Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime
From: Eric W. Biederman <hidden>
Date: 2021-11-02 18:17:59
Also in:
kexec, kvm, linux-coco, lkml, stable
Possibly related (same subject, not in this thread)
- 2021-11-02 · Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime · Borislav Petkov <bp@alien8.de>
- 2021-11-02 · Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime · Joerg Roedel <hidden>
- 2021-11-02 · Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime · Joerg Roedel <hidden>
- 2021-11-01 · Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime · Eric W. Biederman <hidden>
- 2021-11-01 · Re: [PATCH v2 01/12] kexec: Allow architecture code to opt-out at runtime · Borislav Petkov <bp@alien8.de>
Joerg Roedel [off-list ref] writes:
Hi again, On Mon, Nov 01, 2021 at 04:11:42PM -0500, Eric W. Biederman wrote:quoted
I seem to remember the consensus when this was reviewed that it was unnecessary and there is already support for doing something like this at a more fine grained level so we don't need a new kexec hook.Forgot to state to problem again which these patches solve: Currently a Linux kernel running as an SEV-ES guest has no way to successfully kexec into a new kernel. The normal SIPI sequence to reset the non-boot VCPUs does not work in SEV-ES guests and special code is needed in Linux to safely hand over the VCPUs from one kernel to the next. What happens currently is that the kexec'ed kernel will just hang. The code which implements the VCPU hand-over is also included in this patch-set, but it requires a certain level of Hypervisor support which is not available everywhere. To make it clear to the user that kexec will not work in their environment, it is best to disable the respected syscalls. This is what the hook is needed for.
Note this is environmental. This is the equivalent of a driver for a device without some feature. The kernel already has machine_kexec_prepare, which is perfectly capable of detecting this is a problem and causing kexec_load to fail. Which is all that is required. We don't need a new hook and a new code path to test for one architecture. So when we can reliably cause the system call to fail with a specific error code I don't think it makes sense to make clutter up generic code because of one architecture's design mistakes. My honest preference would be to go farther and have a firmware/hypervisor/platform independent rendezvous for the cpus so we don't have to worry about what bugs the code under has implemented for this special case. Because frankly there when there are layers of software if a bug can slip through it always seems to and causes problems. But definitely there is no reason to add another generic hook when the existing hook is quite good enough. Eric _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization