[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230325160128.21857-1-kirill.shutemov@linux.intel.com>
Date: Sat, 25 Mar 2023 19:01:28 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: Dave Hansen <dave.hansen@...ux.intel.com>,
Borislav Petkov <bp@...en8.de>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
Eric Biederman <ebiederm@...ssion.com>,
kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [PATCH] x86: Disable kexec for TDX guests
Kexec enabling inside TDX guest requires addressing several issues:
- Avoid clearing CR4.MCE during kexec;
- Convert all shared memory back to private on kexec, so the next
kernel could start normally;
- Add support for offlining secondary CPUs, so the new kernel could
bring them up again.
The first two items are relatively straight-forward. The initial attempt
to implement them can be found here - [1].
The last item is tricky. TDX guests use ACPI MADT MPWK to bring up
secondary CPUs. The mechanism doesn't allow to put a CPU back offline if
it has woken up.
It is clearly missing functionality from the ACPI mechanism and it has
to be changed to allow offlining. The work in this direction has
started, but it takes time.
For now, disable kexec for TDX guests. It will fail kexec instead of
crashing on attempt.
[1] https://lore.kernel.org/all/20230213234836.3683-1-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
---
arch/x86/include/asm/kexec.h | 3 +++
arch/x86/kernel/machine_kexec_64.c | 10 ++++++++++
include/linux/kexec.h | 7 +++++++
kernel/kexec.c | 4 ++++
kernel/kexec_file.c | 4 ++++
5 files changed, 28 insertions(+)
diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h
index a3760ca796aa..89693684a7d1 100644
--- a/arch/x86/include/asm/kexec.h
+++ b/arch/x86/include/asm/kexec.h
@@ -189,6 +189,9 @@ extern void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages);
void arch_kexec_protect_crashkres(void);
#define arch_kexec_protect_crashkres arch_kexec_protect_crashkres
+int arch_kexec_load(void);
+#define arch_kexec_load arch_kexec_load
+
void arch_kexec_unprotect_crashkres(void);
#define arch_kexec_unprotect_crashkres arch_kexec_unprotect_crashkres
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index 0611fd83858e..9a0ded12df70 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -600,3 +600,13 @@ void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages)
*/
set_memory_encrypted((unsigned long)vaddr, pages);
}
+
+int arch_kexec_load(void)
+{
+ if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) {
+ pr_warn_once("Disable kexec: not yet supported in TDX guest\n");
+ return -EOPNOTSUPP;
+ }
+
+ return 0;
+}
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 6883c5922701..9fa88c191605 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -442,6 +442,13 @@ static inline void arch_kexec_protect_crashkres(void) { }
static inline void arch_kexec_unprotect_crashkres(void) { }
#endif
+#ifndef arch_kexec_load
+static inline int arch_kexec_load(void)
+{
+ return 0;
+}
+#endif
+
#ifndef page_to_boot_pfn
static inline unsigned long page_to_boot_pfn(struct page *page)
{
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 92d301f98776..70e4923c135d 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -194,6 +194,10 @@ static inline int kexec_load_check(unsigned long nr_segments,
KEXEC_TYPE_CRASH : KEXEC_TYPE_DEFAULT;
int result;
+ result = arch_kexec_load();
+ if (result)
+ return result;
+
/* We only trust the superuser with rebooting the system. */
if (!kexec_load_permitted(image_type))
return -EPERM;
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f1a0e4e3fb5c..d02b7eb0f6e6 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -331,6 +331,10 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
struct kimage **dest_image, *image;
int ret = 0, i;
+ ret = arch_kexec_load();
+ if (ret)
+ return ret;
+
/* We only trust the superuser with rebooting the system. */
if (!kexec_load_permitted(image_type))
return -EPERM;
--
2.39.2
Powered by blists - more mailing lists