Re: [PATCH v10 21/25] x86/virt/tdx: Refresh TDX module version after update

[Kiryl Shutsemau <kas@kernel.org>]

On Wed, May 20, 2026 at 06:38:24AM -0700, Chao Gao wrote:
> The kernel exposes the TDX module version through sysfs so userspace can
> check update compatibility. That information needs to remain accurate
> across runtime updates.
> 
> A runtime update may change the module's update_version, so refresh the
> cached version right after a successful update.
> 
> Drop __ro_after_init from tdx_sysinfo because it is now updated at runtime.

__read_mostly?

> Do not refresh the rest of tdx_sysinfo, even if some values change across
> updates. TDX module updates are backward compatible, so existing
> tdx_sysinfo consumers, such as KVM, can continue to operate without seeing
> the new values.
> 
> Refreshing the full structure would be risky. A tdx_sysinfo consumer may
> initialize its TDX support based on the features originally reported in
> tdx_sysinfo. If a runtime update adds new features and the full structure
> is refreshed, that consumer could observe and use the newly reported
> features without having performed the setup required to use them safely.
> 
> Signed-off-by: Chao Gao <chao.gao@intel.com>
> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> ---
> v9:
> - don't print old and new version [Dave]
> - explain why it's OK to hide changes from the tdx_sysinfo users [Dave]
> - update versions in stop_machine context
> - don't mention major/minor versions are idential across updates. That fact is
>   not relevant here.
> ---
>  arch/x86/virt/vmx/tdx/tdx.c                 | 6 +++++-
>  arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 2 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index e3f5aa272850..55670365a388 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -67,7 +67,7 @@ static struct tdmr_info_list tdx_tdmr_list;
>  /* All TDX-usable memory regions.  Protected by mem_hotplug_lock. */
>  static LIST_HEAD(tdx_memlist);
>  
> -static struct tdx_sys_info tdx_sysinfo __ro_after_init;
> +static struct tdx_sys_info tdx_sysinfo;
>  
>  static DEFINE_RAW_SPINLOCK(sysinit_lock);
>  
> @@ -1314,6 +1314,10 @@ int tdx_module_run_update(void)
>  	if (ret)
>  		return ret;
>  
> +	/* Shouldn't fail as the update has succeeded. */
> +	ret = get_tdx_sys_info_version(&tdx_sysinfo.version);
> +	WARN_ON_ONCE(ret);
> +

Warn, but pretend that everything is fine?

>  	tdx_module_state.initialized = true;
>  	return 0;
>  }
> diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> index e793dec688ab..e49c300f23d4 100644
> --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
> @@ -7,7 +7,7 @@
>   * Include this file to other C file instead.
>   */
>  
> -static __init int get_tdx_sys_info_version(struct tdx_sys_info_version *sysinfo_version)
> +static int get_tdx_sys_info_version(struct tdx_sys_info_version *sysinfo_version)
>  {
>  	int ret = 0;
>  	u64 val;
> -- 
> 2.52.0
> 

-- 
  Kiryl Shutsemau / Kirill A. Shutemov