[PATCH v3 0/3] x86/fred: Fix SEV-ES/SNP guest boot failures
From: Nikunj A Dadhania
Date: Wed Mar 18 2026 - 04:00:34 EST
SEV-ES and SNP guests fail to boot when FRED is enabled due to missing #VC
exception handling and a CR-pinning issue that prematurely enables FRED before
its MSRs are configured.
Patch 1 fixes the implicit FSGSBASE dependency by moving FSGSBASE enablement
to cpu_init_exception_handling(), ensuring it's enabled before exception
handling infrastructure is set up on both boot and secondary CPUs.
Patch 2 fixes the CR-pinning issue by deferring enforcement during secondary
CPU bringup, preventing FRED from being enabled before it is configured and
able to handle exceptions.
Patch 3 adds #VC exception handling to FRED and fixes early GHCB access to
use boot_ghcb before per-CPU GHCBs are initialized.
These fixes enable SEV-ES/SNP guests to boot successfully with FRED enabled.
Changelog:
v2 -> v3:
* Fix SNP guest boot failure reported by Borislav Petkov - the CR pinning
disable patch exposed an implicit FSGSBASE dependency that is now fixed
by moving FSGSBASE enablement to cpu_init_exception_handling() (Boris/Sohil)
v1 -> v2:
https://lore.kernel.org/kvm/20260226092349.803491-1-nikunj@xxxxxxx/
* Instead of moving pr_info(), fix the root cause by disabling CR pinning
during secondary CPU bringup (Dave Hansen)
* Use unified #VC exception handler in fred_hwexc() (Dave Hansen)
* Collect RoB (Sohil Mehta)
v1: https://lore.kernel.org/kvm/20260205051030.1225975-1-nikunj@xxxxxxx/
Dave Hansen (1):
x86/cpu: Disable CR pinning during CPU bringup
Nikunj A Dadhania (2):
x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling()
x86/fred: Fix early boot failures on SEV-ES/SNP guests
arch/x86/coco/sev/noinstr.c | 6 ++++++
arch/x86/entry/entry_fred.c | 14 ++++++++++++
arch/x86/kernel/cpu/common.c | 41 +++++++++++++++++++++++++++---------
3 files changed, 51 insertions(+), 10 deletions(-)
base-commit: 270b06a2452b0a20b149591ee90e22e3d8d55358
--
2.48.1