Hello Boris, On 8/29/2024 3:34 AM, Borislav Petkov wrote: > On August 27, 2024 10:38:04 PM GMT+02:00, Ashish Kalra <ashish.ka...@amd.com> > wrote: >> From: Ashish Kalra <ashish.ka...@amd.com> >> >> With active SNP VMs, SNP_SHUTDOWN_EX invoked during panic notifiers causes >> crashkernel boot failure with the following signature: > Why would SNP_SHUTDOWN be allowed *at all* if there are active SNP guests and > there's potential to lose guest data in the process?!
If SNP_SHUTDOWN is not done, then crashkernel panics during boot as the crashdump attached to the fix/patch here shows, so essentially if SNP_DECOMMISSION followed by SNP_SHUTDOWN is not done then we can't boot crashkernel in case of any active SNP guests (which i will believe is an important requirement for cloud providers). Additionally, in case of SNP_DECOMMISSION, the firmware marks the ASID of the guest as not runnable and then transitions the SNP guest context page into a Firmware page (so that is one RMP table change) and for SNP_SHUTDOWN_EX, the firmware transitions all pages associated with the IOMMU to the Reclaim state (which then the HV marks as hypervisor pages), these IOMMU pages are the event log, PPR log, and completion wait buffers of the IOMMU. Aside from the IOMMU pages mentioned above, the firmware will not automatically reclaim or modify any other pages in the RMP table and also does not reset the RMP table. So essentially all host memory (and guest data) will still be available and saved by crashkernel. Thanks, Ashish _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec
