1. Patchew
  2. linux
  3. [PATCH v3 00/26] Runtime TDX Module update support
  4. View patch

[PATCH v3 11/26] x86/virt/seamldr: Block TDX Module updates if any CPU is offline

Chao Gao posted 26 patches 2 weeks ago
[PATCH v3 11/26] x86/virt/seamldr: Block TDX Module updates if any CPU is offline
Posted by Chao Gao 2 weeks ago 
P-SEAMLDR requires every CPU to call the SEAMLDR.INSTALL SEAMCALL during
updates.  So, every CPU should be online.

Check if all CPUs are online and abort the update if any CPU is offline at
the very beginning. Without this check, P-SEAMLDR will report failure at a
later phase where the old TDX module is gone and TDs have to be killed.

Signed-off-by: Chao Gao <chao.gao@intel.com>
---
 arch/x86/virt/vmx/tdx/seamldr.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index af7a6621e5e0..88388aa0fb5f 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -6,6 +6,8 @@
  */
 #define pr_fmt(fmt)	"seamldr: " fmt
 
+#include <linux/cpuhplock.h>
+#include <linux/cpumask.h>
 #include <linux/irqflags.h>
 #include <linux/mm.h>
 #include <linux/types.h>
@@ -84,6 +86,12 @@ int seamldr_install_module(const u8 *data, u32 size)
 	if (!is_vmalloc_addr(data))
 		return -EINVAL;
 
+	guard(cpus_read_lock)();
+	if (!cpumask_equal(cpu_online_mask, cpu_present_mask)) {
+		pr_err("Cannot update TDX module if any CPU is offline\n");
+		return -EBUSY;
+	}
+
 	/* TODO: Update TDX Module here */
 	return 0;
 }
-- 
2.47.3
Re: [PATCH v3 11/26] x86/virt/seamldr: Block TDX Module updates if any CPU is offline
Posted by Xu Yilun 5 days, 5 hours ago 
On Fri, Jan 23, 2026 at 06:55:19AM -0800, Chao Gao wrote:
> P-SEAMLDR requires every CPU to call the SEAMLDR.INSTALL SEAMCALL during
> updates.  So, every CPU should be online.
> 
> Check if all CPUs are online and abort the update if any CPU is offline at
> the very beginning. Without this check, P-SEAMLDR will report failure at a
> later phase where the old TDX module is gone and TDs have to be killed.
> 
> Signed-off-by: Chao Gao <chao.gao@intel.com>

Reviewed-by: Xu Yilun <yilun.xu@linux.intel.com>
Re: [PATCH v3 11/26] x86/virt/seamldr: Block TDX Module updates if any CPU is offline
Posted by Tony Lindgren 1 week, 4 days ago 
On Fri, Jan 23, 2026 at 06:55:19AM -0800, Chao Gao wrote:
> P-SEAMLDR requires every CPU to call the SEAMLDR.INSTALL SEAMCALL during
> updates.  So, every CPU should be online.
> 
> Check if all CPUs are online and abort the update if any CPU is offline at
> the very beginning. Without this check, P-SEAMLDR will report failure at a
> later phase where the old TDX module is gone and TDs have to be killed.

Reviewed-by: Tony Lindgren <tony.lindgren@linux.intel.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.