From: Dave Hansen <dave.hansen@intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Nikunj A Dadhania <nikunj@amd.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
thomas.lendacky@amd.com, tglx@kernel.org, mingo@redhat.com,
dave.hansen@linux.intel.com, hpa@zytor.com, xin@zytor.com,
seanjc@google.com, pbonzini@redhat.com, x86@kernel.org,
sohil.mehta@intel.com, jon.grimm@amd.com
Subject: Re: [PATCH v2 1/2] x86/cpu: Disable CR pinning during CPU bringup
Date: Mon, 9 Mar 2026 11:03:42 -0700 [thread overview]
Message-ID: <70644e1d-dd0e-4f0f-81c0-fd095e46e50b@intel.com> (raw)
In-Reply-To: <20260309161516.GAaa7yFMulhdzNQ-pt@fat_crate.local>
[-- Attachment #1: Type: text/plain, Size: 1675 bytes --]
On 3/9/26 09:15, Borislav Petkov wrote:
> On Mon, Mar 09, 2026 at 08:38:10AM -0700, Dave Hansen wrote:
>> On 3/9/26 06:46, Borislav Petkov wrote:
>>> My SNP guest stops booting with this right:
>> Could you dump out CR4 at wakeup_cpu_via_vmgexit() before and after this
>> patch? Right here:
>>
>> /* CR4 should maintain the MCE value */
>> cr4 = native_read_cr4() & X86_CR4_MCE;
>>
>> It's got to be some delta there.
> Looks the same to me:
>
> before: 31 SEV: wakeup_cpu_via_vmgexit: CR4: 0x3506f0
>
> That's 31 CPUs - no BSP with the CR4 value above.
>
> after: [ 3.354326] SEV: wakeup_cpu_via_vmgexit: CR4: 0x3506f0
>
> That stops after CPU1, i.e., the first AP. But the CR4 value is the same.
The only pinned bits in there are: SMAP, SMEP and FSGSBASE.
SMAP and SMEP are unlikely to be biting us here.
FSGSBASE is _possible_ but I don't see any of the {RD,WR}{F,G}SBASE
instructions in early boot where it would bite us.
Can you boot this thing without FSGSBASE support?
The other option would be to boot a working system, normally and see
what is getting flipped by pinning at cr4_init(). The attached patch
does that. It also uses trace_printk() so it hopefully won't trip over
#VC's during early boot with the console.
For me, it's flipping on 0x310800, which is:
#define X86_CR4_OSXMMEXCPT (1ul << 10)
#define X86_CR4_FSGSBASE (1ul << 16)
#define X86_CR4_SMEP (1ul << 20)
#define X86_CR4_SMAP (1ul << 21)
*Maybe* the paranoid entry code is getting called from the #VC handler
in early boot? It has ALTERNATIVEs on X86_FEATURE_FSGSBASE and might be
using the FSGSBASE instructions in there.
[-- Attachment #2: cr4.patch --]
[-- Type: text/x-patch, Size: 856 bytes --]
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 02472fc763d9b..cc408ec818870 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -501,12 +501,20 @@ EXPORT_SYMBOL_FOR_KVM(cr4_read_shadow);
void cr4_init(void)
{
unsigned long cr4 = __read_cr4();
+ unsigned long prepin_cr4;
if (boot_cpu_has(X86_FEATURE_PCID))
cr4 |= X86_CR4_PCIDE;
+ prepin_cr4 = cr4;
if (static_branch_likely(&cr_pinning))
cr4 = (cr4 & ~cr4_pinned_mask) | cr4_pinned_bits;
+ if (prepin_cr4 != cr4) {
+ trace_printk(" prepin_cr4: 0x%016lx\n", prepin_cr4);
+ trace_printk(" cr4: 0x%016lx\n", cr4);
+ trace_printk("cr4_pinned_mask: 0x%016lx\n", cr4_pinned_mask);
+ trace_printk("cr4_pinned_bits: 0x%016lx\n", cr4_pinned_bits);
+ }
__write_cr4(cr4);
/* Initialize cr4 shadow for this CPU. */
next prev parent reply other threads:[~2026-03-09 18:03 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-26 9:23 [PATCH v2 0/2] x86/fred: Fix SEV-ES/SNP guest boot failures Nikunj A Dadhania
2026-02-26 9:23 ` [PATCH v2 1/2] x86/cpu: Disable CR pinning during CPU bringup Nikunj A Dadhania
2026-03-09 13:46 ` Borislav Petkov
2026-03-09 15:38 ` Dave Hansen
2026-03-09 16:15 ` Borislav Petkov
2026-03-09 18:03 ` Dave Hansen [this message]
2026-03-09 18:40 ` Tom Lendacky
2026-03-09 19:27 ` Dave Hansen
2026-03-11 10:41 ` Nikunj A. Dadhania
2026-03-11 14:07 ` Dave Hansen
2026-03-11 15:42 ` Nikunj A. Dadhania
2026-03-11 17:28 ` Dave Hansen
2026-03-12 7:21 ` Nikunj A. Dadhania
2026-03-12 7:26 ` Nikunj A. Dadhania
2026-03-12 14:08 ` Nikunj A. Dadhania
2026-03-12 14:20 ` Dave Hansen
2026-03-12 14:53 ` Nikunj A. Dadhania
2026-03-12 15:02 ` Dave Hansen
2026-03-12 19:06 ` David Laight
2026-03-16 20:27 ` Chang S. Bae
2026-03-16 21:43 ` Dave Hansen
2026-03-17 4:12 ` Nikunj A. Dadhania
2026-03-17 14:26 ` Borislav Petkov
2026-03-17 15:31 ` Dave Hansen
2026-03-17 16:54 ` Borislav Petkov
2026-03-18 8:19 ` Nikunj A. Dadhania
2026-03-17 17:04 ` Chang S. Bae
2026-03-17 17:51 ` Chang S. Bae
2026-03-12 18:09 ` Sohil Mehta
2026-03-13 8:35 ` Nikunj A. Dadhania
2026-03-13 18:05 ` Sohil Mehta
2026-03-13 19:10 ` Borislav Petkov
2026-03-17 17:06 ` Chang S. Bae
2026-02-26 9:23 ` [PATCH v2 2/2] x86/fred: Fix early boot failures on SEV-ES/SNP guests Nikunj A Dadhania
2026-02-26 14:14 ` Tom Lendacky
2026-02-27 4:14 ` Nikunj A. Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70644e1d-dd0e-4f0f-81c0-fd095e46e50b@intel.com \
--to=dave.hansen@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jon.grimm@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=sohil.mehta@intel.com \
--cc=tglx@kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.