From: Chao Gao <chao.gao@intel.com>
To: <linux-kernel@vger.kernel.org>, <linux-coco@lists.linux.dev>,
<kvm@vger.kernel.org>
Cc: <binbin.wu@linux.intel.com>, <dan.j.williams@intel.com>,
<dave.hansen@linux.intel.com>, <ira.weiny@intel.com>,
<kai.huang@intel.com>, <kas@kernel.org>, <nik.borisov@suse.com>,
<paulmck@kernel.org>, <pbonzini@redhat.com>,
<reinette.chatre@intel.com>, <rick.p.edgecombe@intel.com>,
<sagis@google.com>, <seanjc@google.com>,
<tony.lindgren@linux.intel.com>, <vannapurve@google.com>,
<vishal.l.verma@intel.com>, <yilun.xu@linux.intel.com>,
<xiaoyao.li@intel.com>, <yan.y.zhao@intel.com>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>, <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH v6 09/22] x86/virt/seamldr: Introduce skeleton for TDX module updates
Date: Thu, 26 Mar 2026 19:47:46 +0800 [thread overview]
Message-ID: <acUc4i3akRmekbFl@intel.com> (raw)
In-Reply-To: <20260326084448.29947-10-chao.gao@intel.com>
>+static void set_target_state(enum module_update_state state)
>+{
>+ /* Reset ack counter. */
>+ update_data.thread_ack = num_online_cpus();
...
>+static void ack_state(void)
>+{
>+ guard(raw_spinlock)(&update_data.lock);
>+ update_data.thread_ack--;
>+ if (!update_data.thread_ack)
>+ set_target_state(update_data.state + 1);
>+}
>+
>+/*
>+ * See multi_cpu_stop() from where this multi-cpu state-machine was
>+ * adopted, and the rationale for touch_nmi_watchdog().
>+ */
>+static int do_seamldr_install_module(void *seamldr_params)
>+{
>+ enum module_update_state newstate, curstate = MODULE_UPDATE_START;
>+ int ret = 0;
>+
>+ do {
>+ /* Chill out and re-read update_data. */
>+ cpu_relax();
>+ newstate = READ_ONCE(update_data.state);
>+
>+ if (newstate != curstate) {
>+ curstate = newstate;
>+ switch (curstate) {
>+ /* TODO: add the update steps. */
>+ default:
>+ break;
>+ }
>+
>+ ack_state();
>+ } else {
>+ touch_nmi_watchdog();
>+ rcu_momentary_eqs();
>+ }
>+ } while (curstate != MODULE_UPDATE_DONE);
>+
>+ return ret;
>+}
>+
> DEFINE_FREE(free_seamldr_params, struct seamldr_params *,
> if (!IS_ERR_OR_NULL(_T)) free_seamldr_params(_T))
>
>@@ -197,7 +270,7 @@ int seamldr_install_module(const u8 *data, u32 size)
> if (IS_ERR(params))
> return PTR_ERR(params);
>
>- /* TODO: Update TDX module here */
>- return 0;
>+ set_target_state(MODULE_UPDATE_START + 1);
>+ return stop_machine(do_seamldr_install_module, params, cpu_online_mask);
I'm reviewing feedback from sashiko:
https://sashiko.dev/#/patchset/20260326084448.29947-1-chao.gao%40intel.com
It identifies a valid race between CPU hotplug and state machine management. If
a CPU goes offline after set_target_state() but before stop_machine(),
thread_ack never reaches zero, causing all CPUs to spin indefinitely with
interrupts disabled.
