x86/virt/seamldr: Add module update locking

TDX metadata like the version number changes during a module update.
Add functions to lock out module updates.

The current stop_machine() implementation uses worker threads. The
scheduler actually does a full, normal context switch over to that
thread. preempt_disable() obviously inhibits that context switch and
thus, locks out stop_machine() users like the module update.

Thanks to Chao for the idea of using preempt_disable().

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>

diff --git a/arch/x86/include/asm/seamldr.h b/arch/x86/include/asm/seamldr.h
index 43084e2daa2d4d3dc804537bf9bb1dc3561b892a..cfc6a1b1a440b7c58e6a57b58c54079bf0cf3d89 100644 (file)
--- a/arch/x86/include/asm/seamldr.h
+++ b/arch/x86/include/asm/seamldr.h
@@ -32,5 +32,7 @@ static_assert(sizeof(struct seamldr_info) == 256);
 
 int seamldr_get_info(struct seamldr_info *seamldr_info);
 int seamldr_install_module(const u8 *data, u32 data_len);
+void seamldr_lock_module_update(void);
+void seamldr_unlock_module_update(void);
 
 #endif /* _ASM_X86_SEAMLDR_H */

diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c
index f5591d7a0781b92b77f6e334872f7749f9de6cf2..b1137ca6150d42d017288cc83d3660767fb7fb59 100644 (file)
--- a/arch/x86/virt/vmx/tdx/seamldr.c
+++ b/arch/x86/virt/vmx/tdx/seamldr.c
@@ -350,3 +350,19 @@ out:
        return ret;
 }
 EXPORT_SYMBOL_FOR_MODULES(seamldr_install_module, "tdx-host");
+
+/*
+ * stop_machine() does not interrupt preemption-disabled regions.
+ * Simply disabling preempt prevents updates.
+ */
+void seamldr_lock_module_update(void)
+{
+       preempt_disable();
+}
+EXPORT_SYMBOL_FOR_MODULES(seamldr_lock_module_update, "tdx-host");
+
+void seamldr_unlock_module_update(void)
+{
+       preempt_enable();
+}
+EXPORT_SYMBOL_FOR_MODULES(seamldr_unlock_module_update, "tdx-host");