[GIT PULL] x86/tdx for 7.2-rc1

[Dave Hansen]

Hi Linus,

Please pull some x86/tdx changes for 7.2-rc1. There are a few cleanups,
and some changes that should allow TDX and kexec to coexist nicely.

The biggest change, however, is support for updating the TDX module
after boot, just like CPU microcode. TDX users really want this
because it lets them do security updates without tearing things down
and rebooting. The commits here are younger than normal: ~2 weeks
old. I botched some of the Link: tags when applying and did not fix it
up until 2 weeks ago. All the content except the Documentation patch
on the end is much more mature than 2 weeks.

--

The following changes since commit 254f49634ee16a731174d2ae34bc50bd5f45e731:

  Linux 7.1-rc1 (2026-04-26 14:19:00 -0700)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_7.2-rc1

for you to fetch changes up to 2b9ad7a6154e0938b9458691536296dd0224942d:

  x86/virt/tdx: Document TDX module update (2026-06-05 14:18:37 -0700)

----------------------------------------------------------------
 * Add TDX module update support
 * Make kexec and TDX finally place nice together
 * Put TDX error codes into a single header

----------------------------------------------------------------
Chao Gao (22):
      x86/virt/tdx: Clarify try_init_module_global() result caching
      x86/virt/tdx: Move TDX global initialization states to file scope
      x86/virt/tdx: Consolidate TDX global initialization states
      x86/virt/tdx: Move TDX_FEATURES0 bits to asm/tdx.h
      coco/tdx-host: Introduce a "tdx_host" device
      coco/tdx-host: Expose TDX module version
      x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs
      x86/virt/seamldr: Add a helper to retrieve P-SEAMLDR information
      coco/tdx-host: Expose P-SEAMLDR information via sysfs
      coco/tdx-host: Don't expose P-SEAMLDR information on CPUs with erratum
      coco/tdx-host: Implement firmware upload sysfs ABI for TDX module updates
      x86/virt/seamldr: Allocate and populate a module update request
      x86/virt/seamldr: Introduce skeleton for TDX module updates
      x86/virt/seamldr: Abort updates after a failed step
      x86/virt/seamldr: Shut down the current TDX module
      x86/virt/tdx: Reset software states during TDX module shutdown
      x86/virt/seamldr: Install a new TDX module
      x86/virt/seamldr: Initialize the newly-installed TDX module
      x86/virt/tdx: Restore TDX module state
      x86/virt/tdx: Refresh TDX module version after update
      x86/virt/tdx: Enable TDX module runtime updates
      x86/virt/tdx: Document TDX module update

Dave Hansen (2):
      x86/virt/seamldr: Add module update locking
      coco/tdx-host: Lock out module updates when reading version

Kai Huang (1):
      x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h>

Kiryl Shutsemau (1):
      x86/tdx: Move TDX architectural error codes into <asm/shared/tdx_errno.h>

Rick Edgecombe (2):
      x86/virt/tdx: Pull kexec cache flush logic into arch/x86
      x86/virt/tdx: Remove kexec docs

Vishal Verma (2):
      x86/virt/tdx: Add SEAMCALL wrapper for TDH.SYS.DISABLE
      x86/tdx: Disable the TDX module during kexec and kdump

 .../ABI/testing/sysfs-devices-faux-tdx-host        |  26 ++
 Documentation/arch/x86/tdx.rst                     | 134 +++++++-
 arch/x86/include/asm/cpufeatures.h                 |   1 +
 arch/x86/include/asm/seamldr.h                     |  38 +++
 arch/x86/include/asm/shared/tdx.h                  |   1 +
 .../{kvm/vmx => include/asm/shared}/tdx_errno.h    |   8 +-
 arch/x86/include/asm/tdx.h                         |  70 +---
 arch/x86/include/asm/tdx_global_metadata.h         |   4 +
 arch/x86/include/asm/vmx.h                         |   1 +
 arch/x86/kernel/crash.c                            |   2 +
 arch/x86/kernel/machine_kexec_64.c                 |  16 -
 arch/x86/kvm/vmx/tdx.c                             |  10 -
 arch/x86/kvm/vmx/tdx.h                             |   1 -
 arch/x86/virt/vmx/tdx/Makefile                     |   2 +-
 arch/x86/virt/vmx/tdx/seamcall_internal.h          | 109 ++++++
 arch/x86/virt/vmx/tdx/seamldr.c                    | 368 +++++++++++++++++++++
 arch/x86/virt/vmx/tdx/tdx.c                        | 219 ++++++++----
 arch/x86/virt/vmx/tdx/tdx.h                        |   9 +-
 arch/x86/virt/vmx/tdx/tdx_global_metadata.c        |  17 +-
 drivers/virt/coco/Kconfig                          |   2 +
 drivers/virt/coco/Makefile                         |   1 +
 drivers/virt/coco/tdx-host/Kconfig                 |   6 +
 drivers/virt/coco/tdx-host/Makefile                |   1 +
 drivers/virt/coco/tdx-host/tdx-host.c              | 239 +++++++++++++
 24 files changed, 1118 insertions(+), 167 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-devices-faux-tdx-host
 create mode 100644 arch/x86/include/asm/seamldr.h
 rename arch/x86/{kvm/vmx => include/asm/shared}/tdx_errno.h (90%)
 create mode 100644 arch/x86/virt/vmx/tdx/seamcall_internal.h
 create mode 100644 arch/x86/virt/vmx/tdx/seamldr.c
 create mode 100644 drivers/virt/coco/tdx-host/Kconfig
 create mode 100644 drivers/virt/coco/tdx-host/Makefile
 create mode 100644 drivers/virt/coco/tdx-host/tdx-host.c