Re: [PATCH v7 12/22] x86/virt/tdx: Reset software states during TDX module shutdown
From: Chao Gao
Date: Tue Apr 07 2026 - 08:03:07 EST
> int tdx_module_shutdown(void)
> {
> struct tdx_module_args args = {};
>+ int ret, cpu;
>
> /*
> * Shut down the TDX module and prepare handoff data for the next
>@@ -1188,7 +1189,31 @@ int tdx_module_shutdown(void)
> * modules as new modules likely have higher handoff version.
> */
> args.rcx = tdx_sysinfo.handoff.module_hv;
>- return seamcall_prerr(TDH_SYS_SHUTDOWN, &args);
>+ ret = seamcall_prerr(TDH_SYS_SHUTDOWN, &args);
>+ if (ret)
>+ return ret;
>+
>+ /*
>+ * Mark the module is unavailable (in ERROR status) to prevent
>+ * re-initialization and tdx_sysinfo reporting. Note the status
>+ * will be restored after a successful update.
>+ *
>+ * No need to acquire tdx_module_lock here since this runs in
>+ * stop_machine() where no concurrent initialization can occur.
>+ */
>+ tdx_module_status = TDX_MODULE_ERROR;
>+ sysinit_done = false;
>+ sysinit_ret = 0;
>+
>+ /*
>+ * Since the TDX module is shut down and gone, mark all CPUs
>+ * (including offlined ones) as uninitialized. This is called in
>+ * stop_machine() (where CPU hotplug is disabled), preventing
>+ * races with other tdx_lp_initialized accesses.
>+ */
>+ for_each_possible_cpu(cpu)
>+ per_cpu(tdx_lp_initialized, cpu) = false;
I would like to merge the two comments and make them more concise:
/*
* Clear global and per-CPU initialization flags so the new module
* can be fully re-initialized after a successful update. The ERROR
* status prevents re-init if the update ultimately fails.
*
* No locks needed as no concurrent accesses can occur here.
*/
tdx_module_status = TDX_MODULE_ERROR;
sysinit_done = false;
sysinit_ret = 0;
for_each_possible_cpu(cpu)
per_cpu(tdx_lp_initialized, cpu) = false;
>+ return 0;
> }
>
> static bool is_pamt_page(unsigned long phys)
>--
>2.47.3
>