The TDX Module update process has multiple steps, each of which may encounter failures. The current state machine of updates proceeds to the next step regardless of errors. But continuing updates when errors occur midway is pointless. Abort the update by setting a flag to indicate that a CPU has encountered an error, forcing all CPUs to exit the execution loop. Note that failing CPUs do not acknowledge the current step. This keeps all other CPUs waiting in the current step (since advancing to the next step requires all CPUs to acknowledge the current step) until they detect the fault flag and exit the loop. Signed-off-by: Chao Gao Reviewed-by: Xu Yilun Reviewed-by: Tony Lindgren --- v3: - Instead of fast-forward to the final stage, exit the execution loop directly. --- arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index 21d572d75769..70bc577e5957 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -202,6 +202,7 @@ enum tdp_state { static struct { enum tdp_state state; atomic_t thread_ack; + atomic_t failed; } tdp_data; static void set_target_state(enum tdp_state state) @@ -240,12 +241,16 @@ static int do_seamldr_install_module(void *params) default: break; } - ack_state(); + + if (ret) + atomic_inc(&tdp_data.failed); + else + ack_state(); } else { touch_nmi_watchdog(); rcu_momentary_eqs(); } - } while (curstate != TDP_DONE); + } while (curstate != TDP_DONE && !atomic_read(&tdp_data.failed)); return ret; } @@ -287,6 +292,7 @@ int seamldr_install_module(const u8 *data, u32 size) return -EBUSY; } + atomic_set(&tdp_data.failed, 0); set_target_state(TDP_START + 1); ret = stop_machine_cpuslocked(do_seamldr_install_module, params, cpu_online_mask); if (ret) -- 2.47.3