summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Neri <ricardo.neri-calderon@linux.intel.com>2026-03-05 02:41:21 +0300
committerDexuan Cui <decui@microsoft.com>2026-05-28 23:01:26 +0300
commit7a035678fc2bdee81881170764ef08a91a076147 (patch)
tree1899e5ab0cfbb3061796663be50ec7a627393a9e
parent80200341197a799fe39da4e9da61bde4d23ec7ec (diff)
downloadlinux-7a035678fc2bdee81881170764ef08a91a076147.tar.xz
x86/hyperv/vtl: Use the wakeup mailbox to boot secondary CPUs
The hypervisor is an untrusted entity for TDX guests. It cannot be used to boot secondary CPUs. The function hv_vtl_wakeup_secondary_cpu() cannot be used. Instead, the virtual firmware boots the secondary CPUs and places them in a state to transfer control to the kernel using the wakeup mailbox. The firmware enumerates the mailbox via either an ACPI table or a DeviceTree node. If the wakeup mailbox is present, the kernel updates the APIC callback wakeup_secondary_cpu_64() to use it. Reviewed-by: Dexuan Cui <decui@microsoft.com> Reviewed-by: Michael Kelley <mhklinux@outlook.com> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> Signed-off-by: Dexuan Cui <dexuan@kernel.org>
-rw-r--r--arch/x86/hyperv/hv_vtl.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
index 1e2f5b3ea772..07fac3d687c3 100644
--- a/arch/x86/hyperv/hv_vtl.c
+++ b/arch/x86/hyperv/hv_vtl.c
@@ -274,7 +274,15 @@ int __init hv_vtl_early_init(void)
panic("XSAVE has to be disabled as it is not supported by this module.\n"
"Please add 'noxsave' to the kernel command line.\n");
- apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
+ /*
+ * TDX confidential VMs do not trust the hypervisor and cannot use it to
+ * boot secondary CPUs. Instead, they will be booted using the wakeup
+ * mailbox if detected during boot. See setup_arch().
+ *
+ * There is no paravisor present if we are here.
+ */
+ if (!hv_isolation_type_tdx())
+ apic_update_callback(wakeup_secondary_cpu_64, hv_vtl_wakeup_secondary_cpu);
return 0;
}