Re: [PATCH v4 24/24] [NOT-FOR-REVIEW] x86/virt/seamldr: Save and restore current VMCS
From: Huang, Kai
Date: Wed Mar 11 2026 - 18:07:57 EST
> static const struct x86_cpu_id tdx_host_ids[] = {
> X86_MATCH_FEATURE(X86_FEATURE_TDX_HOST_PLATFORM, NULL),
> @@ -175,6 +177,7 @@ static int seamldr_init(struct device *dev)
> {
> const struct tdx_sys_info *tdx_sysinfo = tdx_get_sysinfo();
> struct fw_upload *tdx_fwl;
> + u64 basic_msr;
>
> if (WARN_ON_ONCE(!tdx_sysinfo))
> return -EIO;
> @@ -182,6 +185,15 @@ static int seamldr_init(struct device *dev)
> if (!tdx_supports_runtime_update(tdx_sysinfo))
> return 0;
>
> + /*
> + * Some TDX-capable CPUs have an erratum where the current VMCS may
> + * be cleared after calling into P-SEAMLDR. Ensure no such erratum
> + * exists before exposing any P-SEAMLDR functions.
> + */
> + rdmsrq(MSR_IA32_VMX_BASIC, basic_msr);
> + if (!(basic_msr & VMX_BASIC_PRESERVE_CURRENT_VMCS))
> + return 0;
> +
IIUC this silently disables runtime update and user won't be able to have
any clue to tell what went wrong (while the user can see the module supports
this feature and apparently the kernel should support it)?
Since we already have a X86_BUG_TDX_PW_MCE which is detected during kernel
boot in tdx_init(), shouldn't we just follow so that the user can at least
see the CPU has this erratum?
Another advantage is, if in the future some other kernel code needs to know
this erratum, it can just consult this flag.
And btw,
Which code base was this patch generated? If I read correctly, in this
series seamldr_init() is a void function but doesn't return anything.