Re: [PATCH v2 4/5] x86/tdx: Disable the TDX module during kexec and kdump

Next message: David Disseldorp: "Re: [PATCH v3 3/6] initramfs: Sort headers alphabetically"
Previous message: Srinivas Kandagatla: "[PATCH v7 04/13] ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens"
In reply to: Vishal Verma: "[PATCH v2 4/5] x86/tdx: Disable the TDX module during kexec and kdump"
Next in thread: Vishal Verma: "[PATCH v2 5/5] x86/virt/tdx: Remove kexec docs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Huang, Kai

Date: Mon Mar 23 2026 - 18:42:55 EST

On Mon, 2026-03-23 at 14:59 -0600, Vishal Verma wrote:
> Use the TDH.SYS.DISABLE SEAMCALL, which disables the TDX module,
> reclaims all memory resources assigned to TDX, and clears any
> partial-write induced poison, to allow kexec and kdump on platforms with
> the partial write errata.
>
> On TDX-capable platforms with the partial write erratum, kexec has been
> disabled because the new kernel could hit a machine check reading a
> previously poisoned memory location.
>
> Later TDX modules support TDH.SYS.DISABLE, which disables the module and
> reclaims all TDX memory resources, allowing the new kernel to re-initialize
> TDX from scratch. This operation also clears the old memory, cleaning up
> any poison.
>
> Add tdx_sys_disable() to tdx_shutdown(), which is called in the
> syscore_shutdown path for kexec. This is done just before tdx_shutdown()
> disables VMX on all CPUs.
>
> For kdump, call tdx_sys_disable() in the crash path before
> x86_virt_emergency_disable_virtualization_cpu() does VMXOFF.
>
> Since this clears any poison on TDX-managed memory, remove the
> X86_BUG_TDX_PW_MCE check in machine_kexec() that blocked kexec on
> partial write errata platforms.
>
> Co-developed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> Signed-off-by: Vishal Verma <vishal.l.verma@xxxxxxxxx>
>

Acked-by: Kai Huang <kai.huang@xxxxxxxxx>