Received: by 2002:ab2:1689:0:b0:1f7:5705:b850 with SMTP id d9csp1434830lqa; Mon, 29 Apr 2024 08:22:08 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVlv/dST9SGZ2ETE3rp8ejptS1+Lq2U2EN/qEwJND0CuPH6G/MvcLYcKl6nPxk2MCdbeJmuBcdRT+8JYyxZkZqqMTF3ipE8S+TSNuBL0A== X-Google-Smtp-Source: AGHT+IGRUZPYQbss+S9YWENIdx/NCJm7xO7xNytPXxc690WpM8pSirjx2JQ9hSdvxL0Axg1vuddW X-Received: by 2002:a17:906:799:b0:a55:33a5:9116 with SMTP id l25-20020a170906079900b00a5533a59116mr9057650ejc.33.1714404127888; Mon, 29 Apr 2024 08:22:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714404127; cv=pass; d=google.com; s=arc-20160816; b=d67ITQovrTUNr3G7usQ7e7oEXaGhxBE3Bwi4EM5oHBuUk7JlpgfBqH7RmaPmUGVurV YztA4aYZ8lC2IYW9iaNvhiiGGyGoJt3pYYJvOYu6Jk5DNutx67vcy5uRq7WDLF2RPPcP gYwaBz0f+3k2j6O7++3b3T5Sb3VFOgwS0M9U7OIvr5/qCoxCLRYYwDipqls3FMlApHBT 2WQrbUVfMK6OBqoQUv/zvjQLkv0Bd4PtxX9y3JNB1pypy9JOTR2RhV2XUKG9rRoeu0fg CB+t5/v3/X+a5Pb8QtdxQ189RdU1TSokHf2ZvcRnaWfJOySME8+sGqITpX9lJ5ntBM/s DefA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=DJELjo7Ahmi1lVpfa2y/gUSfX5ekxq4dCSOFAzoslQQ=; fh=5O52TcMUBUufNBGfKLbJPiNVv1Stk+y7ozZwVw1dsiw=; b=ZDAADZD3ZtIKMRudFjnm6jtxLPxOBjs3RCzZ7AugxhJFpX6XNq8Ie/fG3lAoNzPjre uSqLD8OKQiKBGN7uMjxviGMF9Kd6RNrVVqm/zUQG+KxpupIUCsi0HiOmjA8Xj9B2U6tW tk4dTF8jeEuO1HvIEyAqkPi5ioOjk4vWO06dD/utnHjg3AgQHagbFB+PQOf1JC2bNZIq KYFjJw90bmwxlaMT8qu7Dej/FaPnfwVJMM0/HBDyjPMpTF6+1ydQsJe2uH3wg8ECcoiZ yUijwMH0y//MsoyzWXH/t9yv6RCJgbue8VYhH+B/bKfbbK2d+JCcri5XGJspwpKSmile zRSg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LbISdxnS; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id ka7-20020a170907990700b00a5226c80e29si14564168ejc.247.2024.04.29.08.22.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 29 Apr 2024 08:22:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LbISdxnS; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-162562-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 9C8A81F20219 for ; Mon, 29 Apr 2024 15:22:07 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0A4F986244; Mon, 29 Apr 2024 15:17:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="LbISdxnS" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBAD384FB1 for ; Mon, 29 Apr 2024 15:17:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714403842; cv=none; b=tuXTvihgDWHYFiIiko3MPsx928lhxwNKgpHiw02wDGTsDY9DszofV/efRb76NFwRzsdfX/x38yvIHa/XKeph6mJ4qBDB5WkKo7xD1utAHHECD24EASV2ans7tpQtXONT6IKGmu8DlyoHqy6zDbmSgaRv5g+P/s/TeIW4qpE2l/E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714403842; c=relaxed/simple; bh=MlSlRGaYiem3SuUQO4BAsBy3xzf+/yW9MMNWdq/F60Y=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=CMAAidnW2sd2PbjG6PHpMo1BXErrhPkB16++SpTAUXHQsPGtQ+HjGja9bgisHXgDRYC72dzGglwM6pa0bY0KfHObTZQfUZBKmlLOhtzsZXchDiewYd/6rZU0FxZU37fLNhDoLjBMfdx/bjWrYYqjksKQEcrhvdsplrsSy57OdZQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=LbISdxnS; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1714403842; x=1745939842; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=MlSlRGaYiem3SuUQO4BAsBy3xzf+/yW9MMNWdq/F60Y=; b=LbISdxnSrmWPCv4ZuDaEPbUtejCg5JXzFijVLYfTmqsbnoMKRTl5RnZO