From: Dave Hansen Date: Fri, 22 May 2026 15:43:02 +0000 (-0700) Subject: x86/virt/seamldr: Add module update locking X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e97c234cdf0d11f51f75e918b3f612e57ecd027;p=thirdparty%2Fkernel%2Flinux.git x86/virt/seamldr: Add module update locking TDX metadata like the version number changes during a module update. Add functions to lock out module updates. The current stop_machine() implementation uses worker threads. The scheduler actually does a full, normal context switch over to that thread. preempt_disable() obviously inhibits that context switch and thus, locks out stop_machine() users like the module update. Thanks to Chao for the idea of using preempt_disable(). Signed-off-by: Dave Hansen --- diff --git a/arch/x86/include/asm/seamldr.h b/arch/x86/include/asm/seamldr.h index 43084e2daa2d4..cfc6a1b1a440b 100644 --- a/arch/x86/include/asm/seamldr.h +++ b/arch/x86/include/asm/seamldr.h @@ -32,5 +32,7 @@ static_assert(sizeof(struct seamldr_info) == 256); int seamldr_get_info(struct seamldr_info *seamldr_info); int seamldr_install_module(const u8 *data, u32 data_len); +void seamldr_lock_module_update(void); +void seamldr_unlock_module_update(void); #endif /* _ASM_X86_SEAMLDR_H */ diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index f5591d7a0781b..b1137ca6150d4 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -350,3 +350,19 @@ out: return ret; } EXPORT_SYMBOL_FOR_MODULES(seamldr_install_module, "tdx-host"); + +/* + * stop_machine() does not interrupt preemption-disabled regions. + * Simply disabling preempt prevents updates. + */ +void seamldr_lock_module_update(void) +{ + preempt_disable(); +} +EXPORT_SYMBOL_FOR_MODULES(seamldr_lock_module_update, "tdx-host"); + +void seamldr_unlock_module_update(void) +{ + preempt_enable(); +} +EXPORT_SYMBOL_FOR_MODULES(seamldr_unlock_module_update, "tdx-host");