From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9C793559E0 for ; Fri, 23 Jan 2026 15:00:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.17 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180433; cv=none; b=KHYNgCGfP9qKGCpGXLSDuSDKAYpb65lu1Yr1VNP6Hzr4UUFe8Ew/IaQz8r6IM27KdUoLZe9OidRPDP0L9J4uvsorFcGI2mJXptjl4tQII9OO6IE7MyVCYOm1svT0vR8Veb7JIhUg843KFgtFpY3Dex02mVj65bhmqsWJDwEaWmI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180433; c=relaxed/simple; bh=eCHsjN/WFKTRp2ioiJ0lDE/cxmPQPl26vIGWgJI90qs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lW7yTbVCdfjZX+c9m4fVbeKM+iNHwKf+JzcNiLcMqNjKtFe8nC+cYB+nDL22dgWIKjLK5GKf/sH4W9cwWhDd2fgcHQv5GZqBH5SAEIqgxkHKtVP51AB5aX9F02ggDgUpGGoJl0/HUZFIid3GqyFuo3LN9Zh/hquwqyC0RRHRX5o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Cy8dY+wQ; arc=none smtp.client-ip=192.198.163.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Cy8dY+wQ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769180432; x=1800716432; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=eCHsjN/WFKTRp2ioiJ0lDE/cxmPQPl26vIGWgJI90qs=; b=Cy8dY+wQJ5/C/kCo8U+W7WYCTnJRvSLysRdTl6qgHSywHobiqEIB5M/I FVxYftMO5UgloHGLdq3Etd0wKnFwr+WtnVInn/6TD3CUpmCP+GoCBjsae WR0VvROjqk4GnnAr359wsi5ZA2nXtWBYjPRWW6KcryKVTLNaKQx4MBCaS bq7DqQh3X7iX6xGxnpj3E7KHaBKiIB9s/B2wQRYP3SxgGde9P4ijomAkf gyQ3mMarW1OjpcpZEwNgJuED+CQLR7XUy/JEs5nzcp5qVJ5MGfCFSmmk9 1hpuWdGhY7TyoiF5ljC0NpiOmo15tXQId6UtHNPxYk9KvjXa+joMhDAUG Q==; X-CSE-ConnectionGUID: Sp0TQPU2S8SqrQAGEVrKmA== X-CSE-MsgGUID: B+EvEtubTXyJHB1fpkaATg== X-IronPort-AV: E=McAfee;i="6800,10657,11680"; a="70334458" X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="70334458" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:17 -0800 X-CSE-ConnectionGUID: UmfE6kZWTj6o/LxogLuewA== X-CSE-MsgGUID: 8+YgL/bETrOzLc4/6nBu3Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="237697166" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:17 -0800 From: Chao Gao To: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org Cc: reinette.chatre@intel.com, ira.weiny@intel.com, kai.huang@intel.com, dan.j.williams@intel.com, yilun.xu@linux.intel.com, sagis@google.com, vannapurve@google.com, paulmck@kernel.org, nik.borisov@suse.com, zhenzhong.duan@intel.com, seanjc@google.com, rick.p.edgecombe@intel.com, kas@kernel.org, dave.hansen@linux.intel.com, vishal.l.verma@intel.com, Chao Gao , Farrah Chen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Subject: [PATCH v3 16/26] x86/virt/seamldr: Shut down the current TDX module Date: Fri, 23 Jan 2026 06:55:24 -0800 Message-ID: <20260123145645.90444-17-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260123145645.90444-1-chao.gao@intel.com> References: <20260123145645.90444-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit TDX Module updates request shutting down the existing TDX module. During this shutdown, the module generates hand-off data, which captures the module's states essential for preserving running TDs. The new TDX Module can utilize this hand-off data to establish its states. Invoke the TDH_SYS_SHUTDOWN SEAMCALL on one CPU to perform the shutdown. This SEAMCALL requires a hand-off module version. Use the module's own hand-off version, as it is the highest version the module can produce and is more likely to be compatible with new modules as new modules likely have higher hand-off version. Signed-off-by: Chao Gao Tested-by: Farrah Chen --- v3: - remove autogeneration stuff in the changelog v2: - add a comment about how handoff version is chosen. - remove the first !ret in get_tdx_sys_info_handoff() as we edited the auto-generated code anyway - remove !! when determining whether a CPU is the primary one - remove unnecessary if-break nesting in TDP_SHUTDOWN --- arch/x86/include/asm/tdx_global_metadata.h | 5 +++++ arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++++ arch/x86/virt/vmx/tdx/tdx.c | 16 ++++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 3 +++ arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 13 +++++++++++++ 5 files changed, 47 insertions(+) diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/asm/tdx_global_metadata.h index 40689c8dc67e..8a9ebd895e70 100644 --- a/arch/x86/include/asm/tdx_global_metadata.h +++ b/arch/x86/include/asm/tdx_global_metadata.h @@ -40,12 +40,17 @@ struct tdx_sys_info_td_conf { u64 cpuid_config_values[128][2]; }; +struct tdx_sys_info_handoff { + u16 module_hv; +}; + struct tdx_sys_info { struct tdx_sys_info_version version; struct tdx_sys_info_features features; struct tdx_sys_info_tdmr tdmr; struct tdx_sys_info_td_ctrl td_ctrl; struct tdx_sys_info_td_conf td_conf; + struct tdx_sys_info_handoff handoff; }; #endif diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index a13d526b38a7..76f404d1115c 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -19,6 +19,7 @@ #include #include "seamcall.h" +#include "tdx.h" /* P-SEAMLDR SEAMCALL leaf function */ #define P_SEAMLDR_INFO 0x8000000000000000 @@ -233,6 +234,7 @@ static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size) */ enum tdp_state { TDP_START, + TDP_SHUTDOWN, TDP_DONE, }; @@ -265,8 +267,12 @@ static void ack_state(void) static int do_seamldr_install_module(void *params) { enum tdp_state newstate, curstate = TDP_START; + int cpu = smp_processor_id(); + bool primary; int ret = 0; + primary = cpumask_first(cpu_online_mask) == cpu; + do { /* Chill out and ensure we re-read tdp_data. */ cpu_relax(); @@ -275,6 +281,10 @@ static int do_seamldr_install_module(void *params) if (newstate != curstate) { curstate = newstate; switch (curstate) { + case TDP_SHUTDOWN: + if (primary) + ret = tdx_module_shutdown(); + break; default: break; } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index a0990c5dd78d..8b36a80cf229 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1175,6 +1175,22 @@ int tdx_enable(void) } EXPORT_SYMBOL_FOR_KVM(tdx_enable); +int tdx_module_shutdown(void) +{ + struct tdx_module_args args = {}; + + /* + * Shut down the TDX Module and prepare handoff data for the next + * TDX Module. This SEAMCALL requires a hand-off module version. + * Use the module's own hand-off version, as it is the highest + * version the module can produce and is more likely to be + * compatible with new modules as new modules likely have higher + * hand-off version. + */ + args.rcx = tdx_sysinfo.handoff.module_hv; + return seamcall_prerr(TDH_SYS_SHUTDOWN, &args); +} + static bool is_pamt_page(unsigned long phys) { struct tdmr_info_list *tdmr_list = &tdx_tdmr_list; diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 82bb82be8567..1c4da9540ae0 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -46,6 +46,7 @@ #define TDH_PHYMEM_PAGE_WBINVD 41 #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 +#define TDH_SYS_SHUTDOWN 52 /* * SEAMCALL leaf: @@ -118,4 +119,6 @@ struct tdmr_info_list { int max_tdmrs; /* How many 'tdmr_info's are allocated */ }; +int tdx_module_shutdown(void); + #endif diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c index 4c9917a9c2c3..7f4ed9af1d8d 100644 --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c @@ -100,6 +100,18 @@ static int get_tdx_sys_info_td_conf(struct tdx_sys_info_td_conf *sysinfo_td_conf return ret; } +static int get_tdx_sys_info_handoff(struct tdx_sys_info_handoff *sysinfo_handoff) +{ + int ret = 0; + u64 val; + + if (tdx_supports_runtime_update(&tdx_sysinfo) && + !(ret = read_sys_metadata_field(0x8900000100000000, &val))) + sysinfo_handoff->module_hv = val; + + return ret; +} + static int get_tdx_sys_info(struct tdx_sys_info *sysinfo) { int ret = 0; @@ -115,6 +127,7 @@ static int get_tdx_sys_info(struct tdx_sys_info *sysinfo) ret = ret ?: get_tdx_sys_info_tdmr(&sysinfo->tdmr); ret = ret ?: get_tdx_sys_info_td_ctrl(&sysinfo->td_ctrl); ret = ret ?: get_tdx_sys_info_td_conf(&sysinfo->td_conf); + ret = ret ?: get_tdx_sys_info_handoff(&sysinfo->handoff); return ret; } -- 2.47.3