[PATCH 0/4] Fuller TDX kexec support

[Rick Edgecombe]

Hi,

This series adds a couple of cool things -
 1. Allow kexec and kdump on systems with the partial write errata
 2. Allow using TDX in the second (kexec'ed) kernel
 
It has been waiting for VMXON refactor to land because the implementation 
is much cleaner on top of that. The series was mostly done by Vishal, 
however for scheduling reasons I'm posting it on his behalf. I can handle 
all questions/comments for the time being. So it's ready for review.

KVM folks, just a few deletions on your side and the long discussed moving 
of tdx_errno.h. Tip folks and reviewers, the changes here are pretty small. 
Optimistically, I'm hoping we can iterate this quickly and see it off the
list in the next few weeks.

Background
==========
Some early TDX-capable platforms have an erratum where a partial write
to TDX private memory can cause a machine check on a subsequent read.
Currently, kexec and kdump are disabled on these platforms because the
new (or kdump) kernel may trip over these, causing a machine check.

Future TDX modules will support TDH.SYS.DISABLE SEAMCALL, which disables
the TDX module and reclaims all memory resources allocated to TDX, and
cleans up any poison. After this SEAMCALL succeeds, the new kernel
can also re-initialize the TDX module from scratch via the normal bring-up
sequence.

It is probably worth mentioning that this is a different kind of cleanup 
than the WBINVD stuff that was the cause of all the fuss in the earlier 
kexec enabling. The WBINVD is flushing private keyid cachelines so they 
are not later written back over the new kernels memory. It needs to happen 
after the last SEAMCALL that might have produced them. So this new 
SEAMCALL is for something else, but also needs to be slotted with respect 
to WBINVD.

Implementation
==============
The series adds:

 1. A pre-requisite patch to move TDX error code definitions to a
    shared location so that TDX_INTERRUPTED_RESUMABLE etc. are
    accessible from arch/x86/virt/vmx/tdx/. This comes from the Dynamic
    PAMT series [0], but is also needed by some other series, and can
    benefit them all from an early merge.

 2. A preparatory patch to move some straggling stuff into arch/x86 in the
    wake of the VMXON series.

 3. A tdx_sys_disable() helper that wraps calls TDH.SYS.DISABLE with a
    retry loop to handle TDX_INTERRUPTED_RESUMABLE.

 4. Integration into the kexec path: Remove the check for partial write
    errata platforms as this is addressed by the SEAMCALL clearing any
    poisoned memory locations. Call tdx_sys_disable() in tdx_shutdown
    which is called via syscore ops in the kexec path. Call
    tdx_sys_disable() in native_machine_crash_shutdown() to cover the
    crash (kdump) path.

Testing
=======
The new SEAMCALL has NOT been implemented in a TDX module yet. The
implementation is based on the draft TDX module spec available at [1].

Testing was limited to the TDX CI, and a basic kexec test. The code needs 
to be robust to the TDX module not containing the feature, so this 
effectively serves as regression test. During development further testing 
was done by mocking up the new SEAMCALL to introduce delays and exercise 
the retry loops, combined with kexec, kdump, reboot and shutdown flows.

Base
====
This series is based on the vmxon branch Sean pushed to kvm_x86, 
kvm-x86-vmxon-2026.03.05.

[0]: https://lore.kernel.org/kvm/20260129011517.3545883-11-seanjc@xxxxxxxxxx/
[1]: https://cdrdv2.intel.com/v1/dl/getContent/871617

Kiryl Shutsemau (1):
  x86/tdx: Move all TDX error defines into <asm/shared/tdx_errno.h>

Rick Edgecombe (1):
  x86/virt/tdx: Pull kexec cache flush logic into arch/x86

Vishal Verma (2):
  x86/virt/tdx: Add SEAMCALL wrapper for TDH.SYS.DISABLE
  KVM: x86: Disable the TDX module during kexec and kdump

 arch/x86/include/asm/shared/tdx.h             |  1 +
 .../vmx => include/asm/shared}/tdx_errno.h    | 27 +++++++++--
 arch/x86/include/asm/tdx.h                    | 29 ++----------
 arch/x86/kernel/crash.c                       |  2 +
 arch/x86/kernel/machine_kexec_64.c            | 16 -------
 arch/x86/kvm/vmx/tdx.c                        | 10 ----
 arch/x86/kvm/vmx/tdx.h                        |  1 -
 arch/x86/virt/vmx/tdx/tdx.c                   | 46 +++++++++++++------
 arch/x86/virt/vmx/tdx/tdx.h                   |  1 +
 9 files changed, 62 insertions(+), 71 deletions(-)
 rename arch/x86/{kvm/vmx => include/asm/shared}/tdx_errno.h (65%)

-- 
2.53.0