Re: [PATCH v3 13/13] x86/hyperv/vtl: Use the wakeup mailbox to boot secondary CPUs

Fri, 23 May 2025 17:26:27 -0700 

On Tue, May 20, 2025 at 01:35:02AM +0000, Michael Kelley wrote:
> From: Ricardo Neri <ricardo.neri-calde...@linux.intel.com> Sent: Saturday, 
> May 3, 2025 12:15 PM
> > 
> > The hypervisor is an untrusted entity for TDX guests. It cannot be used
> > to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot
> > be used.
> > 
> > Instead, the virtual firmware boots the secondary CPUs and places them in
> > a state to transfer control to the kernel using the wakeup mailbox.
> > 
> > The kernel updates the APIC callback wakeup_secondary_cpu_64() to use
> > the mailbox if detected early during boot (enumerated via either an ACPI
> > table or a DeviceTree node).
> > 
> > Signed-off-by: Ricardo Neri <ricardo.neri-calde...@linux.intel.com>
> > ---
> > Changes since v2:
> >  - Unconditionally use the wakeup mailbox in a TDX confidential VM.
> >    (Michael).
> >  - Edited the commit message for clarity.
> > 
> > Changes since v1:
> >  - None
> > ---
> >  arch/x86/hyperv/hv_vtl.c | 10 +++++++++-
> >  1 file changed, 9 insertions(+), 1 deletion(-)
> > 
> > diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
> > index cd48bedd21f0..30a5a0c156c1 100644
> > --- a/arch/x86/hyperv/hv_vtl.c
> > +++ b/arch/x86/hyperv/hv_vtl.c
> > @@ -299,7 +299,15 @@ int __init hv_vtl_early_init(void)
> >             panic("XSAVE has to be disabled as it is not supported by this 
> > module.\n"
> >                       "Please add 'noxsave' to the kernel command line.\n");
> > 
> > -   apic_update_callback(wakeup_secondary_cpu_64, 
> > hv_vtl_wakeup_secondary_cpu);
> > +   /*
> > +    * TDX confidential VMs do not trust the hypervisor and cannot use it to
> > +    * boot secondary CPUs. Instead, they will be booted using the wakeup
> > +    * mailbox if detected during boot. See setup_arch().
> > +    *
> > +    * There is no paravisor present if we are here.
> > +    */
> > +   if (!hv_isolation_type_tdx())
> > +           apic_update_callback(wakeup_secondary_cpu_64, 
> > hv_vtl_wakeup_secondary_cpu);
> > 
> >     return 0;
> >  }
> > --
> > 2.43.0
> 
> Reviewed-by: Michael Kelley <mhkli...@outlook.com>

Thank you very much for your review!

Reply via email to