The fix is: acquire cpus_read_lock() before set_target_state() and use
stop_machine_cpuslocked(). i.e.,
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index ed6a092b11e2..6f9d80a3a76f 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -270,7 +270,8 @@ int seamldr_install_module(const u8 *data, u32 size)
if (IS_ERR(params))
return PTR_ERR(params);
+ guard(cpus_read_lock)();
set_target_state(MODULE_UPDATE_START + 1);
- return stop_machine(do_seamldr_install_module, params, cpu_online_mask);
+ return stop_machine_cpuslocked(do_seamldr_install_module, params, cpu_online_mask);
}
EXPORT_SYMBOL_FOR_MODULES(seamldr_install_module, "tdx-host");
next prev parent reply other threads:[~2026-03-26 11:48 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 8:43 [PATCH v6 00/22] Runtime TDX module update support Chao Gao
2026-03-26 8:43 ` [PATCH v6 01/22] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2026-03-31 9:51 ` Xiaoyao Li
2026-03-26 8:43 ` [PATCH v6 02/22] coco/tdx-host: Introduce a "tdx_host" device Chao Gao
2026-03-31 10:07 ` Xiaoyao Li
2026-03-26 8:43 ` [PATCH v6 03/22] coco/tdx-host: Expose TDX module version Chao Gao
2026-03-31 10:21 ` Xiaoyao Li
2026-03-26 8:43 ` [PATCH v6 04/22] x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs Chao Gao
2026-03-31 10:23 ` Xiaoyao Li
2026-03-26 8:43 ` [PATCH v6 05/22] x86/virt/seamldr: Add a helper to retrieve P-SEAMLDR information Chao Gao
2026-03-31 10:25 ` Xiaoyao Li
2026-03-26 8:43 ` [PATCH v6 06/22] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2026-03-30 12:41 ` Kiryl Shutsemau
2026-03-26 8:43 ` [PATCH v6 07/22] coco/tdx-host: Implement firmware upload sysfs ABI for TDX module updates Chao Gao
2026-03-26 8:43 ` [PATCH v6 08/22] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2026-03-30 12:44 ` Kiryl Shutsemau
2026-03-26 8:44 ` [PATCH v6 09/22] x86/virt/seamldr: Introduce skeleton for TDX module updates Chao Gao
2026-03-26 11:47 ` Chao Gao [this message]
2026-03-26 8:44 ` [PATCH v6 10/22] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2026-03-30 12:52 ` Kiryl Shutsemau
2026-03-26 8:44 ` [PATCH v6 11/22] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2026-03-26 8:44 ` [PATCH v6 12/22] x86/virt/tdx: Reset software states during TDX module shutdown Chao Gao
2026-03-26 12:35 ` Chao Gao
2026-03-26 8:44 ` [PATCH v6 13/22] x86/virt/seamldr: Install a new TDX module Chao Gao
2026-03-30 12:59 ` Kiryl Shutsemau
2026-03-26 8:44 ` [PATCH v6 14/22] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2026-03-26 8:44 ` [PATCH v6 15/22] x86/virt/tdx: Restore TDX module state Chao Gao
2026-03-26 8:44 ` [PATCH v6 16/22] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2026-03-26 13:03 ` Chao Gao
2026-03-26 8:44 ` [PATCH v6 17/22] x86/virt/tdx: Avoid updates during update-sensitive operations Chao Gao
2026-03-30 13:07 ` Kiryl Shutsemau
2026-03-31 2:34 ` Chao Gao
2026-03-31 12:22 ` Kiryl Shutsemau
2026-03-26 8:44 ` [PATCH v6 18/22] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum Chao Gao
2026-03-26 8:44 ` [PATCH v6 19/22] x86/virt/tdx: Enable TDX module runtime updates Chao Gao
2026-03-26 8:44 ` [PATCH v6 20/22] coco/tdx-host: Document TDX module update compatibility criteria Chao Gao
2026-03-26 8:44 ` [PATCH v6 21/22] x86/virt/tdx: Document TDX module update Chao Gao
2026-03-26 8:44 ` [PATCH v6 22/22] x86/virt/seamldr: Log TDX module update failures Chao Gao
2026-03-26 8:52 ` [PATCH v6 00/22] Runtime TDX module update support Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acUc4i3akRmekbFl@intel.com \
--to=chao.gao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tony.lindgren@linux.intel.com \
--cc=vannapurve@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.