From: Ricardo Neri <[email protected]> Sent: Saturday, May 3, 2025 12:15 PM > > The hypervisor is an untrusted entity for TDX guests. It cannot be used > to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot > be used. > > Instead, the virtual firmware boots the secondary CPUs and places them in > a state to transfer control to the kernel using the wakeup mailbox. > > The kernel updates the APIC callback wakeup_secondary_cpu_64() to use > the mailbox if detected early during boot (enumerated via either an ACPI > table or a DeviceTree node). > > Signed-off-by: Ricardo Neri <[email protected]> > --- > Changes since v2: > - Unconditionally use the wakeup mailbox in a TDX confidential VM. > (Michael). > - Edited the commit message for clarity. > > Changes since v1: > - None > --- > arch/x86/hyperv/hv_vtl.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c > index cd48bedd21f0..30a5a0c156c1 100644 > --- a/arch/x86/hyperv/hv_vtl.c > +++ b/arch/x86/hyperv/hv_vtl.c > @@ -299,7 +299,15 @@ int __init hv_vtl_early_init(void) > panic("XSAVE has to be disabled as it is not supported by this > module.\n" > "Please add 'noxsave' to the kernel command line.\n"); > > - apic_update_callback(wakeup_secondary_cpu_64, > hv_vtl_wakeup_secondary_cpu); > + /* > + * TDX confidential VMs do not trust the hypervisor and cannot use it to > + * boot secondary CPUs. Instead, they will be booted using the wakeup > + * mailbox if detected during boot. See setup_arch(). > + * > + * There is no paravisor present if we are here. > + */ > + if (!hv_isolation_type_tdx()) > + apic_update_callback(wakeup_secondary_cpu_64, > hv_vtl_wakeup_secondary_cpu); > > return 0; > } > -- > 2.43.0
Reviewed-by: Michael Kelley <[email protected]>
