Re: [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway

Next message: Chao Gao: "Re: [PATCH v7 22/22] x86/virt/seamldr: Log TDX module update failures"
Previous message: OGAWA Hirofumi: "Re: [PATCH] kunit: fat: test cluster and directory i_pos layout helpers"
In reply to: Edgecombe, Rick P: "Re: [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chao Gao

Date: Tue Apr 14 2026 - 23:00:27 EST

On Wed, Apr 15, 2026 at 01:41:06AM +0800, Edgecombe, Rick P wrote:
>On Tue, 2026-04-14 at 17:59 +0800, Chao Gao wrote:
>> The main point is correctness, not saving time.
>>
>> If shutdown fails midway, the update is still recoverable — TDs can continue
>> running. But if we proceed to seamldr.install anyway, it becomes destructive.
>> Aborting early on shutdown failure preserves recoverability (this is needed to
>> handle races between updates and TD build/migration).
>>
>> If seamldr.install itself fails, it's already destructive, so aborting early
>> there just saves time. But using the same abort mechanism for both keeps the
>> error handling uniform.
>
>If it's non-required for "turning the lights on" it seems aligned with Dave's
>suggestion you highlighted to drop it from the series.

It is required for the shutdown case. Without early abort, a shutdown
failure (recoverable) proceeds to seamldr.install, escalating it to a
destructive failure. The race handling between TD build and updates
depends on shutdown failures being non-destructive so users can retry.