Re: [PATCH v7 22/22] x86/virt/seamldr: Log TDX module update failures

[Edgecombe, Rick P]

On Tue, 2026-03-31 at 05:41 -0700, Chao Gao wrote:
> Currently, there is no way to restore a TDX module from shutdown state to
> running state. This means if errors occur after a successful module
> shutdown, they are unrecoverable since the old module is gone but the new
> module isn't installed. All subsequent SEAMCALLs to the TDX module will
> fail, so TDs will be killed due to SEAMCALL failures.
> 
> Log a message to clarify that SEAMCALL errors are expected in this
> scenario. This ensures that after update failures, the first message in
> dmesg explains the situation rather than showing confusing call traces from
> various code paths.

Why is this patch at the end? Is it not valid initial behavior?

> 
> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
> Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>
> Reviewed-by: Xu Yilun <yilun.xu@xxxxxxxxxxxxxxx>
> Acked-by: Kai Huang <kai.huang@xxxxxxxxx>
> ---
> v4:
>  - Use pr_warn_once() instead of reinventing it [Yilun]
> v3:
>  - Rephrase the changelog to eliminate the confusing uses of 'i.e.' and 'e.g.'
>    [Dave/Yilun]
> ---
>  arch/x86/virt/vmx/tdx/seamldr.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
> index b3f3b40627c3..a972f9ba6877 100644
> --- a/arch/x86/virt/vmx/tdx/seamldr.c
> +++ b/arch/x86/virt/vmx/tdx/seamldr.c
> @@ -252,6 +252,11 @@ static void ack_state(void)
>  		set_target_state(update_data.state + 1);
>  }
>  
> +static void print_update_failure_message(void)
> +{
> +	pr_err_once("update failed, SEAMCALLs will report failure until TDs killed\n");
> +}

Ehh, it seems ok. But is very KVM specific. I guess TDX connect will need to
update the message. The sys disable will fail too. But it does communicate the
main current actionable step for users.

Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>

> +
>  /*
>   * See multi_cpu_stop() from where this multi-cpu state-machine was
>   * adopted, and the rationale for touch_nmi_watchdog().
> @@ -291,10 +296,13 @@ static int do_seamldr_install_module(void *seamldr_params)
>  				break;
>  			}
>  
> -			if (ret)
> +			if (ret) {
>  				WRITE_ONCE(update_data.failed, true);
> -			else
> +				if (curstate > MODULE_UPDATE_SHUTDOWN)
> +					print_update_failure_message();
> +			} else {
>  				ack_state();
> +			}
>  		} else {
>  			touch_nmi_watchdog();
>  			rcu_momentary_eqs();