* [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests
@ 2021-06-03 13:22 Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 1/2] kexec: Allow architecture code to opt-out at runtime Joerg Roedel
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Joerg Roedel @ 2021-06-03 13:22 UTC (permalink / raw)
To: Eric Biederman, x86
Cc: Joerg Roedel, Joerg Roedel, hpa, Andy Lutomirski, Dave Hansen,
Peter Zijlstra, Jiri Slaby, Dan Williams, Tom Lendacky,
Juergen Gross, Kees Cook, David Rientjes, Cfir Cohen,
Erdem Aktas, Masami Hiramatsu, Mike Stunes, Sean Christopherson,
Martin Radev, Arvind Sankar, linux-coco, linux-kernel, kvm,
virtualization
From: Joerg Roedel <jroedel@suse.de>
Changes v1->v2:
- Rebased to v5.13-rc4
- Add the check also to the kexec_file_load system call
Original cover letter:
Hi,
two small patches to disable kexec on x86 when running as an SEV-ES
guest. Trying to kexec a new kernel would fail anyway because there is
no mechanism yet to hand over the APs from the old to the new kernel.
Supporting this needs changes in the Hypervisor and the guest kernel
as well.
This code is currently being work on, but disable kexec in SEV-ES
guests until it is ready.
Please review.
Regards,
Joerg
Joerg Roedel (2):
kexec: Allow architecture code to opt-out at runtime
x86/kexec/64: Forbid kexec when running as an SEV-ES guest
arch/x86/kernel/machine_kexec_64.c | 8 ++++++++
include/linux/kexec.h | 1 +
kernel/kexec.c | 14 ++++++++++++++
kernel/kexec_file.c | 9 +++++++++
4 files changed, 32 insertions(+)
--
2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2 1/2] kexec: Allow architecture code to opt-out at runtime
2021-06-03 13:22 [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
@ 2021-06-03 13:22 ` Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest Joerg Roedel
2021-06-14 12:33 ` [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
2 siblings, 0 replies; 4+ messages in thread
From: Joerg Roedel @ 2021-06-03 13:22 UTC (permalink / raw)
To: Eric Biederman, x86
Cc: Joerg Roedel, Joerg Roedel, stable, hpa, Andy Lutomirski,
Dave Hansen, Peter Zijlstra, Jiri Slaby, Dan Williams,
Tom Lendacky, Juergen Gross, Kees Cook, David Rientjes,
Cfir Cohen, Erdem Aktas, Masami Hiramatsu, Mike Stunes,
Sean Christopherson, Martin Radev, Arvind Sankar, linux-coco,
linux-kernel, kvm, virtualization
From: Joerg Roedel <jroedel@suse.de>
Allow a runtime opt-out of kexec support for architecture code in case
the kernel is running in an environment where kexec is not properly
supported yet.
This will be used on x86 when the kernel is running as an SEV-ES
guest. SEV-ES guests need special handling for kexec to hand over all
CPUs to the new kernel. This requires special hypervisor support and
handling code in the guest which is not yet implemented.
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
include/linux/kexec.h | 1 +
kernel/kexec.c | 14 ++++++++++++++
kernel/kexec_file.c | 9 +++++++++
3 files changed, 24 insertions(+)
diff --git a/include/linux/kexec.h b/include/linux/kexec.h
index 0c994ae37729..85c30dcd0bdc 100644
--- a/include/linux/kexec.h
+++ b/include/linux/kexec.h
@@ -201,6 +201,7 @@ int arch_kexec_kernel_verify_sig(struct kimage *image, void *buf,
unsigned long buf_len);
#endif
int arch_kexec_locate_mem_hole(struct kexec_buf *kbuf);
+bool arch_kexec_supported(void);
extern int kexec_add_buffer(struct kexec_buf *kbuf);
int kexec_locate_mem_hole(struct kexec_buf *kbuf);
diff --git a/kernel/kexec.c b/kernel/kexec.c
index c82c6c06f051..d03134160458 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -195,11 +195,25 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
* that to happen you need to do that yourself.
*/
+bool __weak arch_kexec_supported(void)
+{
+ return true;
+}
+
static inline int kexec_load_check(unsigned long nr_segments,
unsigned long flags)
{
int result;
+ /*
+ * The architecture may support kexec in general, but the kernel could
+ * run in an environment where it is not (yet) possible to execute a new
+ * kernel. Allow the architecture code to opt-out of kexec support when
+ * it is running in such an environment.
