From: Nikolay Borisov <nik.borisov@suse.com>
To: Chao Gao <chao.gao@intel.com>,
linux-coco@lists.linux.dev, x86@kernel.org, kvm@vger.kernel.org
Cc: seanjc@google.com, pbonzini@redhat.com, eddie.dong@intel.com,
kirill.shutemov@intel.com, dave.hansen@intel.com,
dan.j.williams@intel.com, kai.huang@intel.com,
isaku.yamahata@intel.com, elena.reshetova@intel.com,
rick.p.edgecombe@intel.com, Farrah Chen <farrah.chen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 12/20] x86/virt/seamldr: Shut down the current TDX module
Date: Tue, 3 Jun 2025 15:36:36 +0300 [thread overview]
Message-ID: <1f6956aa-5fa4-404f-bce4-3ddf87c50114@suse.com> (raw)
In-Reply-To: <20250523095322.88774-13-chao.gao@intel.com>
On 5/23/25 12:52, Chao Gao wrote:
> TD-Preserving updates request shutting down the existing TDX module.
> During this shutdown, the module generates hand-off data, which captures
> the module's states essential for preserving running TDs. The new TDX
> module can utilize this hand-off data to establish its states.
>
> Invoke the TDH_SYS_SHUTDOWN API on one CPU to perform the shutdown. This
> API requires a hand-off module version. Use the module's own hand-off
> version, as it is the highest version the module can produce and is more
> likely to be compatible with new modules.
>
> Changes to tdx_global_metadata.{hc} are auto-generated by following the
> instructions detailed in [1], after adding the following section to the
> tdx.py script:
>
> "handoff": [
> "MODULE_HV",
> ],
>
> Add a check to ensure that module_hv is guarded by the TDX module's
> support for TD-Preserving.
>
> Signed-off-by: Chao Gao <chao.gao@intel.com>
> Tested-by: Farrah Chen <farrah.chen@intel.com>
> Link: https://lore.kernel.org/kvm/20250226181453.2311849-12-pbonzini@redhat.com/ [1]
> ---
> arch/x86/include/asm/tdx_global_metadata.h | 5 +++++
> arch/x86/virt/vmx/tdx/seamldr.c | 11 +++++++++++
> arch/x86/virt/vmx/tdx/tdx.c | 18 ++++++++++++++++++
> arch/x86/virt/vmx/tdx/tdx.h | 4 ++++
> arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 13 +++++++++++++
> 5 files changed, 51 insertions(+)
>
> diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/asm/tdx_global_metadata.h
> index ce0370f4a5b9..a2011a3575ff 100644
> --- a/arch/x86/include/asm/tdx_global_metadata.h
> +++ b/arch/x86/include/asm/tdx_global_metadata.h
> @@ -40,12 +40,17 @@ struct tdx_sys_info_td_conf {
> u64 cpuid_config_values[128][2];
> };
>
> +struct tdx_sys_info_handoff {
> + u16 module_hv;
> +};
> +
> struct tdx_sys_info {
> struct tdx_sys_info_versions versions;
> struct tdx_sys_info_features features;
> struct tdx_sys_info_tdmr tdmr;
> struct tdx_sys_info_td_ctrl td_ctrl;
> struct tdx_sys_info_td_conf td_conf;
> + struct tdx_sys_info_handoff handoff;
> };
>
> #endif
> diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
> index 9d0d37a92bfd..11c0c5a93c32 100644
> --- a/arch/x86/virt/vmx/tdx/seamldr.c
> +++ b/arch/x86/virt/vmx/tdx/seamldr.c
> @@ -241,6 +241,7 @@ static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
>
> enum tdp_state {
> TDP_START,
> + TDP_SHUTDOWN,
> TDP_DONE,
> };
>
> @@ -281,8 +282,12 @@ static void ack_state(void)
> static int do_seamldr_install_module(void *params)
> {
> enum tdp_state newstate, curstate = TDP_START;
> + int cpu = smp_processor_id();
> + bool primary;
> int ret = 0;
>
> + primary = !!(cpumask_first(cpu_online_mask) == cpu);
nit: the !! is not needed here, as the check is clearly boolean.
