From: Joerg Roedel <jroedel@xxxxxxx> To support kexec under SEV-ES the APs can't be parked with HLT. Upon wakeup the AP needs to find its way to execute at the reset vector set by the new kernel and in real-mode. This is what the AP jump table blob provides, so stop the APs the SEV-ES way by calling the AP-reset-hold VMGEXIT from the AP jump table. Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> Signed-off-by: Vasant Karasulli <vkarasulli@xxxxxxx> --- arch/x86/include/asm/sev.h | 2 ++ arch/x86/kernel/process.c | 8 ++++++++ arch/x86/kernel/sev.c | 15 ++++++++++++++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 963d51dcf0e6..6f681ced6594 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -232,6 +232,7 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); +void sev_es_stop_this_cpu(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -261,6 +262,7 @@ static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } +static inline void sev_es_stop_this_cpu(void) { } #endif #ifdef CONFIG_KVM_AMD_SEV diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c index b8441147eb5e..0bc615d69c0e 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -52,6 +52,7 @@ #include <asm/tdx.h> #include <asm/mmu_context.h> #include <asm/shstk.h> +#include <asm/sev.h> #include "process.h" @@ -836,6 +837,13 @@ void __noreturn stop_this_cpu(void *dummy) cpumask_clear_cpu(cpu, &cpus_stop_mask); for (;;) { + /* + * SEV-ES guests need a special stop routine to support + * kexec. Try this first, if it fails the function will + * return and native_halt() is used. + */ + sev_es_stop_this_cpu(); + /* * Use native_halt() so that memory contents don't change * (stack usage and variables) after possibly issuing the diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 84b79630f065..8d3cc5cd7e11 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -1357,7 +1357,6 @@ void setup_ghcb(void) snp_register_ghcb_early(__pa(&boot_ghcb_page)); } -#ifdef CONFIG_HOTPLUG_CPU void __noreturn sev_jumptable_ap_park(void) { local_irq_disable(); @@ -1390,6 +1389,20 @@ void __noreturn sev_jumptable_ap_park(void) } STACK_FRAME_NON_STANDARD(sev_jumptable_ap_park); +void sev_es_stop_this_cpu(void) +{ + if (!(cc_vendor == CC_VENDOR_AMD) || + !cc_platform_has(CC_ATTR_GUEST_STATE_ENCRYPT)) + return; + + /* Only park in the AP jump table when the code has been installed */ + if (!sev_ap_jumptable_blob_installed) + return; + + sev_jumptable_ap_park(); +} + +#ifdef CONFIG_HOTPLUG_CPU static void sev_es_ap_hlt_loop(void) { struct ghcb_state state; -- 2.34.1