From nobody Sat Feb 7 08:27:20 2026 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82C1F352FB7; Fri, 23 Jan 2026 15:00:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180433; cv=none; b=IjoWkmCKDu8wLXdQiFyZVYR6VPXf9HhwxsaMeYPhjYk5HQmwjBskB8YmXFse9Ge+ZHpVLaOJI41nw3wgXu0m6GKrFxXf8bZ3XZjO3sIgQDW9X19FSFhl4/IwK7skePk0SaPsbeF1IzVyoOtEboRAZiG66W7NTrsmcw5EUvnRyAA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769180433; c=relaxed/simple; bh=a3gRMZp+tq9HMVyIh/sGo+Ksja88/ptZZkRDwyCC7Tk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=r1l+1yYjYgNTYpxHeAZXrJDyT6m8uC+jQ6a8Q8GmUF/avdDtLo0nFQ9pO8ENA+0W7g4pTHdbK2p/DhAuKAYGqgImJ2dhgDIFVbwc0f1Uo7FoGlINaFOzf0mcKRqRDKVwQ43z1l4iFtazIs2sFV6yLIyvOLbmsp37wTnyy8EP+L4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=VFLyRaKo; arc=none smtp.client-ip=192.198.163.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="VFLyRaKo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769180431; x=1800716431; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=a3gRMZp+tq9HMVyIh/sGo+Ksja88/ptZZkRDwyCC7Tk=; b=VFLyRaKotoleROn3GXF6R76gfnr38iMSirec32Qa44nXxSVSZoxZd+Ag JW5Mo+9YKN+7KoQQq+/skEew57ip6kKw6QirypvoV7wnDQ/8ahmkNqgyG 8hE0ivtX9SZdHNeikxFDTHkjJacOZsRdoCEmYyT2m01H4rQ5b5yo6LN7F lvEfYe3jPxEPz3zDhFOusLGlsFZJva3BZwGSMwy7cVzsMdWLJF6MpQKev Wx/U1Jbwe+TzHv2Qtdj1tyeyIKjYeuEfTpV5D2Rynv7nM6XWJXkdl8Kch GP9uY9xh4gF4TZPqPw2kGYIp5gpZ6X+wve3mp56y0YGg064ygxyO5N3lK w==; X-CSE-ConnectionGUID: jEf/q4uBSduqE8nLqpHf3Q== X-CSE-MsgGUID: /16jzDCYSPWAsfvu6zdysw== X-IronPort-AV: E=McAfee;i="6800,10657,11680"; a="70334449" X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="70334449" Received: from orviesa002.jf.intel.com ([10.64.159.142]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:16 -0800 X-CSE-ConnectionGUID: kmAe1EgEQ5O/iDp+Qpefww== X-CSE-MsgGUID: grWDjCIcQ9WFEeV6fbbRmw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="237697156" Received: from 984fee019967.jf.intel.com ([10.23.153.244]) by orviesa002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 07:00:16 -0800 From: Chao Gao To: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, x86@kernel.org Cc: reinette.chatre@intel.com, ira.weiny@intel.com, kai.huang@intel.com, dan.j.williams@intel.com, yilun.xu@linux.intel.com, sagis@google.com, vannapurve@google.com, paulmck@kernel.org, nik.borisov@suse.com, zhenzhong.duan@intel.com, seanjc@google.com, rick.p.edgecombe@intel.com, kas@kernel.org, dave.hansen@linux.intel.com, vishal.l.verma@intel.com, Chao Gao , Farrah Chen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" Subject: [PATCH v3 15/26] x86/virt/seamldr: Abort updates if errors occurred midway Date: Fri, 23 Jan 2026 06:55:23 -0800 Message-ID: <20260123145645.90444-16-chao.gao@intel.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260123145645.90444-1-chao.gao@intel.com> References: <20260123145645.90444-1-chao.gao@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The TDX Module update process has multiple stages, each of which may encounter failures. The current state machine of updates proceeds to the next stage regardless of errors. But continuing updates when errors occur midway is pointless. If a CPU encounters an error, abort the update by setting a flag and exiting the execution loop. Note that this CPU doesn't acknowledge the current stage. This will keep all other CPUs in the current stage until they see the flag and exit the loop as well. Signed-off-by: Chao Gao Tested-by: Farrah Chen Reviewed-by: Tony Lindgren Reviewed-by: Xu Yilun --- v3: - Instead of fast-forward to the final stage, exit the execution loop directly. --- arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamld= r.c index 06080c648b02..a13d526b38a7 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -239,6 +239,7 @@ enum tdp_state { static struct { enum tdp_state state; atomic_t thread_ack; + atomic_t failed; } tdp_data; =20 static void set_target_state(enum tdp_state state) @@ -277,12 +278,16 @@ static int do_seamldr_install_module(void *params) default: break; } - ack_state(); + + if (ret) + atomic_inc(&tdp_data.failed); + else + ack_state(); } else { touch_nmi_watchdog(); rcu_momentary_eqs(); } - } while (curstate !=3D TDP_DONE); + } while (curstate !=3D TDP_DONE && !atomic_read(&tdp_data.failed)); =20 return ret; } @@ -323,6 +328,7 @@ int seamldr_install_module(const u8 *data, u32 size) return -EBUSY; } =20 + atomic_set(&tdp_data.failed, 0); set_target_state(TDP_START + 1); ret =3D stop_machine_cpuslocked(do_seamldr_install_module, params, cpu_on= line_mask); if (ret) --=20 2.47.3