Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()
From: Kirill A. Shutemov
Date: Tue Mar 19 2024 - 07:14:08 EST
On Tue, Mar 19, 2024 at 01:48:45AM +0000, Kai Huang wrote:
> Both SME and TDX can leave caches in incoherent state due to memory
> encryption. During kexec, the caches must be flushed before jumping to
> the second kernel to avoid silent memory corruption to the second kernel.
>
> During kexec, the WBINVD in stop_this_cpu() flushes caches for all
> remote cpus when they are being stopped. For SME, the WBINVD in
> relocate_kernel() flushes the cache for the last running cpu (which is
> executing the kexec).
>
> Similarly, for TDX after stopping all remote cpus with cache flushed, to
> support kexec, the kernel needs to flush cache for the last running cpu.
>
> Make the WBINVD in the relocate_kernel() unconditional to cover both SME
> and TDX.
Nope. It breaks TDX guest. WBINVD triggers #VE for TDX guests.
--
Kiryl Shutsemau / Kirill A. Shutemov