From nobody Mon Jun 8 20:43:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D169368953; Tue, 26 May 2026 15:33:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779809582; cv=none; b=bLs6Dct49miSHsiSyt688EnJXNoWmsrTp+gIERoXLrm3oXc3lhF+m8omKUgrl74b92tjL/qOQK30sRCpd44DJECgZkLfkDizXRiBloVnaJfjaQfkM/3fyMgIFg+UF9el9leTeuP5Mo0HqszZOty71va73awQbQKwlym3wCw2VJ8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779809582; c=relaxed/simple; bh=BiFZYWDH26vnEkc9LFrZ0Re5zEtlHPeJ2I0/DgvwE6Y=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=UVj/BiX8YMzsq3D7+yuZyITjTAeu53m2un4yB4IV78AOFbvATGRNougTY7BENuxkA1qAhLVeIB5qj32C7OKdcxEZPW7EU+Rv/pCjVCkrY7LYLssc/X7eyusG0/ZymaAvWrKZ5vQUnOKaWRC+hWNRQ+vijcjoWy7qUaqnGbJw6Oc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=bNoE1hUB; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=BkU6ePsX; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="bNoE1hUB"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="BkU6ePsX" Date: Tue, 26 May 2026 15:32:58 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1779809579; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WJNnG2rw70Z7KlExgUB/EhfWvzGWD3TmjblDgxN+2PE=; b=bNoE1hUBpmO2rTOp9+RgbOeNKAnPfttNb1O5oK4Fh81w7k0vLOOhv7tEb4lY8c/p235yam +pZlYYKp0S82VfKcIStq6a+Z/rIhj9RA6f/okdBCKCeJiNc8V0hd8dyJVQ4EMnka7pA1Ns Izi8dK+WoroWDGIMUTnHaEdYq02vCWW1T5oH8Ofw5QSoDllp3jwuNUehQBrXDCGxDXIXxc i5mNgkubZdN1aiFUMDPN86bDFTLi/iTwtc67zoNkKJo8gSVnPjGe6YVyBigpneBCfDMnNA 22pWD7m6A7BqrOA8dvssZO2ou/hZ99QJGh7jozgJyrZbNJQB6nWxnpURtFkybg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1779809579; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WJNnG2rw70Z7KlExgUB/EhfWvzGWD3TmjblDgxN+2PE=; b=BkU6ePsXCzj1K6WiPi1MDo8IlzsrUgCvf4XTY9qoneYVtrqJxjkAZRWQtEdTJLE/WZfzlm +jR8fsvrp0aUINCQ== From: "tip-bot2 for Chao Gao" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/tdx] x86/virt/tdx: Restore TDX module state Cc: Chao Gao , Dave Hansen , Tony Lindgren , Kai Huang , "Kiryl Shutsemau (Meta)" , Rick Edgecombe , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20260520222910.7727219F@davehans-spike.ostc.intel.com> References: <20260520222910.7727219F@davehans-spike.ostc.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <177980957816.1039918.12852771491965841840.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/tdx branch of tip: Commit-ID: 2c7d8ff2ef03cf3c3a70e91fcf1ee182fe58f8d3 Gitweb: https://git.kernel.org/tip/2c7d8ff2ef03cf3c3a70e91fcf1ee182f= e58f8d3 Author: Chao Gao AuthorDate: Wed, 20 May 2026 15:29:10 -07:00 Committer: Dave Hansen CommitterDate: Tue, 26 May 2026 08:29:15 -07:00 x86/virt/tdx: Restore TDX module state After per-CPU initialization, the module is nearly functional. It is in a similar state to TDX initialization before TDH.SYS.CONFIG. At this point, the kernel _could_ just repeat the boot-time sequence, but that would land the new module in a slightly different state than the old module. This would leave old TDs unrunnable, which is not a good outcome. Thankfully, the "handoff" data saved during module shutdown should contain all the information needed to restore the TDX module state to exactly what it was before the update. Restore TDX module state. The TDX module only needs a single copy so only do this on the lead CPU. Restoration errors can theoretically be handled in a few ways. For instance, userspace could try to load a different TDX module version. Or, the kernel could give up on the handoff process and just reinitialize the new module from scratch, which would lose all existing TDs. Simply propagate errors to userspace. Ignore the idea of a TD-destroying reinitialization. It would destroy data like a reboot and if things have gone that wrong a reboot is probably the best option anyway. Note: the location and the format of handoff data is defined by the TDX module. The new module knows where to get handoff data and how to parse it. The kernel does not touch it at all. Signed-off-by: Chao Gao Signed-off-by: Dave Hansen Reviewed-by: Tony Lindgren Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Reviewed-by: Rick Edgecombe Link: https://patch.msgid.link/20260520133909.409394-21-chao.gao@intel.com Link: https://patch.msgid.link/20260520222910.7727219F@davehans-spike.ostc.= intel.com --- arch/x86/virt/vmx/tdx/seamldr.c | 5 +++++ arch/x86/virt/vmx/tdx/tdx.c | 13 +++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 2 ++ 3 files changed, 20 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamld= r.c index 5fdb36b..f5591d7 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -210,6 +210,7 @@ enum module_update_state { MODULE_UPDATE_SHUTDOWN, MODULE_UPDATE_CPU_INSTALL, MODULE_UPDATE_CPU_INIT, + MODULE_UPDATE_RUN_UPDATE, MODULE_UPDATE_DONE, }; =20 @@ -291,6 +292,10 @@ static int do_seamldr_install_module(void *seamldr_par= ams) case MODULE_UPDATE_CPU_INIT: ret =3D tdx_cpu_enable(); break; + case MODULE_UPDATE_RUN_UPDATE: + if (is_lead_cpu) + ret =3D tdx_module_run_update(); + break; default: break; } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 080a2bc..d54c2ec 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1312,6 +1312,19 @@ int tdx_module_shutdown(void) return 0; } =20 +int tdx_module_run_update(void) +{ + struct tdx_module_args args =3D {}; + int ret; + + ret =3D seamcall_prerr(TDH_SYS_UPDATE, &args); + if (ret) + return ret; + + tdx_module_state.initialized =3D true; + return 0; +} + static bool is_pamt_page(unsigned long phys) { struct tdmr_info_list *tdmr_list =3D &tdx_tdmr_list; diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index f0c20de..bdfd0e1 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -47,6 +47,7 @@ #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 #define TDH_SYS_SHUTDOWN 52 +#define TDH_SYS_UPDATE 53 #define TDH_SYS_DISABLE 69 =20 /* @@ -110,5 +111,6 @@ struct tdmr_info_list { }; =20 int tdx_module_shutdown(void); +int tdx_module_run_update(void); =20 #endif