> > >
> >
> > Good point. Thanks!
> >
> > Based on my understanding, it should be OK to skip tdx_reset_memory()
> > (or better
> > to) when preserve_context is on. The second kernel shouldn't touch
> > first
> > kernel's memory anyway otherwise it may corrupt the first kernel
> > state (if it
> > does this maliciously or accidentally, then the first kernel isn't
> > guaranteed to
> > work anyway).
>
> I think it may read the memory, is it ok?
Read is fine. Only "partial write" can poison the memory.
[...]
>
>
> Not the most beautiful ifdeffery, I'd just duplicate the
> tdx_reset_memory() call. But not a strong opinion.
>
Refined to below. Let me know if you have any further comments?
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -307,12 +307,19 @@ void machine_kexec(struct kimage *image)
* all TDX private pages need to be converted back to normal
* before booting to the new kernel, otherwise the new kernel
* may get unexpected machine check.
+ *
+ * But skip this when preserve_context is on. The second kernel
+ * shouldn't write to the first kernel's memory anyway. Skipping
+ * this also avoids killing TDX in the first kernel, which would
+ * require more complicated handling.
*/
- tdx_reset_memory();
-
#ifdef CONFIG_KEXEC_JUMP
if (image->preserve_context)
save_processor_state();
+ else
+ tdx_reset_memory();
+#else
+ tdx_reset_memory();
#endif
