Re: [PATCH v4 08/24] x86/virt/seamldr: Block TDX Module updates if any CPU is offline

Next message: Dmitry Baryshkov: "Re: [PATCH v4 1/6] media: dt-bindings: Document SC8280XP/SM8350 Iris"
Previous message: Yu-Chun Lin: "[PATCH v4 01/10] dt-bindings: clock: Add Realtek RTD1625 Clock &amp; Reset Controller"
In reply to: Dave Hansen: "Re: [PATCH v4 08/24] x86/virt/seamldr: Block TDX Module updates if any CPU is offline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chao Gao

Date: Fri Mar 13 2026 - 04:22:21 EST

On Thu, Mar 12, 2026 at 01:20:27PM -0700, Dave Hansen wrote:
>On 2/12/26 06:35, Chao Gao wrote:
>> P-SEAMLDR requires every CPU to call SEAMLDR.INSTALL during updates. So,
>> every CPU should be online during updates.
>
>Gah, how did another one of these creep in? We've already fixed like a
>half dozen of these.
>
>There needs to be a *LONG* justification why there is no other choice
>here. There are very good reasons to leave CPUs offline forever.

I will drop this patch.

For the record:

This patch was added in v2 after testing revealed that module updates with offline
CPUs would fail and kill all TDs. I attempted to provide graceful handling in the
kernel.

But "all-CPUs-online" is a temporary TDX module limitation that will be
resolved in future releases.

So, adding kernel complexity for this isn't warranted. Admins can verify all
CPUs are online before updating. This is consistent with how this series
already expects users to do compatibility verification.