From: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx> Sent: Saturday, May 3, 2025 12:15 PM
>
> The hypervisor is an untrusted entity for TDX guests. It cannot be used
> to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot
> be used.
>
> Instead, the virtual firmware boots the secondary CPUs and places them in
> a state to transfer control to the kernel using the wakeup mailbox.
>
> The kernel updates the APIC callback wakeup_secondary_cpu_64() to use
> the mailbox if detected early during boot (enumerated via either an ACPI
> table or a DeviceTree node).
>
> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@xxxxxxxxxxxxxxx>
> ---
> Changes since v2:
> - Unconditionally use the wakeup mailbox in a TDX confidential VM.
> (Michael).
> - Edited the commit message for clarity.
>
> Changes since v1:
> - None
> ---
> arch/x86/hyperv/hv_vtl.c | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
> index cd48bedd21f0..30a5a0c156c1 100644
> --- a/arch/x86/hyperv/hv_vtl.c
> +++ b/arch/x86/hyperv/hv_vtl.c
> @@ -299,7 +299,15 @@ int __init hv_vtl_early_init(void)
> panic("XSAVE has to be disabled as it is not supported by this module.\n"
> "Please add 'noxsave' to the kernel command line.\n");
>
> - apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
> + /*
> + * TDX confidential VMs do not trust the hypervisor and cannot use it to
> + * boot secondary CPUs. Instead, they will be booted using the wakeup
> + * mailbox if detected during boot. See setup_arch().
> + *
> + * There is no paravisor present if we are here.
> + */
> + if (!hv_isolation_type_tdx())
> + apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
>
> return 0;
> }
> --
> 2.43.0
Reviewed-by: Michael Kelley <mhklinux@xxxxxxxxxxx>
