From patchwork Wed Jan 24 12:55:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 19403 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:2553:b0:103:945f:af90 with SMTP id p19csp1106389dyi; Wed, 24 Jan 2024 08:32:36 -0800 (PST) X-Google-Smtp-Source: AGHT+IFr6Ujwe6cjbKKrfLwzB49TQIgOWaWod+qVUBhD+7k6eFs2+ZY4rCEo0oamwpTFlFOzHg9j X-Received: by 2002:a17:903:32d0:b0:1d7:6a83:8e94 with SMTP id i16-20020a17090332d000b001d76a838e94mr845991plr.42.1706113955844; Wed, 24 Jan 2024 08:32:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706113955; cv=pass; d=google.com; s=arc-20160816; b=0egesGuV8a7RMkKfms03Tbgw5GOaBBDz92Uo3qBEBn1ZA3lOQ2swm6kEyBOGSRe5X0 UfWkOHbHK04okVtTZU9/5FEz3T0Fy3UHtwQT0Mfiiuw+QxZrPSRquHFTbH9Ald7jyJNf c9LuHhxYPKtMaz7VG6F1UTQc3aA6s4quBTt+/6M1u4qP9gJ2qvlI3Zs27v88m/LlOqra sbWi4n78Whytg8mrcvgF+RfaxO20irGIGcMElHmHvuZfnPPQ4tpGXtVDpeIKuzduXJXs pmlJzr1ES6cGhFbClsPG7F5lueX/KNv10h/lX3+Bu6uxPBOY1VeEJWjsCMSXD55gsBf5 ckHw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=wcuCkMxGA5FwEa3z92vBtPxMYbn8LMTW5ZI56hcdtx4=; fh=OvJRnOqsMTm9XoNmEwebcqh9Ud7yh1CTeKAP84ols98=; b=OQVHGIYjtZhU45tUqceuPw9J/ln+7Ux36vbOdiQNSHa1+4/ohmXzTLLnFuMY8Mv8PT ix7xa3EkyVCq6hntziFvxJrljQtVnFF7xTZpB+T+TAprfnEGSZ1NxmqvQj6xfTHn3Nrh 1WcgdVGswQJp+9oxfQWDnqO1Ty2OayRIJXkycFuyil5P+8Uj8dtkUFFqq9CNCPh2MceQ +j24XZUvHytcrPM6l1i3R4WkwRYW+hEO2RnejkC/obm3j3A3ZZ7M434E40NcnWqR3hFB oeHFToGB4NOaSCwQlFAUxD06tPsdITAaf6/gnRSD+eu4MgCqLsvYtShSGVQbEV0vWRvH tgWw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KDJxUsCt; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-37028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-37028-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id u22-20020a63ef16000000b00563de199314si12038278pgh.896.2024.01.24.08.32.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 08:32:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-37028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=KDJxUsCt; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-37028-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-37028-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6C094B23793 for ; Wed, 24 Jan 2024 12:58:31 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id AB5C47C0A1; Wed, 24 Jan 2024 12:56:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="KDJxUsCt" Received: from mgamail.intel.com (mgamail.intel.com [134.134.136.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F10737764C for ; Wed, 24 Jan 2024 12:56:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=134.134.136.31 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706101016; cv=none; b=JHy70DblMTeDfL5ZQFUUrEAxrGyNhvx+k8KvY9qplmZbE4zJXP92fHghCyrnhQrWi70N+Kegv4wZmpmv81xmhzBVneJZUL/TZIL9LrhQ0lCqrlmVwkVir9SuyMGBDqtFoU8MpMokWyl8WNuVzFA33qK3GZTt/fmle35wch4tPcQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706101016; c=relaxed/simple; bh=rtKx+ZVm92UFnnaQ4chH94Uu1HaaniYnTqI2DxYbcL4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=k9AqtDW80QB3DO0nGx1BsLs5xD8Z0abIcPG4heoTvChRIuHX5QGJJBTdNVT4oqkjTbOd5Ipc9bIbGhDRc0r5ZQIa7DDo5Tq/SGFM3RmGZYcuT9kgcxsss5pQ3nQCXGYIP3+7CE5Gb5FYYB/2p07dlc59VbvUgnJ19fYeXFt2M5g= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=KDJxUsCt; arc=none smtp.client-ip=134.134.136.