Re: [PATCH v2 08/21] coco/tdx-host: Implement FW_UPLOAD sysfs ABI for TDX Module updates

[Chao Gao]

>> +struct tdx_fw_upload_status {
>> +	bool cancel_request;
>> +};
>> +
>> +struct fw_upload *tdx_fwl;
>> +static struct tdx_fw_upload_status tdx_fw_upload_status;
>> +
>>  static struct faux_device *fdev;
>
>Make the fdev declaration right before tdx_host_init(), try best to keep
>the update stuff in one bluk.

ok.

>
>[...]
>
>> +static int seamldr_init(struct device *dev)
>> +{
>> +	const struct seamldr_info *seamldr_info = seamldr_get_info();
>> +	const struct tdx_sys_info *tdx_sysinfo = tdx_get_sysinfo();
>> +	int ret;
>> +
>> +	if (!tdx_sysinfo || !seamldr_info)
>> +		return -ENXIO;
>> +
>> +	if (!tdx_supports_runtime_update(tdx_sysinfo)) {
>> +		pr_info("Current TDX Module cannot be updated. Consider BIOS updates\n");
>> +		return -EOPNOTSUPP;
>
>I don't think we fail out the whole tdx-host here. We should skip the
>optional feature if it is not supported to allow other features work.
>E.g. the TDX Module version, the P-SEAMLOAD version, TDX Connect.

Yes. How about making seamldr_init() return void? Then any failure in setting
up TDX module update won't impact other features of the tdx-host device. e.g.,

diff --git a/drivers/virt/coco/tdx-host/tdx-host.c b/drivers/virt/coco/tdx-host/tdx-host.c
index 540f9af7f81c..d653c594bb94 100644
--- a/drivers/virt/coco/tdx-host/tdx-host.c
+++ b/drivers/virt/coco/tdx-host/tdx-host.c
@@ -176,32 +176,22 @@ static const struct fw_upload_ops tdx_fw_ops = {
	.cancel = tdx_fw_cancel,
 };
 
-static int seamldr_init(struct device *dev)
+static void seamldr_init(struct device *dev)
 {
-	const struct seamldr_info *seamldr_info = seamldr_get_info();
	const struct tdx_sys_info *tdx_sysinfo = tdx_get_sysinfo();
	int ret;
 
-	if (!tdx_sysinfo || !seamldr_info)
-		return -ENXIO;
+	if (WARN_ON_ONCE(!tdx_sysinfo))
+		return;
 
-	if (!tdx_supports_runtime_update(tdx_sysinfo)) {
+	if (!tdx_supports_runtime_update(tdx_sysinfo))
		pr_info("Current TDX Module cannot be updated. Consider BIOS updates\n");
-		return -EOPNOTSUPP;
-	}
-
-	if (!seamldr_info->num_remaining_updates) {
-		pr_info("P-SEAMLDR doesn't support TDX Module updates\n");
-		return -EOPNOTSUPP;
-	}
 
	tdx_fwl = firmware_upload_register(THIS_MODULE, dev, "seamldr_upload",
					   &tdx_fw_ops, &tdx_fw_upload_status);
	ret = PTR_ERR_OR_ZERO(tdx_fwl);
	if (ret)
		pr_err("failed to register module uploader %d\n", ret);
-
-	return ret;
 }
 
 static void seamldr_deinit(void)
@@ -212,8 +202,8 @@ static void seamldr_deinit(void)
 
 static int tdx_host_probe(struct faux_device *fdev)
 {
-	/* Only support TDX Module updates now. More TDX features could be added here. */
-	return seamldr_init(&fdev->dev);
+	seamldr_init(&fdev->dev);
+	return 0;
 }
 
 static void tdx_host_remove(struct faux_device *fdev)


>
>> +	}
>> +
>> +	if (!seamldr_info->num_remaining_updates) {
>> +		pr_info("P-SEAMLDR doesn't support TDX Module updates\n");
>> +		return -EOPNOTSUPP;
>> +	}
>
>Ditto. And keeping num_remaining_updates sysfs node visible and returning 0
>is valuable, it clearly tells why update is impossible and aligns with
>the situation when the user keeps on updating and exhausts the available
>updates.

Makes sense. I will drop this check.

>
>> +
>> +	tdx_fwl = firmware_upload_register(THIS_MODULE, dev, "seamldr_upload",
>> +					   &tdx_fw_ops, &tdx_fw_upload_status);
>> +	ret = PTR_ERR_OR_ZERO(tdx_fwl);
>> +	if (ret)
>> +		pr_err("failed to register module uploader %d\n", ret);
>> +
>> +	return ret;
>> +}
>