[PATCH v6 10/22] x86/virt/seamldr: Abort updates if errors occurred midway
From: Chao Gao
Date: Thu Mar 26 2026 - 04:51:21 EST
The TDX module update process has multiple steps, each of which may
encounter failures.
The current state machine of updates proceeds to the next step regardless
of errors. But continuing updates when errors occur midway is pointless.
Abort the update by setting a flag to indicate that a CPU has encountered
an error, forcing all CPUs to exit the execution loop. Note that failing
CPUs do not acknowledge the current step. This keeps all other CPUs waiting
in the current step (since advancing to the next step requires all CPUs to
acknowledge the current step) until they detect the fault flag and exit the
loop.
Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
Reviewed-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>
Reviewed-by: Kai Huang <kai.huang@xxxxxxxxx>
---
v6:
- change failure indicator from int to boolean [Kiryl]
- replace lock with WRITE_ONCE for @failed [Kiryl]
v5:
- Replace failed count from atomic_t to int since it's now protected by
a lock.
v3:
- Instead of fast-forward to the final stage, exit the execution loop
directly.
---
arch/x86/virt/vmx/tdx/seamldr.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index ed6a092b11e2..771671b7755b 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -196,6 +196,7 @@ enum module_update_state {
static struct {
enum module_update_state state;
int thread_ack;
+ bool failed;
/*
* Protect update_data. Raw spinlock as it will be acquired from
* interrupt-disabled contexts.
@@ -243,12 +244,15 @@ static int do_seamldr_install_module(void *seamldr_params)
break;
}
- ack_state();
+ if (ret)
+ WRITE_ONCE(update_data.failed, true);
+ else
+ ack_state();
} else {
touch_nmi_watchdog();
rcu_momentary_eqs();
}
- } while (curstate != MODULE_UPDATE_DONE);
+ } while (curstate != MODULE_UPDATE_DONE && !READ_ONCE(update_data.failed));
return ret;
}
@@ -270,6 +274,7 @@ int seamldr_install_module(const u8 *data, u32 size)
if (IS_ERR(params))
return PTR_ERR(params);
+ update_data.failed = false;
set_target_state(MODULE_UPDATE_START + 1);
return stop_machine(do_seamldr_install_module, params, cpu_online_mask);
}
--
2.47.3