 08/24] x86/virt/seamldr: Block TDX Module updates if any CPU is offline Chao Gao
2026-03-05 7:02 ` Huang, Kai
2026-03-12 20:20 ` Dave Hansen
2026-03-13 8:17 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates Chao Gao
2026-03-05 4:09 ` Xu Yilun
2026-03-05 7:04 ` Huang, Kai
2026-03-12 2:35 ` Yan Zhao
2026-03-12 14:13 ` Chao Gao
2026-03-12 19:21 ` Edgecombe, Rick P
2026-03-12 20:23 ` Dave Hansen
2026-03-13 8:32 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 10/24] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2026-02-19 22:31 ` Huang, Kai
2026-02-24 5:15 ` Chao Gao
2026-02-24 10:46 ` Huang, Kai
2026-03-05 4:12 ` Xu Yilun
2026-03-12 2:32 ` Yan Zhao
2026-03-12 14:36 ` Chao Gao
2026-03-12 16:56 ` Edgecombe, Rick P
2026-03-13 12:16 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 11/24] x86/virt/seamldr: Introduce skeleton for TDX Module updates Chao Gao
2026-02-23 9:25 ` Huang, Kai
2026-02-24 6:00 ` Chao Gao
2026-02-24 10:49 ` Huang, Kai
2026-03-12 2:00 ` Edgecombe, Rick P
2026-03-12 14:09 ` Chao Gao
2026-03-12 18:05 ` Edgecombe, Rick P
2026-03-13 13:54 ` Chao Gao
2026-03-13 17:43 ` Edgecombe, Rick P
2026-03-12 20:40 ` Dave Hansen
2026-03-13 12:15 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 12/24] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2026-03-04 22:38 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 13/24] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2026-03-04 22:59 ` Huang, Kai
2026-03-06 8:14 ` Chao Gao
2026-03-12 2:34 ` Edgecombe, Rick P
2026-03-05 4:14 ` Xu Yilun
2026-03-12 2:17 ` Edgecombe, Rick P
2026-03-12 2:57 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 14/24] x86/virt/tdx: Reset software states during TDX Module shutdown Chao Gao
2026-03-04 23:06 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 15/24] x86/virt/seamldr: Log TDX Module update failures Chao Gao
2026-03-04 23:08 ` Huang, Kai
2026-03-05 4:18 ` Xu Yilun
2026-02-12 14:35 ` [PATCH v4 16/24] x86/virt/seamldr: Install a new TDX Module Chao Gao
2026-03-04 23:17 ` Huang, Kai
2026-03-05 4:22 ` Xu Yilun
2026-02-12 14:35 ` [PATCH v4 17/24] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2026-03-04 23:18 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 18/24] x86/virt/tdx: Restore TDX Module state Chao Gao
2026-03-04 23:24 ` Huang, Kai
2026-02-12 14:35 ` [PATCH v4 19/24] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2026-03-04 23:40 ` Huang, Kai
2026-03-06 8:32 ` Chao Gao
2026-03-06 9:35 ` Huang, Kai
2026-03-12 18:48 ` Edgecombe, Rick P
2026-02-12 14:35 ` [PATCH v4 20/24] x86/virt/tdx: Enable TDX Module runtime updates Chao Gao
2026-02-23 5:09 ` Huang, Kai
2026-02-24 6:02 ` Chao Gao
2026-02-12 14:35 ` [PATCH v4 21/24] x86/virt/tdx: Avoid updates during update-sensitive operations Chao Gao
2026-02-23 4:58 ` Huang, Kai
2026-02-26 3:02 ` Chao Gao
2026-02-26 6:34 ` dan.j.williams
2026-02-26 15:32 ` Chao Gao
2026-02-26 22:06 ` dan.j.williams
2026-02-12 14:35 ` [PATCH v4 22/24] coco/tdx-host: Document TDX Module update expectations Chao Gao
2026-02-12 21:59 ` dan.j.williams
2026-02-12 14:35 ` [PATCH v4 23/24] x86/virt/tdx: Document TDX Module updates Chao Gao
2026-03-04 23:49 ` Huang, Kai
2026-03-12 2:42 ` Edgecombe, Rick P
2026-02-12 14:35 ` [PATCH v4 24/24] [NOT-FOR-REVIEW] x86/virt/seamldr: Save and restore current VMCS Chao Gao
2026-03-11 12:50 ` Chao Gao [this message]
2026-03-11 22:06 ` Huang, Kai
2026-03-12 8:48 ` Chao Gao
2026-03-12 9:59 ` Huang, Kai
2026-03-12 15:26 ` Vishal Annapurve
2026-03-12 15:31 ` Dave Hansen
2026-02-12 14:46 ` [PATCH v4 00/24] Runtime TDX Module update support Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abFlCkNd7tqaUyAP@intel.com \
--to=chao.gao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tony.lindgren@linux.intel.com \
--cc=vannapurve@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
--cc=zhenzhong.duan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox