From: Binbin Wu <binbin.wu@linux.intel.com>
To: Chao Gao <chao.gao@intel.com>
Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
x86@kernel.org, reinette.chatre@intel.com, ira.weiny@intel.com,
kai.huang@intel.com, dan.j.williams@intel.com,
yilun.xu@linux.intel.com, sagis@google.com,
vannapurve@google.com, paulmck@kernel.org, nik.borisov@suse.com,
Farrah Chen <farrah.chen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kas@kernel.org>
Subject: Re: [PATCH v2 08/21] coco/tdx-host: Implement FW_UPLOAD sysfs ABI for TDX Module updates
Date: Mon, 24 Nov 2025 15:49:34 +0800 [thread overview]
Message-ID: <41cdd3d5-c45b-4991-ace9-bef7cf9ed197@linux.intel.com> (raw)
In-Reply-To: <20251001025442.427697-9-chao.gao@intel.com>
On 10/1/2025 10:52 AM, Chao Gao wrote:
[...]
>
> +static enum fw_upload_err tdx_fw_prepare(struct fw_upload *fwl,
> + const u8 *data, u32 size)
> +{
> + struct tdx_fw_upload_status *status = fwl->dd_handle;
> +
> + if (status->cancel_request) {
> + status->cancel_request = false;
> + return FW_UPLOAD_ERR_CANCELED;
> + }
> +
> + return FW_UPLOAD_ERR_NONE;
> +}
> +
> +static enum fw_upload_err tdx_fw_write(struct fw_upload *fwl, const u8 *data,
> + u32 offset, u32 size, u32 *written)
> +{
> + struct tdx_fw_upload_status *status = fwl->dd_handle;
> +
> + if (status->cancel_request) {
> + status->cancel_request = false;
> + return FW_UPLOAD_ERR_CANCELED;
> + }
Since the execution of the work is not protected by the mutex, if userspace
requests cancellation after this point, after the TDX module update finished,
it seems that the cancel value is left over and it could impact the next update?
> +
> + /*
> + * tdx_fw_write() always processes all data on the first call with
> + * offset == 0. Since it never returns partial success (it either
> + * succeeds completely or fails), there is no subsequent call with
> + * non-zero offsets.
> + */
> + WARN_ON_ONCE(offset);
> + if (seamldr_install_module(data, size))
> + return FW_UPLOAD_ERR_FW_INVALID;
> +
> + *written = size;
> + return FW_UPLOAD_ERR_NONE;
> +}
> +
> +static enum fw_upload_err tdx_fw_poll_complete(struct fw_upload *fwl)
> +{
> + /*
> + * TDX Module updates are completed in the previous phase
> + * (tdx_fw_write()). If any error occurred, the previous phase
> + * would return an error code to abort the update process. In
> + * other words, reaching this point means the update succeeded.
> + */
> + return FW_UPLOAD_ERR_NONE;
> +}
> +
> +static void tdx_fw_cancel(struct fw_upload *fwl)
> +{
> + struct tdx_fw_upload_status *status = fwl->dd_handle;
> +
> + status->cancel_request = true;
> +}
> +
>
[...]
next prev parent reply other threads:[~2025-11-24 7:49 UTC|newest]
Thread overview: 79+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-01 2:52 [PATCH v2 00/21] Runtime TDX Module update support Chao Gao
2025-10-01 2:52 ` [PATCH v2 01/21] x86/virt/tdx: Print SEAMCALL leaf numbers in decimal Chao Gao
2025-10-01 2:52 ` [PATCH v2 02/21] x86/virt/tdx: Use %# prefix for hex values in SEAMCALL error messages Chao Gao
2025-10-01 2:52 ` [PATCH v2 03/21] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2025-10-01 2:52 ` [PATCH v2 04/21] x86/virt/tdx: Prepare to support P-SEAMLDR SEAMCALLs Chao Gao
2025-11-21 7:53 ` Binbin Wu
2025-10-01 2:52 ` [PATCH v2 05/21] x86/virt/seamldr: Introduce a wrapper for " Chao Gao
2025-11-21 8:41 ` Binbin Wu
2025-10-01 2:52 ` [PATCH v2 06/21] x86/virt/seamldr: Retrieve P-SEAMLDR information Chao Gao
2025-10-01 2:52 ` [PATCH v2 07/21] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2025-10-30 21:54 ` Sagi Shahar
