> > > > > > > Good point. Thanks! > > > > Based on my understanding, it should be OK to skip tdx_reset_memory() > > (or better > > to) when preserve_context is on. The second kernel shouldn't touch > > first > > kernel's memory anyway otherwise it may corrupt the first kernel > > state (if it > > does this maliciously or accidentally, then the first kernel isn't > > guaranteed to > > work anyway). > > I think it may read the memory, is it ok? Read is fine. Only "partial write" can poison the memory. [...] > > > Not the most beautiful ifdeffery, I'd just duplicate the > tdx_reset_memory() call. But not a strong opinion. > Refined to below. Let me know if you have any further comments? --- a/arch/x86/kernel/machine_kexec_64.c +++ b/arch/x86/kernel/machine_kexec_64.c @@ -307,12 +307,19 @@ void machine_kexec(struct kimage *image) * all TDX private pages need to be converted back to normal * before booting to the new kernel, otherwise the new kernel * may get unexpected machine check. + * + * But skip this when preserve_context is on. The second kernel + * shouldn't write to the first kernel's memory anyway. Skipping + * this also avoids killing TDX in the first kernel, which would + * require more complicated handling. */ - tdx_reset_memory(); - #ifdef CONFIG_KEXEC_JUMP if (image->preserve_context) save_processor_state(); + else + tdx_reset_memory(); +#else + tdx_reset_memory(); #endif