On 9/13/21 9:14 AM, Joerg Roedel wrote: > On Mon, Sep 13, 2021 at 09:02:38AM -0700, Dave Hansen wrote: >> On 9/13/21 8:55 AM, Joerg Roedel wrote: >>> This does not work under SEV-ES, because the hypervisor has no access >>> to the vCPU registers and can't make modifications to them. So an >>> SEV-ES guest needs to reset the vCPU itself and park it using the >>> AP-reset-hold protocol. Upon wakeup the guest needs to jump to >>> real-mode and to the reset-vector configured in the AP-Jump-Table. >> How does this end up looking to an end user that tries to kexec() from a >> an SEV-ES kernel? Does it just hang? > Yes, the kexec will just hang. This patch-set contains code to disable > the kexec syscalls in situations where it would not work for that > reason. Got it. The end-user-visible symptom just wasn't obvious. If you revise these, it might be nice to add that so that folks who cherry-pick stable patches or update to new stable kernels have an idea what this might fix.
