Re: [PATCH v9 19/23] x86/virt/tdx: Refresh TDX module version after update

[Chao Gao]

On Tue, May 19, 2026 at 11:16:35AM +0800, Edgecombe, Rick P wrote:
>On Wed, 2026-05-13 at 08:10 -0700, Chao Gao wrote:
>> The kernel exposes the TDX module version through sysfs so userspace can
>> check update compatibility. That information needs to remain accurate
>> across runtime updates.
>> 
>> A runtime update may change the module's update_version, so refresh the
>> cached version right after a successful update.

I will use version instead of update_version there. There is no need to
distinguish it from the major/minor version fields.

>> 
>> Drop __ro_after_init from tdx_sysinfo because it is now updated at runtime.
>> 
>> Do not refresh the rest of tdx_sysinfo, even if some values change across
>> updates. TDX module updates are backward compatible, so existing
>> tdx_sysinfo consumers, e.g. KVM, can continue to operate without seeing the
>> new values.
>> 
>> Refreshing the full structure would be risky. A tdx_sysinfo consumer may
>> initialize its TDX support based on the features originally reported in
>> tdx_sysinfo. If a runtime update adds new features and the full structure
>> is refreshed, that consumer could observe and use the newly reported
>> features without having performed the setup required to use them safely.
>> 
>> Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
>> ---
>
>Reviewed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
>
>The only thing I saw missing from Dave's last comments was:
>---
>> Note that major and minor versions are not refreshed because runtime updates
>> are supported only between releases with identical major and minor versions.
>
>I'd rather have this in code than a changelog comment.
>
>If they can't change then warn if they do.
>---
>
>But I think we discussed offline to not do this, is it right?

We didn't reach a firm conclusion on that.

But I think there is good reason not to do that, as I explained in my v8
reply:

 : Maybe I can just drop the note as I don't want to add code to preemptively
 : catch theoretical module bugs.
 : 
 : I added it because Sashiko pointed out that assigning the whole version struct
 : outside stop_machine() could allow sysfs readers to observe a partially updated
 : version. As we don't need to print new module version, I will move that
 : assignment into stop_machine(), which addresses that issue. After that, there
 : is no need to mention that major/minor versions are identical across updates.