Re: [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway

Next message: Josh Law: "Re: [PATCH 6.1 000/312] 6.1.168-rc1 review"
Previous message: Edgecombe, Rick P: "Re: [PATCH v7 09/22] x86/virt/seamldr: Introduce skeleton for TDX module updates"
Next in thread: Chao Gao: "Re: [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Edgecombe, Rick P

Date: Fri Apr 10 2026 - 21:27:25 EST

On Tue, 2026-03-31 at 05:41 -0700, Chao Gao wrote:
> The TDX module update process has multiple steps, each of which may
> encounter failures.
>
> The current state machine of updates proceeds to the next step regardless
> of errors. But continuing updates when errors occur midway is pointless.

This kind of begs the question of how much it matters if some pointless work
happens in error condition during a rare operation. I'm thinking at this point,
aha!, do we need this?

>
> Abort the update by setting a flag to indicate that a CPU has encountered
> an error, forcing all CPUs to exit the execution loop. Note that failing
> CPUs do not acknowledge the current step. This keeps all other CPUs waiting
> in the current step (since advancing to the next step requires all CPUs to
> acknowledge the current step) until they detect the fault flag and exit the
> loop.

So is the point of the patch to prevent the operation from getting stuck? Or
saving the user experiencing a failed update a little time?