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706101014; x=1737637014; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=rtKx+ZVm92UFnnaQ4chH94Uu1HaaniYnTqI2DxYbcL4=; b=KDJxUsCtVA7jqpYlYauKNKm7VP2DNu/x8VOHrF/AWKka7vMY3HycUu2U aTRJ+vfZXAMkX9e74/FL8K9qpGRUQ48s2/sll8hCzplDX6yjcgP64VDt/ pxP0Kz3K8jf6Nd+NRTbKYOzp8+A+d5VjAvCWe1T2k1SyfcCjG6XaM2a4Y IHc6h7jWETjKZ2VbsUBtP1bqtrl9Smde8DFue5pwlJt+PWY9W0xJl7MTF REKVSwxlGDS3QDhtrFpYAM5sN80TbZ8ClR5fxRK9f9B/uJ/rdeLpYque7 tAmPA4thcuJs/XCfm9YM1aX9rtiM49DJHz42zUrF5Pg1+MkZJynIYu1EE g==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="466110115" X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="466110115" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2024 04:56:53 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="735924074" X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="735924074" Received: from black.fi.intel.com ([10.237.72.28]) by orsmga003.jf.intel.com with ESMTP; 24 Jan 2024 04:56:47 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id F125B9F; Wed, 24 Jan 2024 14:56:01 +0200 (EET) From: "Kirill A. Shutemov" To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Cc: "Rafael J. Wysocki" , Peter Zijlstra , Adrian Hunter , Kuppuswamy Sathyanarayanan , Elena Reshetova , Jun Nakajima , Rick Edgecombe , Tom Lendacky , "Kalra, Ashish" , Sean Christopherson , "Huang, Kai" , Baoquan He , kexec@lists.infradead.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv6 00/16] x86/tdx: Add kexec support Date: Wed, 24 Jan 2024 14:55:41 +0200 Message-ID: <20240124125557.493675-1-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1788990146866120195 X-GMAIL-MSGID: 1788990146866120195 The patchset adds bits and pieces to get kexec (and crashkernel) work on TDX guest. The last patch implements CPU offlining according to the approved ACPI spec change poposal[1]. It unlocks kexec with all CPUs visible in the target kernel. It requires BIOS-side enabling. If it missing we fallback to booting 2nd kernel with single CPU. Please review. I would be glad for any feedback. [1] https://lore.kernel.org/all/13356251.uLZWGnKmhe@kreacher v6: - Rebased to v6.8-rc1; - Provide default noop callbacks from .enc_kexec_stop_conversion and .enc_kexec_unshare_mem; - Split off patch that introduces .enc_kexec_* callbacks; - asm_acpi_mp_play_dead(): program CR3 directly from RSI, no MOV to RAX required; - Restructure how smp_ops.stop_this_cpu() hooked up in crash_nmi_callback(); - kvmclock patch got merged via KVM tree; v5: - Rename smp_ops.crash_play_dead to smp_ops.stop_this_cpu and use it in stop_this_cpu(); - Split off enc_kexec_stop_conversion() from enc_kexec_unshare_mem(); - Introduce kernel_ident_mapping_free(); - Add explicit include for alternatives and stringify. - Add barrier() after setting conversion_allowed to false; - Mark cpu_hotplug_offline_disabled __ro_after_init; - Print error if failed to hand over CPU to BIOS; - Update comments and commit