rTIMfa8b7AHGAAJkKTtWmY/vrQ+Ys40ZaHYnZOf8WNeTv9M5mHmSvpDFq gatYl13jq4RwjKpx1Hy189jUrzzFLYGQeff5s/E7RgfR898CjzZRYKD4H DO1BPRdjEEVdjlHYGvX4RAKhWMNzo9Dqx1qfMznTsZDYkwj4ggn46vA/W gi7tSnSd+PoVOWxtes1e8veLSPLLykyffU/abSuTQHBatMy7lpHfG2FzM ha9BiSd5sSVQIR17T/giyR/ieK/jKjjNhtYDOv9SBCVdlcBlrUnib+1ux Q==; X-CSE-ConnectionGUID: XFsWaQvoSI+i/m4vgXsn6g== X-CSE-MsgGUID: Oi2dCnQrR2WTSKvs3tfMvw== X-IronPort-AV: E=McAfee;i="6600,9927,11059"; a="10187909" X-IronPort-AV: E=Sophos;i="6.07,239,1708416000"; d="scan'208";a="10187909" Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2024 08:17:01 -0700 X-CSE-ConnectionGUID: 3l6VczyNSXi1e+hlJ02smw== X-CSE-MsgGUID: sLGm4kwkThqjbQ/IHUUlBQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,239,1708416000"; d="scan'208";a="26098655" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa009.fm.intel.com with ESMTP; 29 Apr 2024 08:16:56 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id D0D851A0; Mon, 29 Apr 2024 18:16:54 +0300 (EEST) Date: Mon, 29 Apr 2024 18:16:54 +0300 From: "Kirill A. Shutemov" To: Borislav Petkov Cc: Sean Christopherson , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "Rafael J. Wysocki" , Peter Zijlstra , Adrian Hunter , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Rick Edgecombe , Tom Lendacky , Ashish Kalra , Kai Huang , Baoquan He , kexec@lists.infradead.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCHv10 05/18] x86/kexec: Keep CR4.MCE set during kexec for TDX guest Message-ID: References: <20240409113010.465412-1-kirill.shutemov@linux.intel.com> <20240409113010.465412-6-kirill.shutemov@linux.intel.com> <3q6jv3g4tezybmd667mqxio7ty22akxv7okrznmzx3tju2u4qo@2alzjkbgm2lh> <20240428171111.GKZi6DLy_ZwuZsZdFq@fat_crate.local> <20240429144454.GHZi-yZkD0boKk5N17@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240429144454.GHZi-yZkD0boKk5N17@fat_crate.local> On Mon, Apr 29, 2024 at 04:45:08PM +0200, Borislav Petkov wrote: > On Mon, Apr 29, 2024 at 04:17:38PM +0300, Kirill A. Shutemov wrote: > > As I mentioned above, clearing CR4.MCE triggers #VE. It is quirk of the > > platform. > > You mean when identity_mapped() runs as part of a kexec-ed kernel, it > might clear CR4.MCE and that would trigger the #VE? Yes, that's what happens in current upstream. > So, if that is correct, you basically want to *preserve* the CR4.MCE > setting across kexec? Yes. > But then __mcheck_cpu_init_generic() will go and set it > unconditionally. __mcheck_cpu_init_generic() will not change anything in this case as the bit is already set. Everything is hunky-dory. > So what exactly is the correct flow here? TDX guest has CR4.MCE set from time 0 and it has to stay this way all the time including kexec flow. We have already modified early boot code to preserve CR4.MCE. See 77a512e35db7 ("x86/boot: Avoid #VE during boot for TDX platforms"). The patch extends it to kexec flow. -- Kiryl Shutsemau / Kirill A. Shutemov