x86/virt/tdx: Avoid indirect calls to TDX assembly functions

Maxim Levitsky · Maxim Levitsky · commit 88bedf8eb404 · 2025-07-21T17:30:25.000-04:00
JIRA: https://issues.redhat.com/browse/RHEL-47242 commit 0b3bc01 Author: Kai Huang <kai.huang@intel.com> Date: Sat Jun 7 01:07:37 2025 +1200 x86/virt/tdx: Avoid indirect calls to TDX assembly functions Two 'static inline' TDX helper functions (sc_retry() and sc_retry_prerr()) take function pointer arguments which refer to assembly functions. Normally, the compiler inlines the TDX helper, realizes that the function pointer targets are completely static -- thus can be resolved at compile time -- and generates direct call instructions. But, other times (like when CONFIG_CC_OPTIMIZE_FOR_SIZE=y), the compiler declines to inline the helpers and will instead generate indirect call instructions. Indirect calls to assembly functions require special annotation (for various Control Flow Integrity mechanisms). But TDX assembly functions lack the special annotations and can only be called directly. Annotate both the helpers as '__always_inline' to prod the compiler into maintaining the direct calls. There is no guarantee here, but Peter has volunteered to report the compiler bug if this assumption ever breaks[1]. Fixes: 1e66a7e ("x86/virt/tdx: Handle SEAMCALL no entropy error in common code") Fixes: df01f5a ("x86/virt/tdx: Add SEAMCALL error printing for module initialization") Signed-off-by: Kai Huang <kai.huang@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/lkml/20250605145914.GW39944@noisy.programming.kicks-ass.net/ [1] Link: https://lore.kernel.org/all/20250606130737.30713-1-kai.huang%40intel.com Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
@@ -101,7 +101,7 @@ void tdx_init(void);
 
 typedef u64 (*sc_func_t)(u64 fn, struct tdx_module_args *args);
 
-static inline u64 sc_retry(sc_func_t func, u64 fn,
+static __always_inline u64 sc_retry(sc_func_t func, u64 fn,
 			   struct tdx_module_args *args)
 {
 	int retry = RDRAND_RETRY_LOOPS;
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
@@ -75,8 +75,9 @@ static inline void seamcall_err_ret(u64 fn, u64 err,
 			args->r9, args->r10, args->r11);
 }
 
-static inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func,
-				 u64 fn, struct tdx_module_args *args)
+static __always_inline int sc_retry_prerr(sc_func_t func,
+					  sc_err_func_t err_func,
+					  u64 fn, struct tdx_module_args *args)
 {
 	u64 sret = sc_retry(func, fn, args);
 

Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ void tdx_init(void);`
`101`	`101`
`102`	`102`	`typedef u64 (sc_func_t)(u64 fn, struct tdx_module_args args);`
`103`	`103`
`104`		`-static inline u64 sc_retry(sc_func_t func, u64 fn,`
	`104`	`+static __always_inline u64 sc_retry(sc_func_t func, u64 fn,`
`105`	`105`	`struct tdx_module_args *args)`
`106`	`106`	`{`
`107`	`107`	`int retry = RDRAND_RETRY_LOOPS;`
Original file line number	Diff line number	Diff line change
`@@ -75,8 +75,9 @@ static inline void seamcall_err_ret(u64 fn, u64 err,`
`75`	`75`	`args->r9, args->r10, args->r11);`
`76`	`76`	`}`
`77`	`77`
`78`		`-static inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func,`
`79`		`- u64 fn, struct tdx_module_args *args)`
	`78`	`+static __always_inline int sc_retry_prerr(sc_func_t func,`
	`79`	`+ sc_err_func_t err_func,`
	`80`	`+ u64 fn, struct tdx_module_args *args)`
`80`	`81`	`{`
`81`	`82`	`u64 sret = sc_retry(func, fn, args);`
`82`	`83`