| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251001025442.427697-11-chao.gao@intel.com>
Date: Tue, 30 Sep 2025 19:52:54 -0700
From: Chao Gao <chao.gao@...el.com>
To: linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org,
x86@...nel.org,
reinette.chatre@...el.com,
ira.weiny@...el.com,
kai.huang@...el.com,
dan.j.williams@...el.com,
yilun.xu@...ux.intel.com,
sagis@...gle.com,
vannapurve@...gle.com,
paulmck@...nel.org,
nik.borisov@...e.com
Cc: Chao Gao <chao.gao@...el.com>,
Farrah Chen <farrah.chen@...el.com>,
"Kirill A. Shutemov" <kas@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH v2 10/21] x86/virt/seamldr: Verify availability of slots for TDX Module updates
The CPU keeps track of TCB versions for each TDX Module that has been
loaded. Since this tracking database has finite capacity, there's a maximum
number of module updates that can be performed. After each successful
update, the number reduces by one. Once it reaches zero, further updates
will fail until next reboot.
Before updating the TDX Module, ensure that the limit on TDX Module updates
has not been exceeded to prevent update failures in a later phase where TDs
have to be killed.
Signed-off-by: Chao Gao <chao.gao@...el.com>
Tested-by: Farrah Chen <farrah.chen@...el.com>
---
arch/x86/virt/vmx/tdx/seamldr.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index b9e025d0f0bc..9f7d96ca8b2f 100644
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -74,6 +74,14 @@ EXPORT_SYMBOL_GPL_FOR_MODULES(seamldr_get_info, "tdx-host");
int seamldr_install_module(const u8 *data, u32 size)
{
+ const struct seamldr_info *info = seamldr_get_info();
+
+ if (!info)
+ return -EIO;
+
+ if (!info->num_remaining_updates)
+ return -ENOSPC;
+
guard(cpus_read_lock)();
if (!cpumask_equal(cpu_online_mask, cpu_present_mask)) {
pr_err("Cannot update TDX module if any CPU is offline\n");
--
2.47.3
Powered by blists - more mailing lists