lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aXdOt8Vo5zM18gdR@tlindgre-MOBL1>
Date: Mon, 26 Jan 2026 13:23:35 +0200
From: Tony Lindgren <tony.lindgren@...ux.intel.com>
To: Chao Gao <chao.gao@...el.com>
Cc: linux-coco@...ts.linux.dev, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org, x86@...nel.org, reinette.chatre@...el.com,
	ira.weiny@...el.com, kai.huang@...el.com, dan.j.williams@...el.com,
	yilun.xu@...ux.intel.com, sagis@...gle.com, vannapurve@...gle.com,
	paulmck@...nel.org, nik.borisov@...e.com, zhenzhong.duan@...el.com,
	seanjc@...gle.com, rick.p.edgecombe@...el.com, kas@...nel.org,
	dave.hansen@...ux.intel.com, vishal.l.verma@...el.com,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
	"H. Peter Anvin" <hpa@...or.com>,
	Paolo Bonzini <pbonzini@...hat.com>
Subject: Re: [PATCH v3 25/26] x86/virt/tdx: Avoid updates during
 update-sensitive operations

On Fri, Jan 23, 2026 at 06:55:33AM -0800, Chao Gao wrote:
> TDX Module updates may cause TD management operations to fail if they
> occur during phases of the TD lifecycle that are sensitive to update
> compatibility.
> 
> Currently, there are two update-sensitive scenarios:
>  - TD build, where TD Measurement Register (TDMR) accumulates over multiple
>    TDH.MEM.PAGE.ADD, TDH.MR.EXTEND and TDH.MR.FINALIZE calls.
> 
>  - TD migration, where an intermediate crypto state is saved if a state
>    migration function (TDH.EXPORT.STATE.* or TDH.IMPORT.STATE.*) is
>    interrupted and restored when the function is resumed.
> 
> For example, if an update races with TD build operations, the TD
> Measurement Register will become incorrect, causing the TD to fail
> attestation.
> 
> The TDX Module offers two solutions:
> 
> 1. Avoid updates during update-sensitive times
> 
>    The host VMM can instruct TDH.SYS.SHUTDOWN to fail if any of the TDs
>    are currently in any update-sensitive cases.
> 
> 2. Detect incompatibility after updates
> 
>    On TDH.SYS.UPDATE, the host VMM can configure the TDX Module to detect
>    actual incompatibility cases. The TDX Module will then return a special
>    error to signal the incompatibility, allowing the host VMM to restart
>    the update-sensitive operations.
> 
> Implement option #1 to fail updates if the feature is available. Also,
> distinguish this update failure from other failures by returning -EBUSY,
> which will be converted to a firmware update error code indicating that the
> firmware is busy.

Looks good to me:

Reviewed-by: Tony Lindgren <tony.lindgren@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