lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aWmtWh39FrdLBhiM@intel.com>
Date: Fri, 16 Jan 2026 11:15:38 +0800
From: Chao Gao <chao.gao@...el.com>
To: Xu Yilun <yilun.xu@...ux.intel.com>
CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
	<x86@...nel.org>, <reinette.chatre@...el.com>, <ira.weiny@...el.com>,
	<kai.huang@...el.com>, <dan.j.williams@...el.com>, <sagis@...gle.com>,
	<vannapurve@...gle.com>, <paulmck@...nel.org>, <nik.borisov@...e.com>,
	"Farrah Chen" <farrah.chen@...el.com>, "Kirill A. Shutemov" <kas@...nel.org>,
	"Dave Hansen" <dave.hansen@...ux.intel.com>
Subject: Re: [PATCH v2 07/21] coco/tdx-host: Expose P-SEAMLDR information via
 sysfs

On Wed, Jan 14, 2026 at 09:50:33AM +0800, Xu Yilun wrote:
>On Tue, Sep 30, 2025 at 07:52:51PM -0700, Chao Gao wrote:
>> TDX Module updates require userspace to select the appropriate module
>> to load. Expose necessary information to facilitate this decision. Two
>> values are needed:
>> 
>> - P-SEAMLDR version: for compatibility checks between TDX Module and
>> 		     P-SEAMLDR
>> - num_remaining_updates: indicates how many updates can be performed
>> 
>> Expose them as tdx-host device attributes.
>> 
>> Note that P-SEAMLDR sysfs nodes are hidden when INTEL_TDX_MODULE_UPDATE
>> isn't enabled or when P-SEAMLDR isn't loaded by BIOS, both of which
>
>I don't think we need to worry about whether P-SEAMLDR is loaded or not.
>The tdx-host device exists only if TDX Module is loaded, and in turn
>P-SEAMLDR is loaded.

Yes, you are right.

<snip>

>> +static umode_t seamldr_group_is_visible(struct kobject *kobj,
>> +					struct attribute *attr, int n)
>> +{
>> +	return seamldr_get_info() ? attr->mode : 0;
>
>I feel it is a little wierd here, need some explaination why use
>seamldr_get_info() for visibility. At first glance, I get the impression
>that we don't expose the attributes on 1st seamldr_get_info() failure,
>and if 1st read success we expose the attributes, then we return read
>failure on 2nd seamldr_get_info() failure. That's the motivation I'm
>trying to make the logic simpler.
>
>As you said, the purpose of using seamldr_get_info() here is for the 2
>checks:
>
>  1. If INTEL_TDX_MODULE_UPDATE is selected.
>  2. If P-SEAMLOAD exists.
>
>But P-SEAMLOAD must exist in tdx-host device context. The chain of
>dependency is P-SEAMLOAD->TDX Module->tdx host device.

Indeed, and the suggested changes below look good to me.

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