From nobody Mon Jun 8 20:53:22 2026 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA002382363; Tue, 26 May 2026 15:43:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.142.43.55 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779810242; cv=none; b=c5u8gBMp5CPFUVyC8Jq5Alo0KtAHz6TRwh+aoCYfZJ1wqc+3rYDKIVhsTC3ZWsjQ4piBzibu0bh4mtC+XPej38hwbOws/U1iwJCfLCnjCqIAUYyiUmDcQ7xMn/RLK815vCehNQuA+0V/Hqhags2VIwmvDEYIrEgpKq8EPKX6AFc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779810242; c=relaxed/simple; bh=wRXAjpT53Zd84D6+OF1S6muA2sRRGKsNfk8pgTewXf8=; h=Date:From:To:Subject:Cc:In-Reply-To:References:MIME-Version: Message-ID:Content-Type; b=iR8uPY5pPBiXl/zz1IcMl5uLMzEiqgXPbIF+x7yF7EjQUbpDJ1reQl5W9XFFbBZ2mEGkzJHQMI5GrgHYhFXryRvyKV040o9Sy1ofMrW16ny8CBmQz9Io9DkAr5gEgtNCy1UZz/wJWklRuknp0nf4peAk0KZ7760aLR6d3AhdktM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de; spf=pass smtp.mailfrom=linutronix.de; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=MRi8NtDt; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b=00mxcJnd; arc=none smtp.client-ip=193.142.43.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linutronix.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linutronix.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="MRi8NtDt"; dkim=permerror (0-bit key) header.d=linutronix.de header.i=@linutronix.de header.b="00mxcJnd" Date: Tue, 26 May 2026 15:43:56 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1779810237; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QNUGm+PIgLYsgoL+beNCfw6D19s4cysOfMCvS02bagE=; b=MRi8NtDtSNSvNHRqJXu6pTUNpEL+2iKakxm5eBfhrUHmSyF22GUU76brnZFc07piHvKNkc yueqZXM1sBP00vFFcwqcmQoBU3vymsio9Hce46n0Tg3rv7ssWBktB1oiv9On+BxpWnwQ7r 5RmMVVT3pTuo0aTIo6CxnOX5PcUesAT1nLB4cVsB050jrONW7qwGFW+StGFHYrlq+O+BbH pGquUxB29WMc/nM7ijEvhL7OsCIiaQcAzasfSgOWkqx4PnAaGhVCZ7sT3NS1mxE9yX5Ljc RAwg42sCOAl24uUYQWPz2kgVMHG1vrdxLKPX3AxPXkC6rYjDmJVpf3kL2X53xQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1779810237; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=QNUGm+PIgLYsgoL+beNCfw6D19s4cysOfMCvS02bagE=; b=00mxcJndtUTGqALYzp0/gGIC1ePPgxn+Q0so4HSwucx0DfB1yDJ2JQRfTWOlgu6fevezE+ IJs/qW60/IZOw3CQ== From: "tip-bot2 for Chao Gao" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/tdx] x86/virt/seamldr: Initialize the newly-installed TDX module Cc: Chao Gao , Dave Hansen , Xu Yilun , Tony Lindgren , Kai Huang , "Kiryl Shutsemau (Meta)" , Rick Edgecombe , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20260520222909.466B929B@davehans-spike.ostc.intel.com> References: <20260520222909.466B929B@davehans-spike.ostc.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Message-ID: <177981023614.1039918.2221202410277025341.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Precedence: bulk Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The following commit has been merged into the x86/tdx branch of tip: Commit-ID: f74245e39c216db06f1ff9e2f3d3ce5bcb03154d Gitweb: https://git.kernel.org/tip/f74245e39c216db06f1ff9e2f3d3ce5bc= b03154d Author: Chao Gao AuthorDate: Wed, 20 May 2026 15:29:09 -07:00 Committer: Dave Hansen CommitterDate: Tue, 26 May 2026 08:41:36 -07:00 x86/virt/seamldr: Initialize the newly-installed TDX module Continue fleshing out the update process. At this point the new module is sitting in memory but has never been called and is not usable. It is in a similar state to the when the system first boots. Leave the P-SEAMLDR behind. Stop making calls to it. Transition to calling the new TDX module itself to set up both global and per-cpu state. Share tdx_cpu_enable() with the fresh-boot module initialization code. Export it and invoke it on all CPUs. Note: "TDX global initialization" needs to be done once before "TDX per-CPU initialization". It would be a great fit for the new runtime update "is_lead_cpu" logic. But tdx_cpu_enable() already has some logic to do the global initialization properly. Just use it directly to maximize fresh-boot and runtime update code sharing. =3D=3D Background =3D=3D The boot-time and post-update initialization flows share the same first steps: - TDX global initialization - TDX per-CPU initialization After that, they diverge: - Fresh boot: Prepare TDMRs/PAMTs Configure the TDX module Configure the global KeyID Initialize TDMRs - Runtime update: Restore TDX module state from handoff data Future changes will consume the handoff data. [ dhansen: major changelog munging ] Signed-off-by: Chao Gao Signed-off-by: Dave Hansen Reviewed-by: Xu Yilun Reviewed-by: Tony Lindgren Reviewed-by: Kai Huang Reviewed-by: Kiryl Shutsemau (Meta) Reviewed-by: Rick Edgecombe Link: https://patch.msgid.link/20260520133909.409394-20-chao.gao@intel.com Link: https://patch.msgid.link/20260520222909.466B929B@davehans-spike.ostc.= intel.com --- arch/x86/include/asm/tdx.h | 1 + arch/x86/virt/vmx/tdx/seamldr.c | 4 ++++ arch/x86/virt/vmx/tdx/tdx.c | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 27376db..5d750fe 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -107,6 +107,7 @@ static inline long tdx_kvm_hypercall(unsigned int nr, u= nsigned long p1, =20 #ifdef CONFIG_INTEL_TDX_HOST void tdx_init(void); +int tdx_cpu_enable(void); const char *tdx_dump_mce_info(struct mce *m); const struct tdx_sys_info *tdx_get_sysinfo(void); =20 diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamld= r.c index 54fa797..5fdb36b 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -209,6 +209,7 @@ enum module_update_state { MODULE_UPDATE_START, MODULE_UPDATE_SHUTDOWN, MODULE_UPDATE_CPU_INSTALL, + MODULE_UPDATE_CPU_INIT, MODULE_UPDATE_DONE, }; =20 @@ -287,6 +288,9 @@ static int do_seamldr_install_module(void *seamldr_para= ms) case MODULE_UPDATE_CPU_INSTALL: ret =3D seamldr_install(seamldr_params); break; + case MODULE_UPDATE_CPU_INIT: + ret =3D tdx_cpu_enable(); + break; default: break; } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 37e52cd..080a2bc 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -113,7 +113,7 @@ out: * (and TDX module global initialization SEAMCALL if not done) on local cp= u to * make this cpu be ready to run any other SEAMCALLs. */ -static int tdx_cpu_enable(void) +int tdx_cpu_enable(void) { struct tdx_module_args args =3D {}; int ret;