Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp3947309ybt; Sun, 5 Jul 2020 11:29:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwoBtoLZg6uB4AmI+M/h/uwcbw6g2ZuGR9QIwpjs+6zdAyLKyv6xt3KXEN5EqmaYiCXuwx+ X-Received: by 2002:a17:906:fa9a:: with SMTP id lt26mr30964149ejb.502.1593973781811; Sun, 05 Jul 2020 11:29:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593973781; cv=none; d=google.com; s=arc-20160816; b=fNrYOyyKdLY12xDF6maI/CrveFm/BV2WKzUmmMW6t26Uq26DwXapRMYRDw0HvaWmJt TBnTU849X9HjQ3Z7j4mLrnf7UxEXNH6UMDV+Vm8P7yHto+XBA/Z7fCPBomLFwCbH6gDF nnyfbbp3VXKy+Lu70O2qZ1MX5gXtAoF6FKCgCqpCcBwVqB3dXZeIQoKCn3BgTL9BXzi0 3R5tfYLXG7bukThOUbSDvLzUBHIyj0ixA+7WxPWJ7JA0EyMCZ4PDaFxaolxPuST6FMaU acjuzNu93+8RAuMI8M6ostYn/YCVlYewniPvdgAk+KUBbAk+a1G93/Oc4Bo5ZoijDHg+ y0mA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=viBsYM7GSdfsh0ZnSBw3vxx6mU1F4qsin6/y4CKGt+0=; b=yU00E8wrLsSxZm1hsLTdN08Az6jJWcMIxqTpJADHbS5Mnzdw+jIqOx6z2Up1KWj6fB 180+1g9D8GRxAYuUA1fIXo4Spu+qNLna+xFh/qYsAP6Ya+LZcaIth9YDi0NZpWeULxqZ QJStTA9Gnrh4r0FvafpJQrpq+tuGDPWDqBi+VgRh1746VLA1D2y4sNB1UqVTlb2lrf1j lXw1fLTffiTRJcDNKncE6VxmRm9oLdxda1UAJAOY9gmA1gNUJrteeHEGjpjAuj6PyRbb sO9hVljkw3cceoeg15DIIW2D0OzQARu+63E57BYEJwz48ohaneSSyZlDbHz0ncUlJf14 +A4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Bh/WEhEe"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b10si11247229ejv.385.2020.07.05.11.29.18; Sun, 05 Jul 2020 11:29:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="Bh/WEhEe"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727972AbgGES0S (ORCPT + 99 others); Sun, 5 Jul 2020 14:26:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:56362 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727859AbgGES0R (ORCPT ); Sun, 5 Jul 2020 14:26:17 -0400 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9718820CC7 for ; Sun, 5 Jul 2020 18:26:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1593973576; bh=9Y2dAgEVUZNawhiry+/FDAV6jSDC2JPLURF27eusN2o=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=Bh/WEhEeg3fvfU8ctQ3Y++4KK3G+KanSoTTILlXnT5CmdM1T2IpZAn/R3wvnceLo3 i/ENZVy1c8+j5t1PfgPllDgTueQEYciZAxAcD/B+GRM/SAZLpwpcQhCX1Pl0e+sHhb rwBnlfRRCNVX81K4/BeYGA6+srfoWgmrIJZuU3Zw= Received: by mail-wm1-f43.google.com with SMTP id j18so36819879wmi.3 for ; Sun, 05 Jul 2020 11:26:16 -0700 (PDT) X-Gm-Message-State: AOAM530jJhcIr4/7Jnjqi6G5Kq8RhoQibFHpBMXC/or7N/lGeaD4DKNf mp2XvkCuU16j3x7u9vhIqorJp4yQ9PONAKm8NtXH0Q== X-Received: by 2002:a1c:e4d4:: with SMTP id b203mr16971530wmh.49.1593973575062; Sun, 05 Jul 2020 11:26:15 -0700 (PDT) MIME-Version: 1.0 References: <20200629214956.GA12962@linux.intel.com> <20200704203809.76391-1-dpreed@deepplum.com> <20200704203809.76391-4-dpreed@deepplum.com> In-Reply-To: <20200704203809.76391-4-dpreed@deepplum.com> From: Andy Lutomirski Date: Sun, 5 Jul 2020 11:26:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 3/3] Force all cpus to exit VMX root operation on crash/panic reliably To: "David P. Reed" Cc: Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , "H. Peter Anvin" , Allison Randal , Enrico Weigelt , Greg Kroah-Hartman , Kate Stewart , "Peter Zijlstra (Intel)" , Randy Dunlap , Martin Molnar , Andy Lutomirski , Alexandre Chartre , Jann Horn , Dave Hansen , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 4, 2020 at 1:38 PM David P. Reed wrote: > > Fix the logic during crash/panic reboot on Intel processors that > can support VMX operation to ensure that all processors are not > in VMX root operation. Prior code made optimistic assumptions > about other cpus that would leave other cpus in VMX root operation > depending on timing of crash/panic reboot. > Builds on cpu_ermergency_vmxoff() and __cpu_emergency_vmxoff() created > in a prior patch. > > Suggested-by: Sean Christopherson > Signed-off-by: David P. Reed > --- > arch/x86/kernel/reboot.c | 20 +++++++------------- > 1 file changed, 7 insertions(+), 13 deletions(-) > > diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c > index 0ec7ced727fe..c8e96ba78efc 100644 > --- a/arch/x86/kernel/reboot.c > +++ b/arch/x86/kernel/reboot.c > @@ -543,24 +543,18 @@ static void emergency_vmx_disable_all(void) > * signals when VMX is enabled. > * > * We can't take any locks and we may be on an inconsistent > - * state, so we use NMIs as IPIs to tell the other CPUs to disable > - * VMX and halt. > + * state, so we use NMIs as IPIs to tell the other CPUs to exit > + * VMX root operation and halt. > * > * For safety, we will avoid running the nmi_shootdown_cpus() > * stuff unnecessarily, but we don't have a way to check > - * if other CPUs have VMX enabled. So we will call it only if the > - * CPU we are running on has VMX enabled. > - * > - * We will miss cases where VMX is not enabled on all CPUs. This > - * shouldn't do much harm because KVM always enable VMX on all > - * CPUs anyway. But we can miss it on the small window where KVM > - * is still enabling VMX. > + * if other CPUs might be in VMX root operation. > */ > - if (cpu_has_vmx() && cpu_vmx_enabled()) { > - /* Disable VMX on this CPU. */ > - cpu_vmxoff(); > + if (cpu_has_vmx()) { > + /* Safely force out of VMX root operation on this CPU. */ > + __cpu_emergency_vmxoff(); > > - /* Halt and disable VMX on the other CPUs */ > + /* Halt and exit VMX root operation on the other CPUs */ > nmi_shootdown_cpus(vmxoff_nmi); > > } Seems reasonable to me. As a minor caveat, doing cr4_clear_bits() in NMI context is not really okay, but we're about to reboot, so nothing too awful should happen. And this has very little to do with your patch. Reviewed-by: Andy Lutomirski