Re: [PATCH] x86/fred: Fix early boot failures on SEV-ES/SNP guests

From: Greg KH

Date: Thu Feb 05 2026 - 11:06:56 EST

On Thu, Feb 05, 2026 at 07:50:09AM -0800, Sean Christopherson wrote:
> On Thu, Feb 05, 2026, Greg KH wrote:
> > On Thu, Feb 05, 2026 at 11:40:11AM +0530, Nikunj A. Dadhania wrote:
> > >
> > >
> > > On 2/5/2026 11:25 AM, Greg KH wrote:
> > > > On Thu, Feb 05, 2026 at 05:10:30AM +0000, Nikunj A Dadhania wrote:
> > > >> FRED enabled SEV-ES and SNP guests fail to boot due to the following
> > > >> issues in the early boot sequence:
> > > >>
> > > >> * FRED does not have a #VC exception handler in the dispatch logic
> > > >>
> > > >> * For secondary CPUs, FRED is enabled before setting up the FRED MSRs, and
> > > >> console output triggers a #VC which cannot be handled
> > > >>
> > > >> * Early FRED #VC exceptions should use boot_ghcb until per-CPU GHCBs are
> > > >> initialized
> > > >>
> > > >> Fix these issues to ensure SEV-ES/SNP guests can handle #VC exceptions
> > > >> correctly during early boot when FRED is enabled.
> > > >>
> > > >> Fixes: 14619d912b65 ("x86/fred: FRED entry/exit and dispatch code")
> > > >> Cc: stable@xxxxxxxxxxxxxxx # 6.9+
> > > >> Signed-off-by: Nikunj A Dadhania <nikunj@xxxxxxx>
> > > >> ---
> > > >>
> > > >> Reason to add stable tag:
> > > >>
> > > >> With FRED support for SVM here
> > > >> https://lore.kernel.org/kvm/20260129063653.3553076-1-shivansh.dhiman@xxxxxxx,
> > > >> SVM and SEV guests running 6.9 and later kernels will support FRED.
> > > >> However, *SEV-ES and SNP guests cannot support FRED* and will fail to boot
> > > >> with the following error:
> > > >>
> > > >> [ 0.005144] Using GB pages for direct mapping
> > > >> [ 0.008402] Initialize FRED on CPU0
> > > >> qemu-system-x86_64: cpus are not resettable, terminating
> > > >>
> > > >> Three problems were identified as detailed in the commit message above and
> > > >> is fixed with this patch.
> > > >>
> > > >> I would like the patch to be backported to the LTS kernels (6.12 and 6.18) to
> > > >> ensure SEV-ES and SNP guests running these stable kernel versions can boot
> > > >> with FRED enabled on FRED-enabled hypervisors.
> > > >
> > > > That sounds like new hardware support, if you really want that, why not
> > > > just use newer kernel versions with this fix in it? Obviously no one is
> > > > running those kernels on that hardware today, so this isn't a regression :)
>
> I disagree, this absolutely is a regression. Kernels without commit 14619d912b65
> will boot on this "new" hardware, kernels with the commit will not.

That commit added the new FRED feature, which "broke" when it hits real
hardware. Not really a "regression" in my opinion as obviously it never
worked at all :)

Anyway, I'll let you x86 maintainers here hash that out, just my
thoughts...

thanks,

greg k-h