From: Chao Gao <chao.gao@intel.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Li, Xiaoyao" <xiaoyao.li@intel.com>,
"Huang, Kai" <kai.huang@intel.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"kas@kernel.org" <kas@kernel.org>,
"seanjc@google.com" <seanjc@google.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"Verma, Vishal L" <vishal.l.verma@intel.com>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"Weiny, Ira" <ira.weiny@intel.com>,
"tony.lindgren@linux.intel.com" <tony.lindgren@linux.intel.com>,
"Annapurve, Vishal" <vannapurve@google.com>,
"sagis@google.com" <sagis@google.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"tglx@kernel.org" <tglx@kernel.org>,
"paulmck@kernel.org" <paulmck@kernel.org>,
"bp@alien8.de" <bp@alien8.de>,
"yilun.xu@linux.intel.com" <yilun.xu@linux.intel.com>,
"dan.j.williams@intel.com" <dan.j.williams@intel.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v7 11/22] x86/virt/seamldr: Shut down the current TDX module
Date: Tue, 14 Apr 2026 18:09:41 +0800 [thread overview]
Message-ID: <ad4SZdlybWkLtLEm@intel.com> (raw)
In-Reply-To: <a50bb8a4d8c2bdcb0795eca4551567fb5a577215.camel@intel.com>
On Sat, Apr 11, 2026 at 09:35:32AM +0800, Edgecombe, Rick P wrote:
>On Tue, 2026-03-31 at 05:41 -0700, Chao Gao wrote:
>> The first step of TDX module updates is shutting down the current TDX
>> Module. This step also packs state information that needs to be
>> preserved across updates as handoff data, which will be consumed by the
>> updated module. The handoff data is stored internally in the SEAM range
>> and is hidden from the kernel.
>>
>> To ensure a successful update, the new module must be able to consume
>> the handoff data generated by the old module. Since handoff data layout
>> may change between modules, the handoff data is versioned. Each module
>> has a native handoff version and provides backward support for several
>> older versions.
>>
>> The complete handoff versioning protocol is complex as it supports both
>> module upgrades and downgrades. See details in Intel® Trust Domain
>> Extensions (Intel® TDX) Module Base Architecture Specification, Chapter
>> "Handoff Versioning".
>>
>> Ideally, the kernel needs to retrieve the handoff versions supported by
>> the current module and the new module and select a version supported by
>> both. But, since this implementation chooses to only support module
>> upgrades, simply request the current module to generate handoff data
>> using its highest supported version, expecting that the new module will
>> likely support it.
>
>I feel like somewhere it's missing what this patch does. It explains the
>reasoning for the handoff version selection, but nothing about implement
>"MODULE_UPDATE_SHUTDOWN" or anything like that.
Yes. How about:
Retrieve the module's handoff version from TDX global metadata and add an
update step to shut down the module. Module shutdown has global effect, so
it only needs to run on one CPU.
next prev parent reply other threads:[~2026-04-14 10:10 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-31 12:41 [PATCH v7 00/22] Runtime TDX module update support Chao Gao
2026-03-31 12:41 ` [PATCH v7 01/22] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2026-04-10 23:42 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 02/22] coco/tdx-host: Introduce a "tdx_host" device Chao Gao
2026-03-31 12:41 ` [PATCH v7 03/22] coco/tdx-host: Expose TDX module version Chao Gao
2026-03-31 12:41 ` [PATCH v7 04/22] x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs Chao Gao
2026-04-10 23:58 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 05/22] x86/virt/seamldr: Add a helper to retrieve P-SEAMLDR information Chao Gao
2026-04-11 0:13 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 06/22] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2026-03-31 14:58 ` Dave Hansen
2026-04-01 1:57 ` Chao Gao
2026-03-31 14:58 ` Dave Hansen
2026-04-01 2:25 ` Chao Gao
2026-04-13 19:08 ` Edgecombe, Rick P
2026-04-14 11:20 ` Chao Gao
2026-04-14 17:02 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 07/22] coco/tdx-host: Implement firmware upload sysfs ABI for TDX module updates Chao Gao
2026-03-31 15:04 ` Dave Hansen
2026-04-01 3:10 ` Chao Gao
2026-03-31 15:11 ` Dave Hansen
2026-04-01 7:49 ` Chao Gao
2026-04-11 0:26 ` Edgecombe, Rick P
2026-04-14 9:50 ` Chao Gao
2026-04-14 17:04 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 08/22] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2026-03-31 15:44 ` Dave Hansen
2026-04-01 8:27 ` Chao Gao
2026-04-11 0:33 ` Edgecombe, Rick P
2026-04-11 1:14 ` Edgecombe, Rick P
2026-04-14 9:43 ` Chao Gao
2026-04-14 17:37 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 09/22] x86/virt/seamldr: Introduce skeleton for TDX module updates Chao Gao
2026-04-07 11:49 ` Chao Gao
2026-04-07 15:55 ` Dave Hansen
2026-04-11 1:23 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2026-04-11 1:26 ` Edgecombe, Rick P
2026-04-14 9:59 ` Chao Gao
2026-04-14 17:41 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 11/22] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2026-04-07 11:51 ` Chao Gao
2026-04-11 1:35 ` Edgecombe, Rick P
2026-04-11 1:36 ` Edgecombe, Rick P
2026-04-14 10:09 ` Chao Gao [this message]
2026-04-14 17:34 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 12/22] x86/virt/tdx: Reset software states during TDX module shutdown Chao Gao
2026-04-07 12:02 ` Chao Gao
2026-04-11 1:56 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 13/22] x86/virt/seamldr: Install a new TDX module Chao Gao
2026-04-11 2:01 ` Edgecombe, Rick P
2026-04-14 10:19 ` Chao Gao
2026-04-14 17:35 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 14/22] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2026-04-11 2:03 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 15/22] x86/virt/tdx: Restore TDX module state Chao Gao
2026-04-07 12:07 ` Chao Gao
2026-04-11 2:06 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 16/22] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2026-04-07 12:15 ` Chao Gao
2026-04-07 15:53 ` Dave Hansen
2026-04-08 12:16 ` Chao Gao
2026-03-31 12:41 ` [PATCH v7 17/22] x86/virt/tdx: Avoid updates during update-sensitive operations Chao Gao
2026-04-06 22:29 ` Sean Christopherson
2026-04-14 19:58 ` Edgecombe, Rick P
2026-04-14 21:43 ` Dan Williams
2026-04-14 22:20 ` Edgecombe, Rick P
2026-04-15 0:36 ` Dan Williams
2026-04-15 0:52 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 18/22] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum Chao Gao
2026-04-13 19:28 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 19/22] x86/virt/tdx: Enable TDX module runtime updates Chao Gao
2026-04-13 19:40 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 20/22] coco/tdx-host: Document TDX module update compatibility criteria Chao Gao
2026-03-31 12:41 ` [PATCH v7 21/22] x86/virt/tdx: Document TDX module update Chao Gao
2026-04-13 19:54 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 22/22] x86/virt/seamldr: Log TDX module update failures Chao Gao
2026-04-13 20:04 ` Edgecombe, Rick P
2026-04-14 10:25 ` Chao Gao
2026-04-14 17:39 ` Edgecombe, Rick P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad4SZdlybWkLtLEm@intel.com \
--to=chao.gao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tony.lindgren@linux.intel.com \
--cc=vannapurve@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox