[PATCH v4 09/24] x86/virt/seamldr: Check update limit before TDX Module updates

Next message: Chao Gao: "[PATCH v4 08/24] x86/virt/seamldr: Block TDX Module updates if any CPU is offline"
Previous message: Chao Gao: "[PATCH v4 03/24] coco/tdx-host: Expose TDX Module version"
In reply to: Chao Gao: "[PATCH v4 03/24] coco/tdx-host: Expose TDX Module version"
Next in thread: Chao Gao: "[PATCH v4 08/24] x86/virt/seamldr: Block TDX Module updates if any CPU is offline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chao Gao

Date: Thu Feb 12 2026 - 09:38:10 EST

TDX maintains a log about each TDX Module which has been loaded. This
log has a finite size which limits the number of TDX Module updates
which can be performed.

After each successful update, the remaining updates reduces by one. Once
it reaches zero, further updates will fail until next reboot.

Before updating the TDX Module, verify that the update limit has not been
exceeded. Otherwise, P-SEAMLDR will detect this violation after the old TDX
Module is gone and all TDs will be killed.

Note that userspace should perform this check before updates. Perform this
check in kernel as well to make the update process more robust.

Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx>
Reviewed-by: Tony Lindgren <tony.lindgren@xxxxxxxxxxxxxxx>
---
arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++++
1 file changed, 10 insertions(+)

diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index 694243f1f220..733b13215691 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -52,6 +52,16 @@ EXPORT_SYMBOL_FOR_MODULES(seamldr_get_info, "tdx-host");
*/
int seamldr_install_module(const u8 *data, u32 size)
{
+ struct seamldr_info info;
+ int ret;
+
+ ret = seamldr_get_info(&info);
+ if (ret)
+ return ret;
+
+ if (!info.num_remaining_updates)
+ return -ENOSPC;
+
if (WARN_ON_ONCE(!is_vmalloc_addr(data)))
return -EINVAL;

--
2.47.3