Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1434830lqa;
        Mon, 29 Apr 2024 08:22:08 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVlv/dST9SGZ2ETE3rp8ejptS1+Lq2U2EN/qEwJND0CuPH6G/MvcLYcKl6nPxk2MCdbeJmuBcdRT+8JYyxZkZqqMTF3ipE8S+TSNuBL0A==
X-Google-Smtp-Source: AGHT+IGRUZPYQbss+S9YWENIdx/NCJm7xO7xNytPXxc690WpM8pSirjx2JQ9hSdvxL0Axg1vuddW
X-Received: by 2002:a17:906:799:b0:a55:33a5:9116 with SMTP id l25-20020a170906079900b00a5533a59116mr9057650ejc.33.1714404127888;
        Mon, 29 Apr 2024 08:22:07 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1714404127; cv=pass;
        d=google.com; s=arc-20160816;
        b=d67ITQovrTUNr3G7usQ7e7oEXaGhxBE3Bwi4EM5oHBuUk7JlpgfBqH7RmaPmUGVurV
         YztA4aYZ8lC2IYW9iaNvhiiGGyGoJt3pYYJvOYu6Jk5DNutx67vcy5uRq7WDLF2RPPcP
         gYwaBz0f+3k2j6O7++3b3T5Sb3VFOgwS0M9U7OIvr5/qCoxCLRYYwDipqls3FMlApHBT
         2WQrbUVfMK6OBqoQUv/zvjQLkv0Bd4PtxX9y3JNB1pypy9JOTR2RhV2XUKG9rRoeu0fg
         CB+t5/v3/X+a5Pb8QtdxQ189RdU1TSokHf2ZvcRnaWfJOySME8+sGqITpX9lJ5ntBM/s
         DefA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-disposition:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=DJELjo7Ahmi1lVpfa2y/gUSfX5ekxq4dCSOFAzoslQQ=;
        fh=5O52TcMUBUufNBGfKLbJPiNVv1Stk+y7ozZwVw1dsiw=;
        b=ZDAADZD3ZtIKMRudFjnm6jtxLPxOBjs3RCzZ7AugxhJFpX6XNq8Ie/fG3lAoNzPjre
         uSqLD8OKQiKBGN7uMjxviGMF9Kd6RNrVVqm/zUQG+KxpupIUCsi0HiOmjA8Xj9B2U6tW
         tk4dTF8jeEuO1HvIEyAqkPi5ioOjk4vWO06dD/utnHjg3AgQHagbFB+PQOf1JC2bNZIq
         KYFjJw90bmwxlaMT8qu7Dej/FaPnfwVJMM0/HBDyjPMpTF6+1ydQsJe2uH3wg8ECcoiZ
         yUijwMH0y//MsoyzWXH/t9yv6RCJgbue8VYhH+B/bKfbbK2d+JCcri5XGJspwpKSmile
         zRSg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=LbISdxnS;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id ka7-20020a170907990700b00a5226c80e29si14564168ejc.247.2024.04.29.08.22.07
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 29 Apr 2024 08:22:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=LbISdxnS;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 9C8A81F20219
	for <linux.lists.archive@gmail.com>; Mon, 29 Apr 2024 15:22:07 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A4F986244;
	Mon, 29 Apr 2024 15:17:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LbISdxnS"
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBAD384FB1
	for <linux-kernel@vger.kernel.org>; Mon, 29 Apr 2024 15:17:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714403842; cv=none; b=tuXTvihgDWHYFiIiko3MPsx928lhxwNKgpHiw02wDGTsDY9DszofV/efRb76NFwRzsdfX/x38yvIHa/XKeph6mJ4qBDB5WkKo7xD1utAHHECD24EASV2ans7tpQtXONT6IKGmu8DlyoHqy6zDbmSgaRv5g+P/s/TeIW4qpE2l/E=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714403842; c=relaxed/simple;
	bh=MlSlRGaYiem3SuUQO4BAsBy3xzf+/yW9MMNWdq/F60Y=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=CMAAidnW2sd2PbjG6PHpMo1BXErrhPkB16++SpTAUXHQsPGtQ+HjGja9bgisHXgDRYC72dzGglwM6pa0bY0KfHObTZQfUZBKmlLOhtzsZXchDiewYd/6rZU0FxZU37fLNhDoLjBMfdx/bjWrYYqjksKQEcrhvdsplrsSy57OdZQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LbISdxnS; arc=none smtp.client-ip=198.175.65.17
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1714403842; x=1745939842;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=MlSlRGaYiem3SuUQO4BAsBy3xzf+/yW9MMNWdq/F60Y=;
  b=LbISdxnSrmWPCv4ZuDaEPbUtejCg5JXzFijVLYfTmqsbnoMKRTl5RnZO
   rTIMfa8b7AHGAAJkKTtWmY/vrQ+Ys40ZaHYnZOf8WNeTv9M5mHmSvpDFq
   gatYl13jq4RwjKpx1Hy189jUrzzFLYGQeff5s/E7RgfR898CjzZRYKD4H