> +> do {
> /* Chill out and ensure we re-read tdp_data. */
> cpu_relax();
> @@ -291,6 +296,12 @@ static int do_seamldr_install_module(void *params)
> if (newstate != curstate) {
> curstate = newstate;
> switch (curstate) {
> + case TDP_SHUTDOWN:
> + if (!primary)
> + break;
> +
> + ret = tdx_module_shutdown();
> + break;
> default:
> break;
> }
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index 22ffc15b4299..fa6b3f1eb197 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -295,6 +295,11 @@ static int read_sys_metadata_field(u64 field_id, u64 *data)
> return 0;
> }
>
> +static bool tdx_has_td_preserving(void)
> +{
> + return tdx_sysinfo.features.tdx_features0 & TDX_FEATURES0_TD_PRESERVING;
> +}
> +
> #include "tdx_global_metadata.c"
>
> static int check_features(struct tdx_sys_info *sysinfo)
> @@ -1341,6 +1346,19 @@ int tdx_enable(void)
> }
> EXPORT_SYMBOL_GPL(tdx_enable);
>
> +int tdx_module_shutdown(void)
> +{
> + struct tdx_module_args args = {};
> +
> + /*
> + * Shut down TDX module and prepare handoff data for the next TDX module.
> + * Following a successful TDH_SYS_SHUTDOWN, further TDX module APIs will
> + * fail.
> + */
> + args.rcx = tdx_sysinfo.handoff.module_hv;
> + return seamcall_prerr(TDH_SYS_SHUTDOWN, &args);
> +}
> +
> static bool is_pamt_page(unsigned long phys)
> {
> struct tdmr_info_list *tdmr_list = &tdx_tdmr_list;
> diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
> index 48c0a850c621..3830dee4da91 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.h
> +++ b/arch/x86/virt/vmx/tdx/tdx.h
> @@ -48,6 +48,7 @@
> #define TDH_PHYMEM_PAGE_WBINVD 41
> #define TDH_VP_WR 43
> #define TDH_SYS_CONFIG 45
> +#define TDH_SYS_SHUTDOWN 52
>
> /*
> * SEAMCALL leaf:
> @@ -87,6 +88,7 @@ struct tdmr_info {
> } __packed __aligned(TDMR_INFO_ALIGNMENT);
>
> /* Bit definitions of TDX_FEATURES0 metadata field */
> +#define TDX_FEATURES0_TD_PRESERVING BIT(1)
> #define TDX_FEATURES0_NO_RBP_MOD BIT(18)
>
> /*
> @@ -122,4 +124,6 @@ struct tdmr_info_list {
>
> int seamldr_prerr(u64 fn, struct tdx_module_args *args);
>
> +int tdx_module_shutdown(void);
> +
> #endif
> diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> index 088e5bff4025..a17cbb82e6b8 100644
> --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> @@ -100,6 +100,18 @@ static int get_tdx_sys_info_td_conf(struct tdx_sys_info_td_conf *sysinfo_td_conf
> return ret;
> }
>
> +static int get_tdx_sys_info_handoff(struct tdx_sys_info_handoff *sysinfo_handoff)
> +{
> + int ret = 0;
> + u64 val;
> +
> + if (!ret && tdx_has_td_preserving() &&
nit: That first !ret is redundant since it's always true.
