On Mon, Apr 29, 2024 at 04:45:08PM +0200, Borislav Petkov wrote:
> On Mon, Apr 29, 2024 at 04:17:38PM +0300, Kirill A. Shutemov wrote:
> > As I mentioned above, clearing CR4.MCE triggers #VE. It is quirk of the
> > platform.
>
> You mean when identity_mapped() runs as part of a kexec-ed kernel, it
> might clear CR4.MCE and that would trigger the #VE?
Yes, that's what happens in current upstream.
> So, if that is correct, you basically want to *preserve* the CR4.MCE
> setting across kexec?
Yes.
> But then __mcheck_cpu_init_generic() will go and set it
> unconditionally.
__mcheck_cpu_init_generic() will not change anything in this case as the
bit is already set. Everything is hunky-dory.
> So what exactly is the correct flow here?
TDX guest has CR4.MCE set from time 0 and it has to stay this way all the
time including kexec flow.
We have already modified early boot code to preserve CR4.MCE. See
77a512e35db7 ("x86/boot: Avoid #VE during boot for TDX platforms").
The patch extends it to kexec flow.
--
Kiryl Shutsemau / Kirill A. Shutemov
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
