Re: [PATCH v4 18/24] x86/virt/tdx: Restore TDX Module state

Next message: Usama Arif: "Re: [PATCH] mm/migrate_device: fix folio refcount leak on folio_split_unmapped failure"
Previous message: Alex Williamson: "Re: [PATCH RFC v2 13/15] vfio/nvgrace-egm: expose the egm size through sysfs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Huang, Kai

Date: Wed Mar 04 2026 - 18:25:00 EST

On Thu, 2026-02-12 at 06:35 -0800, Chao Gao wrote:
> TDX Module state was packed as handoff data during module shutdown. After
> per-CPU initialization, the new module can restore TDX Module state from
> handoff data to preserve running TDs.
>
> Once the restoration is done, the TDX Module update is complete, which
> means the new module is ready to handle requests from the host and guests.
>
> Implement the new TDH.SYS.UPDATE SEAMCALL to restore TDX Module state
> and invoke it for one CPU.

Nit:

"for one CPU" -> "on one CPU since it only needs to be called once".

>
> Note that Intel® Trust Domain Extensions (Intel® TDX) Module Base
> Architecture Specification, Revision 348549-007, Chapter 4.5.5 states:
>
> If TDH.SYS.UPDATE returns an error, then the host VMM can continue
> with the non-update sequence (TDH.SYS.CONFIG, 15 TDH.SYS.KEY.CONFIG
> etc.). In this case all existing TDs are lost. Alternatively, the host
> VMM can request the P-SEAMLDR to update to another TDX Module. If that
> update is successful, existing TDs are preserved
>
> The two alternative error handling approaches are not implemented due to
> their complexity and unclear benefits.

Nit: use imperative mode:

Don't implement the two alternative ... due to ...

>
> Also note that the location and the format of handoff data is defined by
> the TDX Module. The new module knows where to get handoff data and how
> to parse it. The kernel doesn't need to provide its location, format etc.
>
> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
> Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>

Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>