<snip>
next prev parent reply other threads:[~2025-06-03 12:36 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-23 9:52 [RFC PATCH 00/20] TD-Preserving updates Chao Gao
2025-05-23 9:52 ` [RFC PATCH 01/20] x86/virt/tdx: Print SEAMCALL leaf numbers in decimal Chao Gao
2025-06-02 23:44 ` Huang, Kai
2025-05-23 9:52 ` [RFC PATCH 02/20] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs Chao Gao
2025-06-04 12:22 ` Huang, Kai
2025-06-04 13:14 ` Chao Gao
2025-06-05 0:14 ` Huang, Kai
2025-05-23 9:52 ` [RFC PATCH 03/20] x86/virt/seamldr: Introduce a wrapper for " Chao Gao
2025-06-03 11:22 ` Nikolay Borisov
2025-06-09 7:53 ` Chao Gao
2025-06-09 8:02 ` Nikolay Borisov
2025-06-10 1:03 ` Chao Gao
2025-06-10 6:52 ` Nikolay Borisov
2025-06-10 15:02 ` Dave Hansen
2025-07-11 13:59 ` Sean Christopherson
2025-07-14 9:21 ` Chao Gao
2025-05-23 9:52 ` [RFC PATCH 04/20] x86/virt/tdx: Introduce a "tdx" subsystem and "tsm" device Chao Gao
2025-06-02 23:44 ` Huang, Kai
2025-06-05 8:34 ` Chao Gao
2025-07-31 20:17 ` dan.j.williams
2025-05-23 9:52 ` [RFC PATCH 05/20] x86/virt/tdx: Export tdx module attributes via sysfs Chao Gao
2025-06-02 23:49 ` Huang, Kai
2025-06-10 1:37 ` Chao Gao
2025-06-11 2:09 ` Huang, Kai
2025-06-11 7:45 ` Chao Gao
2025-05-23 9:52 ` [RFC PATCH 06/20] x86/virt/seamldr: Add a helper to read P-SEAMLDR information Chao Gao
2025-05-23 9:52 ` [RFC PATCH 07/20] x86/virt/tdx: Expose SEAMLDR information via sysfs Chao Gao
2025-07-29 4:55 ` Xu Yilun
2025-07-29 10:00 ` Chao Gao
2025-07-31 21:01 ` dan.j.williams
2025-08-01 2:07 ` Xu Yilun
2025-08-01 15:24 ` dan.j.williams
2025-08-04 7:00 ` Xu Yilun
2025-08-05 0:17 ` dan.j.williams
2025-08-05 0:47 ` Sean Christopherson
2025-08-05 4:02 ` dan.j.williams
2025-08-05 13:49 ` Sean Christopherson
2025-08-06 16:33 ` dan.j.williams
2025-08-06 3:03 ` Xu Yilun
2025-05-23 9:52 ` [RFC PATCH 08/20] x86/virt/seamldr: Implement FW_UPLOAD sysfs ABI for TD-Preserving Updates Chao Gao
2025-06-16 22:55 ` Sagi Shahar
2025-06-17 7:55 ` Chao Gao
2025-05-23 9:52 ` [RFC PATCH 09/20] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2025-05-23 9:52 ` [RFC PATCH 10/20] x86/virt/seamldr: Introduce skeleton for TD-Preserving updates Chao Gao
2025-05-23 9:52 ` [RFC PATCH 11/20] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2025-06-03 12:04 ` Nikolay Borisov
2025-06-09 2:37 ` Chao Gao
2025-05-23 9:52 ` [RFC PATCH 12/20] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2025-06-03 12:36 ` Nikolay Borisov [this message]
2025-06-09 2:10 ` Chao Gao
2025-05-23 9:52 ` [RFC PATCH 13/20] x86/virt/tdx: Reset software states after TDX module shutdown Chao Gao
2025-05-23 9:52 ` [RFC PATCH 14/20] x86/virt/seamldr: Install a new TDX module Chao Gao
2025-05-23 9:52 ` [RFC PATCH 15/20] x86/virt/seamldr: Handle TD-Preserving update failures Chao Gao
2025-05-23 9:52 ` [RFC PATCH 16/20] x86/virt/seamldr: Do TDX cpu init after updates Chao Gao
2025-05-23 9:52 ` [RFC PATCH 17/20] x86/virt/tdx: Establish contexts for the new module Chao Gao
2025-05-23 9:52 ` [RFC PATCH 18/20] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2025-05-23 9:52 ` [RFC PATCH 19/20] x86/virt/seamldr: Verify availability of slots for TD-Preserving updates Chao Gao
2025-05-23 9:52 ` [RFC PATCH 20/20] x86/virt/seamldr: Enable TD-Preserving Updates Chao Gao
2025-06-11 19:56 ` [RFC PATCH 00/20] TD-Preserving updates Sagi Shahar
2025-07-11 8:04 ` Chao Gao
2025-07-11 14:06 ` Sean Christopherson
2025-07-14 10:26 ` Chao Gao
2025-07-15 0:21 ` Paul E. McKenney
2025-07-16 7:30 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1f6956aa-5fa4-404f-bce4-3ddf87c50114@suse.com \
--to=nik.borisov@suse.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=eddie.dong@intel.com \
--cc=elena.reshetova@intel.com \
--cc=farrah.chen@intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).