The TDX Module update process has multiple stages, each of which may
encounter failures.
The current state machine of updates proceeds to the next stage
regardless of errors. But continuing updates when errors occur midway
is pointless.
If a CPU encounters an error, abort the update by setting a flag and
exiting the execution loop. Note that this CPU doesn't acknowledge the
current stage. This will keep all other CPUs in the current stage until
they see the flag and exit the loop as well.
Signed-off-by: Chao Gao <chao.gao@intel.com>
Tested-by: Farrah Chen <farrah.chen@intel.com>
---
v3:
- Instead of fast-forward to the final stage, exit the execution loop
directly.
---
arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index 06080c648b02..a13d526b38a7 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -239,6 +239,7 @@ enum tdp_state {
static struct {
enum tdp_state state;
atomic_t thread_ack;
+ atomic_t failed;
} tdp_data;
static void set_target_state(enum tdp_state state)
@@ -277,12 +278,16 @@ static int do_seamldr_install_module(void *params)
default:
break;
}
- ack_state();
+
+ if (ret)
+ atomic_inc(&tdp_data.failed);
+ else
+ ack_state();
} else {
touch_nmi_watchdog();
rcu_momentary_eqs();
}
- } while (curstate != TDP_DONE);
+ } while (curstate != TDP_DONE && !atomic_read(&tdp_data.failed));
return ret;
}
@@ -323,6 +328,7 @@ int seamldr_install_module(const u8 *data, u32 size)
return -EBUSY;
}
+ atomic_set(&tdp_data.failed, 0);
set_target_state(TDP_START + 1);
ret = stop_machine_cpuslocked(do_seamldr_install_module, params, cpu_online_mask);
if (ret)
--
2.47.3