+ */
+ if (!arch_kexec_supported())
+ return -ENOSYS;
+
/* We only trust the superuser with rebooting the system. */
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 33400ff051a8..96d08a512e9c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -358,6 +358,15 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
int ret = 0, i;
struct kimage **dest_image, *image;
+ /*
+ * The architecture may support kexec in general, but the kernel could
+ * run in an environment where it is not (yet) possible to execute a new
+ * kernel. Allow the architecture code to opt-out of kexec support when
+ * it is running in such an environment.
+ */
+ if (!arch_kexec_supported())
+ return -ENOSYS;
+
/* We only trust the superuser with rebooting the system. */
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest
2021-06-03 13:22 [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 1/2] kexec: Allow architecture code to opt-out at runtime Joerg Roedel
@ 2021-06-03 13:22 ` Joerg Roedel
2021-06-14 12:33 ` [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
2 siblings, 0 replies; 4+ messages in thread
From: Joerg Roedel @ 2021-06-03 13:22 UTC (permalink / raw)
To: Eric Biederman, x86
Cc: Joerg Roedel, Joerg Roedel, stable, hpa, Andy Lutomirski,
Dave Hansen, Peter Zijlstra, Jiri Slaby, Dan Williams,
Tom Lendacky, Juergen Gross, Kees Cook, David Rientjes,
Cfir Cohen, Erdem Aktas, Masami Hiramatsu, Mike Stunes,
Sean Christopherson, Martin Radev, Arvind Sankar, linux-coco,
linux-kernel, kvm, virtualization
From: Joerg Roedel <jroedel@suse.de>
For now, kexec is not supported when running as an SEV-ES guest. Doing
so requires additional hypervisor support and special code to hand
over the CPUs to the new kernel in a safe way.
Until this is implemented, do not support kexec in SEV-ES guests.
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Joerg Roedel <jroedel@suse.de>
---
arch/x86/kernel/machine_kexec_64.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/machine_kexec_64.c b/arch/x86/kernel/machine_kexec_64.c
index c078b0d3ab0e..f902cc9cc634 100644
--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -620,3 +620,11 @@ void arch_kexec_pre_free_pages(void *vaddr, unsigned int pages)
*/
set_memory_encrypted((unsigned long)vaddr, pages);
}
+
+/*
+ * Kexec is not supported in SEV-ES guests yet
+ */
+bool arch_kexec_supported(void)
+{
+ return !sev_es_active();
+}
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests
2021-06-03 13:22 [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 1/2] kexec: Allow architecture code to opt-out at runtime Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest Joerg Roedel
@ 2021-06-14 12:33 ` Joerg Roedel
2 siblings, 0 replies; 4+ messages in thread
From: Joerg Roedel @ 2021-06-14 12:33 UTC (permalink / raw)
To: Eric Biederman, x86
Cc: Joerg Roedel, hpa, Andy Lutomirski, Dave Hansen, Peter Zijlstra,
Jiri Slaby, Dan Williams, Tom Lendacky, Juergen Gross, Kees Cook,
David Rientjes, Cfir Cohen, Erdem Aktas, Masami Hiramatsu,
Mike Stunes, Sean Christopherson, Martin Radev, Arvind Sankar,
linux-coco, linux-kernel, kvm, virtualization
Gentle ping.
On Thu, Jun 03, 2021 at 03:22:31PM +0200, Joerg Roedel wrote:
> From: Joerg Roedel <jroedel@suse.de>
>
> Changes v1->v2:
>
> - Rebased to v5.13-rc4
> - Add the check also to the kexec_file_load system call
>
> Original cover letter:
>
> Hi,
>
> two small patches to disable kexec on x86 when running as an SEV-ES
> guest. Trying to kexec a new kernel would fail anyway because there is
> no mechanism yet to hand over the APs from the old to the new kernel.
> Supporting this needs changes in the Hypervisor and the guest kernel
> as well.
>
> This code is currently being work on, but disable kexec in SEV-ES
> guests until it is ready.
>
> Please review.
>
> Regards,
>
> Joerg
>
> Joerg Roedel (2):
> kexec: Allow architecture code to opt-out at runtime
> x86/kexec/64: Forbid kexec when running as an SEV-ES guest
>
> arch/x86/kernel/machine_kexec_64.c | 8 ++++++++
> include/linux/kexec.h | 1 +
> kernel/kexec.c | 14 ++++++++++++++
> kernel/kexec_file.c | 9 +++++++++
> 4 files changed, 32 insertions(+)
>
> --
> 2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-14 12:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-03 13:22 [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 1/2] kexec: Allow architecture code to opt-out at runtime Joerg Roedel
2021-06-03 13:22 ` [PATCH v2 2/2] x86/kexec/64: Forbid kexec when running as an SEV-ES guest Joerg Roedel
2021-06-14 12:33 ` [PATCH v2 0/2] x86: Disable kexec for SEV-ES guests Joerg Roedel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).