Joerg Roedel <joro@xxxxxxxxxx> writes: > From: Joerg Roedel <jroedel@xxxxxxx> > > For now, kexec is not supported when running as an SEV-ES guest. Doing > so requires additional hypervisor support and special code to hand > over the CPUs to the new kernel in a safe way. > > Until this is implemented, do not support kexec in SEV-ES guests. I don't understand this. Fundamentally kexec is about doing things more or less inspite of what the firmware is doing. I don't have any idea what a SEV-ES is. But the normal x86 boot doesn't do anything special. Is cross cpu IPI emulation buggy? If this is a move in your face hypervisor like Xen is sometimes I can see perhaps needing a little bit of different work during bootup. Perhaps handing back a cpu on system shutdown and asking for more cpus on system boot up. What is the actual problem you are trying to avoid? And yes for a temporary hack the suggestion of putting code into machine_kexec_prepare seems much more reasonable so we don't have to carry special case infrastructure for the forseeable future. Eric > Cc: stable@xxxxxxxxxxxxxxx # v5.10+ > Signed-off-by: Joerg Roedel <jroedel@xxxxxxx> > --- > arch/x86/kernel/machine_kexec_64.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c > index c078b0d3ab0e..f902cc9cc634 100644 > --- a/arch/x86/kernel/machine_kexec_64.c > +++ b/arch/x86/kernel/machine_kexec_64.c > @@ -620,3 +620,11 @@ void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages) > */ > set_memory_encrypted((unsigned long)vaddr, pages); > } > + > +/* > + * Kexec is not supported in SEV-ES guests yet > + */ > +bool arch_kexec_supported(void) > +{ > + return !sev_es_active(); > +}