Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp4458612pxb; Tue, 2 Nov 2021 10:03:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxf8PFhrBfjqALYNpYrurttludh6qnzWSXXa3nu9+y4g9eAkkWmWAPqN2APkrth8Mg5OybR X-Received: by 2002:a17:906:b055:: with SMTP id bj21mr47187169ejb.292.1635872619669; Tue, 02 Nov 2021 10:03:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635872619; cv=none; d=google.com; s=arc-20160816; b=w1FeDecxEG1/aMl8LaizZFbUZh3stKjVgeAGFisXK9SGtZml5MdlJp3m4XEGAvDsRL o6HxfkK3qWNwbYJMvDNhoIheZB2AT+Ugpky7O6yY5pKNGQk8U7k8XVg76WqQRiL8Rs6p ieMIuwkh9T0W9TQ6iYomFwpEJRHeggQ/iLV/sCHuxJWxrc9aS49GtlPjfsViLb3egEKd hbEriFcP0CqvPEk2GSkg0LK2BCk3akRFwxBbdpIRZTEWNJ1jWlECsovFM8gwgaxe4F2K mBBvb6jvJvGdZSflqfk7cDlaButSCWmuYL1CKR5GsCLqKmXyDLReJBRxVjsC14NneLLn s7FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:dkim-signature; bh=dnCsQ7BN32L02J/65RauwbZm1QvjnZr+v+hxhCe8MxI=; b=snQaHAKqEICBo3DArLcWmJaaWW6xECTvh79v1yQr7ssrjg3+v2H8e6jc31T89FjYIV TddSav0XmTdIi4v42Qm1QpCNyi0l6SA38nOuxh+fEkhzKegi9sU3iCN3mzwFs5mOgTyU FLm39rDJPcZ1cPgl5pdBzPh6utdvlRnN9SOpBFKR+nfbdyXMUNM8JO8gk/JXJkUHMXMG JqBeOEH66DybylJcGKM/uFw6uviyhkXCBm0i8gyH+/hI8uOwwaP2NX53vSUrmB98L9/z 0UhSyTXxWZ5DlyawdL8CjnRf6DCwcM7GzggZveLUdyy0OVt83n572IT3VrCG7nWypARi d0nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=LN+ZU9zV; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=ja6aDrNj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y13si11617396edd.196.2021.11.02.10.03.14; Tue, 02 Nov 2021 10:03:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=LN+ZU9zV; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=ja6aDrNj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230382AbhKBRDB (ORCPT + 99 others); Tue, 2 Nov 2021 13:03:01 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:34434 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229684AbhKBRDA (ORCPT ); Tue, 2 Nov 2021 13:03:00 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id F12D22191E; Tue, 2 Nov 2021 17:00:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1635872424; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnCsQ7BN32L02J/65RauwbZm1QvjnZr+v+hxhCe8MxI=; b=LN+ZU9zVSkG+f0o1YeJTC9q80r9sNYe6LxDrXS7XF8DzJ53ODTemD9FbGpNEHMy+hyDNXE hdCigzNumqte3Rcc9+thzX+rrlZxhUHNqmkECg5/UMzrWtj7pGm1s+8O7g8aXdyMZf7HDq BtYnASAc7IuY5Caj6S3VgneFfyq5XBk= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1635872424; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dnCsQ7BN32L02J/65RauwbZm1QvjnZr+v+hxhCe8MxI=; b=ja6aDrNj7Fh4aeiNIcEUe8KPzSQl+xaRPWbSKjWn8xpSUgSP3K6SrDUs+ZMp4zP3RFNhuJ g7inhpvxt12rZPCg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0963513E74; Tue, 2 Nov 2021 17:00:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OXF4AKdugWFDfQAAMHmgww (envelope-from ); Tue, 02 Nov 2021 17:00:23 +0000 Date: Tue, 2 Nov 2021 18:00:21 +0100 From: Joerg Roedel To: "Eric W. Biederman" Cc: Borislav Petkov , Joerg Roedel , x86@kernel.org, kexec@lists.infradead.org, stable@vger.kernel.org, hpa@zytor.com, Andy Lutomirski , Dave Hansen , Peter Zijlstra , Jiri Slaby , Dan Williams , Tom Lendacky , Juergen Gross , Kees Cook , David Rientjes , Cfir Cohen , Erdem Aktas , Masami Hiramatsu , Mike Stunes , Sean Christopherson , Martin Radev , Arvind Sankar , linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org Subject: Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime Message-ID: References: <20210913155603.28383-1-joro@8bytes.org> <20210913155603.28383-2-joro@8bytes.org> <87pmrjbmy9.fsf@disp2133> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87pmrjbmy9.fsf@disp2133> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi again, On Mon, Nov 01, 2021 at 04:11:42PM -0500, Eric W. Biederman wrote: > I seem to remember the consensus when this was reviewed that it was > unnecessary and there is already support for doing something like > this at a more fine grained level so we don't need a new kexec hook. Forgot to state to problem again which these patches solve: Currently a Linux kernel running as an SEV-ES guest has no way to successfully kexec into a new kernel. The normal SIPI sequence to reset the non-boot VCPUs does not work in SEV-ES guests and special code is needed in Linux to safely hand over the VCPUs from one kernel to the next. What happens currently is that the kexec'ed kernel will just hang. The code which implements the VCPU hand-over is also included in this patch-set, but it requires a certain level of Hypervisor support which is not available everywhere. To make it clear to the user that kexec will not work in their environment, it is best to disable the respected syscalls. This is what the hook is needed for. Regards, -- J?rg R?del jroedel@suse.de SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 N?rnberg Germany (HRB 36809, AG N?rnberg) Gesch?ftsf?hrer: Ivo Totev