   DO1BPRdjEEVdjlHYGvX4RAKhWMNzo9Dqx1qfMznTsZDYkwj4ggn46vA/W
   gi7tSnSd+PoVOWxtes1e8veLSPLLykyffU/abSuTQHBatMy7lpHfG2FzM
   ha9BiSd5sSVQIR17T/giyR/ieK/jKjjNhtYDOv9SBCVdlcBlrUnib+1ux
   Q==;
X-CSE-ConnectionGUID: XFsWaQvoSI+i/m4vgXsn6g==
X-CSE-MsgGUID: Oi2dCnQrR2WTSKvs3tfMvw==
X-IronPort-AV: E=McAfee;i="6600,9927,11059"; a="10187909"
X-IronPort-AV: E=Sophos;i="6.07,239,1708416000"; 
   d="scan'208";a="10187909"
Received: from fmviesa009.fm.intel.com ([10.60.135.149])
  by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2024 08:17:01 -0700
X-CSE-ConnectionGUID: 3l6VczyNSXi1e+hlJ02smw==
X-CSE-MsgGUID: sLGm4kwkThqjbQ/IHUUlBQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,239,1708416000"; 
   d="scan'208";a="26098655"
Received: from black.fi.intel.com ([10.237.72.28])
  by fmviesa009.fm.intel.com with ESMTP; 29 Apr 2024 08:16:56 -0700
Received: by black.fi.intel.com (Postfix, from userid 1000)
	id D0D851A0; Mon, 29 Apr 2024 18:16:54 +0300 (EEST)
Date: Mon, 29 Apr 2024 18:16:54 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Sean Christopherson <seanjc@google.com>, 
	Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, 
	Dave Hansen <dave.hansen@linux.intel.com>, x86@kernel.org, "Rafael J. Wysocki" <rafael@kernel.org>, 
	Peter Zijlstra <peterz@infradead.org>, Adrian Hunter <adrian.hunter@intel.com>, 
	Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>, Elena Reshetova <elena.reshetova@intel.com>, 
	Jun Nakajima <jun.nakajima@intel.com>, Rick Edgecombe <rick.p.edgecombe@intel.com>, 
	Tom Lendacky <thomas.lendacky@amd.com>, Ashish Kalra <ashish.kalra@amd.com>, 
	Kai Huang <kai.huang@intel.com>, Baoquan He <bhe@redhat.com>, kexec@lists.infradead.org, 
	linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: [PATCHv10 05/18] x86/kexec: Keep CR4.MCE set during kexec for
 TDX guest
Message-ID: <yh7wbdce5o35l4nkrkml3jp7tyzvzxwnfji2vmvnvaczsl6gdr@6qnwpw7g76a3>
References: <20240409113010.465412-1-kirill.shutemov@linux.intel.com>
 <20240409113010.465412-6-kirill.shutemov@linux.intel.com>
 <ZhVPIDDLkjOB96fI@google.com>
 <3q6jv3g4tezybmd667mqxio7ty22akxv7okrznmzx3tju2u4qo@2alzjkbgm2lh>
 <20240428171111.GKZi6DLy_ZwuZsZdFq@fat_crate.local>
 <e35yxpa2xdynm7focg6k4u2bjzojn24bmeaszh2jz52e4szc5f@6mgtrdnkewhe>
 <20240429144454.GHZi-yZkD0boKk5N17@fat_crate.local>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240429144454.GHZi-yZkD0boKk5N17@fat_crate.local>

On Mon, Apr 29, 2024 at 04:45:08PM +0200, Borislav Petkov wrote:
> On Mon, Apr 29, 2024 at 04:17:38PM +0300, Kirill A. Shutemov wrote:
> > As I mentioned above, clearing CR4.MCE triggers #VE. It is quirk of the
> > platform.
> 
> You mean when identity_mapped() runs as part of a kexec-ed kernel, it
> might clear CR4.MCE and that would trigger the #VE?

Yes, that's what happens in current upstream.

> So, if that is correct, you basically want to *preserve* the CR4.MCE
> setting across kexec?

Yes.

> But then __mcheck_cpu_init_generic() will go and set it
> unconditionally.

__mcheck_cpu_init_generic() will not change anything in this case as the
bit is already set. Everything is hunky-dory.

> So what exactly is the correct flow here?

TDX guest has CR4.MCE set from time 0 and it has to stay this way all the
time including kexec flow.

We have already modified early boot code to preserve CR4.MCE. See
77a512e35db7 ("x86/boot: Avoid #VE during boot for TDX platforms").
The patch extends it to kexec flow.

-- 
  Kiryl Shutsemau / Kirill A. Shutemov