TDX maintains a log about each TDX Module which has been loaded. This log has a finite size which limits the number of TDX Module updates which can be performed. After each successful update, the remaining updates reduces by one. Once it reaches zero, further updates will fail until next reboot. Before updating the TDX Module, verify that the update limit has not been exceeded. Otherwise, P-SEAMLDR will detect this violation after the old TDX Module is gone and all TDs will be killed. Note that userspace should perform this check before updates. Perform this check in kernel as well to make the update process more robust. Signed-off-by: Chao Gao Reviewed-by: Tony Lindgren --- arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index 694243f1f220..733b13215691 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -52,6 +52,16 @@ EXPORT_SYMBOL_FOR_MODULES(seamldr_get_info, "tdx-host"); */ int seamldr_install_module(const u8 *data, u32 size) { + struct seamldr_info info; + int ret; + + ret = seamldr_get_info(&info); + if (ret) + return ret; + + if (!info.num_remaining_updates) + return -ENOSPC; + if (WARN_ON_ONCE(!is_vmalloc_addr(data))) return -EINVAL; -- 2.47.3