messages; v4: - Fix build for !KEXEC_CORE; - Cleaner ATLERNATIVE use; - Update commit messages and comments; - Add Reviewed-bys; v3: - Rework acpi_mp_crash_stop_other_cpus() to avoid invoking hotplug state machine; - Free page tables if reset vector setup failed; - Change asm_acpi_mp_play_dead() to pass reset vector and PGD as arguments; - Mark acpi_mp_* variables as static and __ro_after_init; - Use u32 for apicid; - Disable CPU offlining if reset vector setup failed; - Rename madt.S -> madt_playdead.S; - Mark tdx_kexec_unshare_mem() as static; - Rebase onto up-to-date tip/master; - Whitespace fixes; - Reorder patches; - Add Reviewed-bys; - Update comments and commit messages; v2: - Rework how unsharing hook ups into kexec codepath; - Rework kvmclock_disable() fix based on Sean's; - s/cpu_hotplug_not_supported()/cpu_hotplug_disable_offlining()/; - use play_dead_common() to implement acpi_mp_play_dead(); - cond_resched() in tdx_shared_memory_show(); - s/target kernel/second kernel/; - Update commit messages and comments; Kirill A. Shutemov (16): x86/acpi: Extract ACPI MADT wakeup code into a separate file x86/apic: Mark acpi_mp_wake_* variables as __ro_after_init cpu/hotplug: Add support for declaring CPU offlining not supported cpu/hotplug, x86/acpi: Disable CPU offlining for ACPI MADT wakeup x86/kexec: Keep CR4.MCE set during kexec for TDX guest x86/mm: Make x86_platform.guest.enc_status_change_*() return errno x86/mm: Return correct level from lookup_address() if pte is none x86/tdx: Account shared memory x86/mm: Adding callbacks to prepare encrypted memory for kexec x86/tdx: Convert shared memory back to private on kexec x86/mm: Make e820_end_ram_pfn() cover E820_TYPE_ACPI ranges x86/acpi: Rename fields in acpi_madt_multiproc_wakeup structure x86/acpi: Do not attempt to bring up secondary CPUs in kexec case x86/smp: Add smp_ops.stop_this_cpu() callback x86/mm: Introduce kernel_ident_mapping_free() x86/acpi: Add support for CPU offlining for ACPI MADT wakeup method arch/x86/Kconfig | 7 + arch/x86/coco/core.c | 1 - arch/x86/coco/tdx/tdx.c | 209 ++++++++++++++++++- arch/x86/hyperv/ivm.c | 9 +- arch/x86/include/asm/acpi.h | 7 + arch/x86/include/asm/init.h | 3 + arch/x86/include/asm/pgtable_types.h | 1 + arch/x86/include/asm/smp.h | 1 + arch/x86/include/asm/x86_init.h | 6 +- arch/x86/kernel/acpi/Makefile | 11 +- arch/x86/kernel/acpi/boot.c | 86 +------- arch/x86/kernel/acpi/madt_playdead.S | 28 +++ arch/x86/kernel/acpi/madt_wakeup.c | 292 +++++++++++++++++++++++++++ arch/x86/kernel/crash.c | 5 + arch/x86/kernel/e820.c | 9 +- arch/x86/kernel/process.c | 7 + arch/x86/kernel/reboot.c | 18 ++ arch/x86/kernel/relocate_kernel_64.S | 5 + arch/x86/kernel/x86_init.c | 8 +- arch/x86/mm/ident_map.c | 73 +++++++ arch/x86/mm/mem_encrypt_amd.c | 8 +- arch/x86/mm/pat/set_memory.c | 17 +- include/acpi/actbl2.h | 19 +- include/linux/cc_platform.h | 10 - include/linux/cpu.h | 2 + kernel/cpu.c | 12 +- 26 files changed, 714 insertions(+), 140 deletions(-) create mode 100644 arch/x86/kernel/acpi/madt_playdead.S create mode 100644 arch/x86/kernel/acpi/madt_wakeup.c