2025-10-30 23:05 ` dan.j.williams
2025-10-31 14:31 ` Sagi Shahar
2025-10-01 2:52 ` [PATCH v2 08/21] coco/tdx-host: Implement FW_UPLOAD sysfs ABI for TDX Module updates Chao Gao
2025-11-24 7:49 ` Binbin Wu [this message]
2025-10-01 2:52 ` [PATCH v2 09/21] x86/virt/seamldr: Block TDX Module updates if any CPU is offline Chao Gao
2025-10-01 2:52 ` [PATCH v2 10/21] x86/virt/seamldr: Verify availability of slots for TDX Module updates Chao Gao
2025-10-01 2:52 ` [PATCH v2 11/21] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2025-10-01 2:52 ` [PATCH v2 12/21] x86/virt/seamldr: Introduce skeleton for TDX Module updates Chao Gao
2025-10-01 2:52 ` [PATCH v2 13/21] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2025-10-01 2:52 ` [PATCH v2 14/21] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2025-10-01 2:52 ` [PATCH v2 15/21] x86/virt/tdx: Reset software states after TDX module shutdown Chao Gao
2025-10-01 2:53 ` [PATCH v2 16/21] x86/virt/seamldr: Handle TDX Module update failures Chao Gao
2025-10-28 2:53 ` Chao Gao
2025-10-01 2:53 ` [PATCH v2 17/21] x86/virt/seamldr: Install a new TDX Module Chao Gao
2025-10-01 2:53 ` [PATCH v2 18/21] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2025-10-01 2:53 ` [PATCH v2 19/21] x86/virt/tdx: Establish contexts for the new TDX Module Chao Gao
2025-10-01 2:53 ` [PATCH v2 20/21] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2025-10-01 2:53 ` [PATCH v2 21/21] x86/virt/tdx: Enable TDX Module runtime updates Chao Gao
2025-10-14 15:32 ` [PATCH v2 00/21] Runtime TDX Module update support Vishal Annapurve
2025-10-15 8:54 ` Reshetova, Elena
2025-10-15 14:19 ` Vishal Annapurve
2025-10-16 6:48 ` Reshetova, Elena
2025-10-15 15:02 ` Dave Hansen
2025-10-16 6:46 ` Reshetova, Elena
2025-10-16 17:47 ` Vishal Annapurve
2025-10-17 10:08 ` Reshetova, Elena
2025-10-18 0:01 ` Vishal Annapurve
2025-10-21 13:42 ` Reshetova, Elena
2025-10-22 7:14 ` Chao Gao
2025-10-22 15:42 ` Vishal Annapurve
2025-10-23 20:31 ` Vishal Annapurve
2025-10-23 21:10 ` Dave Hansen
2025-10-23 22:00 ` Vishal Annapurve
2025-10-24 7:43 ` Chao Gao
2025-10-24 18:02 ` Dave Hansen
2025-10-24 19:40 ` dan.j.williams
2025-10-24 20:00 ` Sean Christopherson
2025-10-24 20:14 ` Dave Hansen
2025-10-24 21:09 ` Vishal Annapurve
2025-10-24 20:13 ` Dave Hansen
2025-10-24 21:12 ` dan.j.williams
2025-10-24 21:19 ` Dave Hansen
2025-10-25 0:54 ` Vishal Annapurve
2025-10-25 1:42 ` dan.j.williams
2025-10-25 11:55 ` Vishal Annapurve
2025-10-25 12:01 ` Vishal Annapurve
2025-10-26 21:30 ` dan.j.williams
2025-10-26 22:01 ` Vishal Annapurve
2025-10-27 18:53 ` dan.j.williams
2025-10-28 0:42 ` Vishal Annapurve
2025-10-28 2:13 ` dan.j.williams
2025-10-28 17:00 ` Erdem Aktas
2025-10-29 0:56 ` Sean Christopherson
2025-10-29 2:17 ` dan.j.williams
2025-10-29 13:48 ` Sean Christopherson
2025-10-30 17:01 ` Vishal Annapurve
2025-10-31 2:53 ` Chao Gao
2025-11-19 22:44 ` Sagi Shahar
2025-11-20 2:47 ` Chao Gao
2025-11-20 23:38 ` Sagi Shahar
2025-10-28 23:48 ` Vishal Annapurve
2025-10-28 20:29 ` dan.j.williams
2025-10-28 20:32 ` dan.j.williams
2025-10-31 16:55 ` Sagi Shahar
2025-10-31 17:57 ` Vishal Annapurve
2025-11-01 2:18 ` Chao Gao
2025-11-01 2:05 ` Chao Gao
2025-11-12 14:09 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41cdd3d5-c45b-4991-ace9-bef7cf9ed197@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=farrah.chen@intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=reinette.chatre@intel.com \
--cc=sagis@google.com \
--cc=tglx@linutronix.de \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).