Re: [PATCH] x86: Disable kexec for TDX guests

[Kirill A. Shutemov]

On Sun, Mar 26, 2023 at 10:01:23AM -0700, Dave Hansen wrote:
> > I guess we can go this path if you are fine with taking CR4.MCE and shared
> > memory reverting patches (they require some rework, but I can get them
> > into shape quickly). After that we can forbid kexec on machines with MADT
> > if nr_cpus > 1.
> 
> This goes back to what I asked before: is anyone actually going to *use*
> a single-processor system that wants to kexec()?  If not, let's not
> waste the time to introduce code that is just going to bitrot.  Just
> mark it broken and move on with life.
> 
> I'm also a _bit_ curious what the implications of the CR4.MCE
> preservation are.  IIRC, systems are quite a bit less stable when
> CR4.MCE==0. So, maybe there are some benefits to leaving it set during
> kexec() for everyone.

Hm. I thought the opposite: keeping MCE set brings more risks.

Andrew had feedback on the patch:

	Async events, including NMIs, cannot be taken between this point and the
	target having set itself up into it's intended operating mode.  During
	this period you get all kinds of fun with type confusion in the IDT/TSS
	and/or not having a safe stack to service the event.

I tend to agree with him, but maybe I miss bigger picture.

Based on that I adjusted the patch to only affect TDX guests: