Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp747319ybt; Mon, 6 Jul 2020 22:32:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwulQI/s+hEsE8p3mJ41C0yKCYmay/fuV2/DdVWuZDzL92Jqiv2UA9YIXSnoGL2Ly1CmLXl X-Received: by 2002:a05:6402:1d35:: with SMTP id dh21mr54914581edb.186.1594099927411; Mon, 06 Jul 2020 22:32:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594099927; cv=none; d=google.com; s=arc-20160816; b=FzrKOvqPA9TJNrJoEp5guhIR0RoiOCX1aEiPOayHcUijL7sWT431g8JMWOAkSrVejs 6SJoU2BGzahs/1dpycyNBO+jStMUW6ScopoivhKgcYcSKqD3l/4D+USH77BF/wDVTDWW PvjCv2d99MrmEM+a8f+UWyBlkJYCRwpvBlTVNF2lpYuVwJa2UP+7fHWhFIYAluNmF/rQ Clp9SFxhXs/jNwAFB89AbtKkHqn5Tvn1Q1V2krvWQ0qsxWsMgnJCfOesSdfDOSWdNWfY 0d1h7WwBTykHPSn4bZZDf9+6I1u5OGO09lHt/neU5T/bThXaH1oZZhoNc8Xt7hydoAmb TekQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=RRgg3PJdVaGthGbl5Bn0+qj4zo1pd6OaYTP+6YoAVXw=; b=MYC4lcfm/6Dl47IWNj/oFJRphxLck6rQNHMzpDZXpvnmtN0FoINIkTq4haC6EiR4D7 awaJC6CcqXP1jLd2kUgxkQY09qAlZRvLooy23iDQ6A/mjQvS2F2Lo3jYY0D8pZcWCGws 8J0mWrgwcEbqWK2WGJlHnQxAYz7BhBl28mCYM+x/006MeEWD5p0O3ANwnl7oCmCIVY9b fJ2uKCetd5NHvK5UAfNNnkarU7zYzbcGb5chqJdsRJcr0271wc+INFDotpil/einVKGG lVvcONJ15njGQrvd7WMNf6n7rHz+S6yLjeHjKgnOK4zEAM6xdEKthEIAekR06tcKGe/w GkDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id di16si12643232edb.397.2020.07.06.22.31.42; Mon, 06 Jul 2020 22:32:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727850AbgGGF32 (ORCPT + 99 others); Tue, 7 Jul 2020 01:29:28 -0400 Received: from mga02.intel.com ([134.134.136.20]:22341 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727789AbgGGF31 (ORCPT ); Tue, 7 Jul 2020 01:29:27 -0400 IronPort-SDR: 67V/OQnSdtD32UNnsIt22621zg3Zapj9fCVKhW3NnKZwRsKimbSACkoh5UKVOlNVYjFhQsceaq 1TPxrUUH2nAw== X-IronPort-AV: E=McAfee;i="6000,8403,9674"; a="135785976" X-IronPort-AV: E=Sophos;i="5.75,321,1589266800"; d="scan'208";a="135785976" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2020 22:29:27 -0700 IronPort-SDR: E8dPLPovLMaIiTDJOHL6peua9uwEipDuJ2Qu5vMbQI4zedr50NzQL3WSpJLWdCZBp5VHZGENAC dPS8SK73R01w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,321,1589266800"; d="scan'208";a="268090616" Received: from sjchrist-coffee.jf.intel.com (HELO linux.intel.com) ([10.54.74.152]) by fmsmga008.fm.intel.com with ESMTP; 06 Jul 2020 22:29:26 -0700 Date: Mon, 6 Jul 2020 22:29:26 -0700 From: Sean Christopherson To: Andy Lutomirski Cc: "David P. Reed" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , X86 ML , "H. Peter Anvin" , Allison Randal , Enrico Weigelt , Greg Kroah-Hartman , Kate Stewart , "Peter Zijlstra (Intel)" , Randy Dunlap , Martin Molnar , Alexandre Chartre , Jann Horn , Dave Hansen , LKML Subject: Re: [PATCH v3 3/3] Force all cpus to exit VMX root operation on crash/panic reliably Message-ID: <20200707052926.GG5208@linux.intel.com> References: <20200629214956.GA12962@linux.intel.com> <20200704203809.76391-1-dpreed@deepplum.com> <20200704203809.76391-4-dpreed@deepplum.com> <1593979233.22877148@apps.rackspace.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 05, 2020 at 01:53:39PM -0700, Andy Lutomirski wrote: > On Sun, Jul 5, 2020 at 1:00 PM David P. Reed wrote: > > > > On Sunday, July 5, 2020 2:26pm, "Andy Lutomirski" said: > > > As a minor caveat, doing cr4_clear_bits() in NMI context is not really > > > okay, but we're about to reboot, so nothing too awful should happen. > > > And this has very little to do with your patch. > > > > I had wondered why the bit is cleared, too. (I assumed it was OK or > > desirable, because it was being cleared in NMI context before). Happy to > > submit a separate patch to eliminate that issue as well, since the point of > > emergency vmxoff is only to get out of VMX root mode - CR4.VMXE's state is > > irrelevant. Of course, clearing it prevents any future emergency vmxoff > > attempts. (there seemed to be some confusion about "enabling" VMX vs. "in > > VMX operation" in the comments) Should I? > > I have a vague recollection of some firmwares that got upset if rebooted with > CR4.VMXE set. Sean? Hmm, rebooting with CR4.VMXE=1 shouldn't be a problem. VMXON does all the special stuff that causes problems with reboot, e.g. blocks INIT, prevents disabling paging, etc... That being said, I think it makes sense to keep the clearing of CR4.VMXE out of paranoia as BIOS will be BIOS, and there is no real downside. Not only is the system about to reboot, but the CPUs that call cr4_clear_bits() from NMI context are also being put into an infinite loop by crash_nmi_callback(), i.e. they never leave NMI context. And we rely on that behavior, otherwise KVM could set CR4.VMXE and do VMXON after the NMI and the whole thing would be for naught. > The real issue here is that the percpu CR4 machinery uses IRQ-offness as a > lock, and NMI breaks this.