Re: [RFC PATCH 11/20] x86/virt/seamldr: Abort updates if errors occurred midway
From: Nikolay Borisov
Date: Tue Jun 03 2025 - 08:04:18 EST
On 5/23/25 12:52, Chao Gao wrote:
The update process is divided into multiple stages, each of which may
encounter failures. However, the current state machine for updates proceeds
to the next stage regardless of errors.
Continuing updates when errors occur midway is pointless.
Implement a mechanism that transitions directly to the final stage,
effectively aborting the update and skipping all remaining stages when an
error is detected.
This is in preparation for adding the first stage that may fail.
Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
Tested-by: Farrah Chen <farrah.chen@xxxxxxxxx>
---
arch/x86/virt/vmx/tdx/seamldr.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index 01dc2b0bc4a5..9d0d37a92bfd 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -247,6 +247,7 @@ enum tdp_state {
static struct {
enum tdp_state state;
atomic_t thread_ack;
+ atomic_t failed;
} tdp_data;
static void set_state(enum tdp_state state)
@@ -261,8 +262,16 @@ static void set_state(enum tdp_state state)
/* Last one to ack a state moves to the next state. */
static void ack_state(void)
{
- if (atomic_dec_and_test(&tdp_data.thread_ack))
- set_state(tdp_data.state + 1);
+ if (atomic_dec_and_test(&tdp_data.thread_ack)) {
+ /*
+ * If an error occurred, abort the update by skipping to
+ * the final state
+ */
+ if (atomic_read(&tdp_data.failed))
+ set_state(TDP_DONE);
+ else
+ set_state(tdp_data.state + 1);
+ }
}
/*
@@ -285,6 +294,9 @@ static int do_seamldr_install_module(void *params)
default:
break;
}
+
+ if (ret)
+ atomic_inc(&tdp_data.failed);
Should there be some explicit ordering requirement between setting an
error and reading it in ack_state by a different CPU?
< snip>