From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E4C8935CB8D for ; Thu, 12 Feb 2026 14:36:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.8 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770906990; cv=none; b=k8prvsjg9uXrLWTlmcYVK9dcYlSlAD3WDkPzi1vKBgsYzWHut5tVJXwAP3UbOxzk5QrR4s5WGlpC0B9BBuxigV5uw30/iW1lPJUYX0CmxEgf7BxfwET/MTHCybgghjB3Oae8e8zelZ40vyXaCbLl0XtvkWrm9/sA73ILPb/fmyY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770906990; c=relaxed/simple; bh=zREuf3Cd17yXVBhQwkrGkULZAJjxgMPP74anfv9FCcA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YZNJ3rV8WVvFsrrbvWFdoeHo6gL1WDosiXsnxrhZp4Ff50pA9bfhyDWgoMwcxCnHDvBplRJOG9NztV1PSLBeEE3uAXjpNCEBhwqWOe5ugqP339Mfoq4ZKTUueMFrCgUx+VZsh9jIUYqIpBwZx51gOWCOkLX8PLaLaDfx+394Nwg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=kwWFU2eO; arc=none smtp.client-ip=192.198.163.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="kwWFU2eO" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1770906989; x=1802442989; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zREuf3Cd17yXVBhQwkrGkULZAJjxgMPP74anfv9FCcA=; b=kwWFU2eOptSzLU2olSdz9fsOsd6IWR1MfsI6EtQMsmrRzqga5wM6lwza 6Y+acs/Elbf08izfPIq4BvkjyigrCELqEsu/3Vkr+zgK/kQewAXVYLbC5 mYCJbA7O4sbuPmOVBs82XLiAqrkxDPyzHrjObNuXMpWwsFo3FZTz1cdTa +JWI+6l23aAIkzFQYH6ZEEEjzEZyQHpmDTN2Ms91sO7KSr8HaPsTS7C/2 Hq31MFZeqyBuAwBaOAt6J4DJz7Of5YcnjHrtAf7aAD3iSTXuB1oo0wxGn bIdEtG4PxRYqomH405clEKRWJCYQ8tpMw/M+yYWL6TB1XD5PY6hSg0iE1 w==; X-CSE-ConnectionGUID: 102V5xT+RXqlhaHk6nU+Cw== X-CSE-MsgGUID: isCTv94/SIOXI9GaknBuiA== X-IronPort-AV: E=McAfee;i="6800,10657,11699"; a="89662886" X-IronPort-AV: E=Sophos;i="6.21,286,1763452800"; d="scan'208";a="89662886" Received: from fmviesa006.fm.intel.com ([10.60.135.146]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2026 06:36:27 -0800 X-CSE-ConnectionGUID: YW9fvaTRTUKxoyVKxl2t7Q== X-CSE-MsgGUID: gVV2EKoGSDiyKPlI/y1xrA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,286,1763452800"; d="scan'208";a="211428286" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by fmviesa006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Feb 2026 06:36:27 -0800 From: Chao Gao To: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org Cc: reinette.chatre@intel.com, ira.weiny@intel.com, kai.huang@intel.com, dan.j.williams@intel.com, yilun.xu@linux.intel.com, sagis@google.com, vannapurve@google.com, paulmck@kernel.org, nik.borisov@suse.com, zhenzhong.duan@intel.com, seanjc@google.com, rick.p.edgecombe@intel.com, kas@kernel.org, dave.hansen@linux.intel.com, vishal.l.verma@intel.com, binbin.wu@linux.intel.com, tony.lindgren@linux.intel.com, Chao Gao , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Subject: [PATCH v4 18/24] x86/virt/tdx: Restore TDX Module state Date: Thu, 12 Feb 2026 06:35:21 -0800 Message-ID: <20260212143606.534586-19-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260212143606.534586-1-chao.gao@intel.com> References: <20260212143606.534586-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TDX Module state was packed as handoff data during module shutdown. After per-CPU initialization, the new module can restore TDX Module state from handoff data to preserve running TDs. Once the restoration is done, the TDX Module update is complete, which means the new module is ready to handle requests from the host and guests. Implement the new TDH.SYS.UPDATE SEAMCALL to restore TDX Module state and invoke it for one CPU. Note that IntelĀ® Trust Domain Extensions (IntelĀ® TDX) Module Base Architecture Specification, Revision 348549-007, Chapter 4.5.5 states: If TDH.SYS.UPDATE returns an error, then the host VMM can continue with the non-update sequence (TDH.SYS.CONFIG, 15 TDH.SYS.KEY.CONFIG etc.). In this case all existing TDs are lost. Alternatively, the host VMM can request the P-SEAMLDR to update to another TDX Module. If that update is successful, existing TDs are preserved The two alternative error handling approaches are not implemented due to their complexity and unclear benefits. Also note that the location and the format of handoff data is defined by the TDX Module. The new module knows where to get handoff data and how to parse it. The kernel doesn't need to provide its location, format etc. Signed-off-by: Chao Gao Reviewed-by: Tony Lindgren --- v3: - use seamcall_prerr() rather than raw seamcall() [Binbin] - use pr_err() to print error message [Binbin] --- arch/x86/virt/vmx/tdx/seamldr.c | 5 +++++ arch/x86/virt/vmx/tdx/tdx.c | 16 ++++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 2 ++ 3 files changed, 23 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index e29e6094c80b..0ca802234695 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -201,6 +201,7 @@ enum tdp_state { TDP_SHUTDOWN, TDP_CPU_INSTALL, TDP_CPU_INIT, + TDP_RUN_UPDATE, TDP_DONE, }; @@ -264,6 +265,10 @@ static int do_seamldr_install_module(void *seamldr_params) case TDP_CPU_INIT: ret = tdx_cpu_enable(); break; + case TDP_RUN_UPDATE: + if (primary) + ret = tdx_module_run_update(); + break; default: break; } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index a1193efc1156..a8adb2c97e2f 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1202,6 +1202,22 @@ int tdx_module_shutdown(void) return 0; } +int tdx_module_run_update(void) +{ + struct tdx_module_args args = {}; + int ret; + + ret = seamcall_prerr(TDH_SYS_UPDATE, &args); + if (ret) { + pr_err("TDX-Module update failed (%d)\n", ret); + tdx_module_status = TDX_MODULE_ERROR; + return ret; + } + + tdx_module_status = TDX_MODULE_INITIALIZED; + return 0; +} + static bool is_pamt_page(unsigned long phys) { struct tdmr_info_list *tdmr_list = &tdx_tdmr_list; diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 1c4da9540ae0..0887debfd139 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -47,6 +47,7 @@ #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 #define TDH_SYS_SHUTDOWN 52 +#define TDH_SYS_UPDATE 53 /* * SEAMCALL leaf: @@ -120,5 +121,6 @@ struct tdmr_info_list { }; int tdx_module_shutdown(void); +int tdx_module_run_update(void); #endif -- 2.47.3