Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()

From: Tom Lendacky
Date: Wed Mar 20 2024 - 17:07:03 EST

Next message: Kees Cook: "Re: [PATCH] vdso: use CONFIG_PAGE_SHIFT in vdso/datapage.h"
Previous message: Brian Norris: "Re: [PATCH v9 0/2] wifi: mwifiex: add code to support host mlme"
In reply to: Huang, Kai: "Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()"
Next in thread: Huang, Kai: "Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/20/24 15:48, Huang, Kai wrote:

Hi Tom,

I am not aware of kexec() support status for SEV-ES/SEV-SNP guests. Does patch 1 break them?

SNP guests can kexec with some patches that are currently in process around shared to private memory conversions. ES guests can only kexec with a single vCPU. There was a recent patch series to add support for multiple vCPUs.

Patch #1 doesn't break either ES or SNP because we still have an IDT and traditional kernel addressing in place, so the #VC can be handled.

How about plain SEV guest?

A plain SEV guest is fine, since WBINVD is intercepted and would just exit to the hypervisor (#VC doesn't happen with plain SEV).

Thanks,
Tom

Whereas patch #2 has switched to identity mapping and removed the IDT, so a #VC causes a triple fault.

That makes sense. Thanks.

Hi Kirill,

Does TDX guest have similar behaviour -- that WBINVD in stop_this_cpu() can be handled although it causes #VE, while WBINVD in relocate_kernel() will just triple fault the guest?

Next message: Kees Cook: "Re: [PATCH] vdso: use CONFIG_PAGE_SHIFT in vdso/datapage.h"
Previous message: Brian Norris: "Re: [PATCH v9 0/2] wifi: mwifiex: add code to support host mlme"
In reply to: Huang, Kai: "Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()"
Next in thread: Huang, Kai: "Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]