From 4b139edd64b2648ad2dca4dffef60a3e4374a175 Mon Sep 17 00:00:00 2001 From: Hardik Garg Date: Mon, 20 Apr 2026 23:41:43 +0000 Subject: [PATCH 1/3] x86/hyperv: Fix wrong argument to hv_vtl_bringup_vcpu The revert of the TDX reset page commit (3fca7019bb6d8) left `apicid` instead of `cpu` as the second argument to hv_vtl_bringup_vcpu(). This causes secondary CPUs to boot with the wrong idle task stack, leading to stack corruption and triple faults during sidecar servicing. Fixes: 3fca7019bb6d8 ("Revert "x86/hyperv: Use Hyper-V reset page to boot tdx APs"") Signed-off-by: Hardik Garg --- arch/x86/hyperv/hv_vtl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index 82ec2aa9dcf0..1be0dabccc8e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -260,7 +260,7 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip, unsi return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_index, apicid, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } /* From 8f681de8d43f574a20b2c7b57458f97f51c78702 Mon Sep 17 00:00:00 2001 From: Tianyu Lan Date: Mon, 20 Apr 2026 21:28:16 -0400 Subject: [PATCH 2/3] x86/Hyper-V: Remove legacy code in the hv_snp_boot_ap() Match VMSA page with vcpu index instead of APIC id. APIC id maybe identity map with vcpu index. Fixes: f313db8b5929 ("x86/sev: Use hvcall to convert apic id to vpid") Signed-off-by: Tianyu Lan --- arch/x86/hyperv/ivm.c | 21 +++------------------ 1 file changed, 3 insertions(+), 18 deletions(-) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 59c8d623b6da..dcd199a55027 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -298,32 +298,17 @@ int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip, unsigned int cpu) struct sev_es_save_area *cur_vmsa; struct desc_ptr gdtr; struct hv_enable_vp_vtl *start_vp_input; - int cpu_id = -EINVAL; unsigned long flags; - int vp_index = apic_id; + int vp_index; u64 ret, retry = 5; if (!vmsa) return -ENOMEM; -#ifdef CONFIG_HYPERV_VTL_MODE - int i; - - for_each_possible_cpu(i) { - if (per_cpu(x86_cpu_to_apicid, i) == apic_id) { - cpu_id = i; - break; - } - } - - if (cpu_id == -EINVAL) - panic("%s: no cpu found for APIC ID %d\n", __func__, apic_id); - /* Find the Hyper-V VP index which might be not the same as APIC ID */ vp_index = hv_apicid_to_vp_index(apic_id); if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) return -EINVAL; -#endif native_store_gdt(&gdtr); @@ -403,13 +388,13 @@ int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip, unsigned int cpu) vmsa = NULL; } - cur_vmsa = per_cpu(hv_sev_vmsa, cpu_id); + cur_vmsa = per_cpu(hv_sev_vmsa, cpu); /* Free up any previous VMSA page */ if (cur_vmsa) snp_cleanup_vmsa(cur_vmsa); /* Record the current VMSA page */ - per_cpu(hv_sev_vmsa, cpu_id) = vmsa; + per_cpu(hv_sev_vmsa, cpu) = vmsa; return ret; } From e64e04bc79f249e511c0768edaeb38bc95d2d612 Mon Sep 17 00:00:00 2001 From: Hardik Garg Date: Fri, 24 Apr 2026 01:46:57 +0000 Subject: [PATCH 3/3] x86/amd: Guard S5 reset status MMIO read for all isolation types The ioread32() in print_s5_reset_status_mmio() causes a triple fault in isolated VMs because the MMIO access to FCH_PM_S5_RESET_STATUS is blocked by the hypervisor. The existing workaround only checked for SNP isolation (hv_isolation_type_snp()), but VBS (software isolation) has the same restriction. Broaden the check to hv_is_isolation_supported() to cover all isolation types (SNP, TDX, and VBS), preventing the triple fault during early kernel init on VBS VMs. --- arch/x86/kernel/cpu/amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 4494fb1a6b28..b3af30ead307 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1373,7 +1373,7 @@ static __init int print_s5_reset_status_mmio(void) * The below ioread32() causes a triple fault for SNP due to a hypevisor * bug. Work it around for now. */ - if (!ms_hyperv.paravisor_present && hv_isolation_type_snp()) + if (!ms_hyperv.paravisor_present && hv_is_isolation_supported()) return 0; if (!cpu_feature_enabled(X86_FEATURE_ZEN))