Re: [PATCH v2 3/5] x86/virt/tdx: Add SEAMCALL wrapper for TDH.SYS.DISABLE

[Verma, Vishal L]

On Mon, 2026-03-23 at 14:59 -0600, Vishal Verma wrote:
> 
[..]
> +void tdx_sys_disable(void)
> +{
> +	struct tdx_module_args args = {};
> +	u64 ret;
> +
> +	/*
> +	 * Don't loop forever.
> +	 *  - TDX_INTERRUPTED_RESUMABLE guarantees forward progress between
> +	 *    calls.
> +	 *  - TDX_SYS_BUSY could transiently contend with TDH.SYS.* SEAMCALLs,
> +	 *    but will lock out future ones.
> +	 *
> +	 * This is a 'destructive' SEAMCALL, in that no other SEAMCALL can be
> +	 * run after this until a full reinitialization is done.
> +	 */
> +	do {
> +		ret = seamcall(TDH_SYS_DISABLE, &args);
> +	} while (ret == TDX_INTERRUPTED_RESUMABLE || ret == TDX_SYS_BUSY);
> +
> +	/*
> +	 * Print SEAMCALL failures, but not SW-defined error codes
> +	 * (SEAMCALL faulted with #GP/#UD, TDX not supported).
> +	 */
> +	if (ret && (ret & TDX_SW_ERROR) != TDX_SW_ERROR)
> +		pr_err("TDH.SYS.DISABLE failed: 0x%016llx\n", ret);
> +}

Note - old TDX modules that don't implement this SEAMCALL produce a
message like:

  virt/tdx: TDH.SYS.DISABLE failed: 0xc000010000000000

Where that code translates to TDX_OPERAND_INVALID.
This also serves as a nudge that the module should be updated.

It might be worth including a blurb about this in the commit message -
something like below. This could be included when applying, or I can
send an updated version with this if it is acceptable.

---

An error is printed if the SEAMCALL fails with anything other than the
error codes that cause retries, or 'synthesized' error codes produced
for #GP or #UD. e.g., an old module that has been properly initialized,
that doesn't implement SYS_DISABLE, returns TDX_OPERAND_INVALID. This
prints:

  virt/tdx: TDH.SYS.DISABLE failed: 0xc000010000000000

But a system that doesn't have any TDX support at all doesn't print
anything.