Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1042704iob; Fri, 13 May 2022 20:48:12 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmDRAmqzc+uu6DFx0DsshSRD67wfvyzje0jwRSh4ZiEexVqst3zrtXTif067vEpsigtdhk X-Received: by 2002:a5d:588d:0:b0:20c:86d5:5840 with SMTP id n13-20020a5d588d000000b0020c86d55840mr6230034wrf.5.1652500092201; Fri, 13 May 2022 20:48:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652500092; cv=none; d=google.com; s=arc-20160816; b=yEKk0IMS2FwG3TzUn13er2d8TO9ggLlFhwy1ThTZwTC9z8gMT7IqalHg1GTfm0+hym Gd/FT5tQ7puxxtlXXqh4H4VtookLhhzhD6I97Jti0BMDwZRfkhHoqU+qPAuUj+tQ34Vy BjeYPE8y0oeyeBcAO8ddEpxgle4FfXXiOhS5rRvU6cFbYuOn3OLUlwtFw0yVMLLgHYxd WfUpFm5Hgb72ak+d+TFkwWUMQE5vaXoxYsaZucKuE6JnDLD7WH9fzRitmO3gW/35VQxN jK63YxffisxUc8CSXEwi6jw/Ugsq1JQ3XRfRb/1Ksl2aT9kdoRQl2EvxYrkvS+leYaPV SxIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=OkIXUkBDrNt6gkclimZnecKQlrFAMYowusbdeJJW6fc=; b=oGGDZyvim6YUQkVkX8siuC88FKevVhX1GHnXQujp0VctVqxZSExW7Z4lZYoDhl8MSR Wgt3kDu5fodK0dUW2qZLMxZ5PJ0BRG35CT1CwYVK9JiurE82r12pkanz9SKZ5ObisBYV kajZiW21173u7/+UJrUNdztRfR85JnK8y61TRHYKvpA6nKxfKL29jo4IBi9hvFoWe9PJ p4pIkr1zSOoYLcEM4vNad5CFa0BNZXK+7KT9gFMycTKOFRkXFAe8rcGoXciHN50O+/pF uVzJKCZnFWgXLGtTuA0LkhyBOtICJzbov1hTbX4O1z4COV3/14/sFNZ/jXc6NAaxjpss xo3A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=OVOVn4V4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id h9-20020adff4c9000000b00203e9019542si3967172wrp.710.2022.05.13.20.48.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 May 2022 20:48:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=OVOVn4V4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D9FA946E5AF; Fri, 13 May 2022 17:21:42 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347752AbiELIiT (ORCPT + 99 others); Thu, 12 May 2022 04:38:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51932 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351557AbiELIiC (ORCPT ); Thu, 12 May 2022 04:38:02 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7A1B611D47B for ; Thu, 12 May 2022 01:37:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1652344668; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=OkIXUkBDrNt6gkclimZnecKQlrFAMYowusbdeJJW6fc=; b=OVOVn4V4VhKL9LG6lRWmT9StS8thsuDJDbNSteBDFxYnd7ozM6aoKC5VZZi8Bs4S46kr56 hasQSESulaU7lZlCtwrP2ovxFXmE2UynO7lgJgNVYcJoGTcz5sc04fMpzaS+2wlMs9MXoK bIc3QSFsTeL+i/zMqhfM97nq0vfZuPM= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-497-I2ZINpajNrCOk0Mr0hAMFw-1; Thu, 12 May 2022 04:37:47 -0400 X-MC-Unique: I2ZINpajNrCOk0Mr0hAMFw-1 Received: by mail-wm1-f72.google.com with SMTP id i18-20020a1c5412000000b0039491a8298cso1395828wmb.5 for ; Thu, 12 May 2022 01:37:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=OkIXUkBDrNt6gkclimZnecKQlrFAMYowusbdeJJW6fc=; b=q72lNa7W5fROS0jhNsVhYqet0ctNTz9E0dE77WaCNCv4nzFJXWk6QcCxb9KJXv7qjN nRnwDlCAh76xcijWXHDswkg5KCntyWYFIVh8BrI0podfcnCbS0YXNJisAall19cn9JRP xNfP8HSMmUx6yLBWZcC3gIAqPKGCSXXvHDd2AlLJsQ/YGbS1OuOkdubb2Vfl580GYqv4 RT/IIOnmlT0x+dXD9r/OOKEvIgJxy7M7VQG7pANUL6JI9bHDE+6uHOVxjd0ORmYEfJdn 1JMiCS8rTeQZRR2anL0DWqlG7PDM5jQFnC1TUrjuOW1bMq/x/dF68pkhHcCIY7wuHzhk Xkgw== X-Gm-Message-State: AOAM532qIGA8ZsXoVUOMoQwT8nKrQhPAZNUBot01fUX5VA60Xy5kkqW7 7MxZX9b00JDNJDpF9c4q6EKixVMEuhCYGACGRz6Q9qOZQbhbKCkeZyYeh+4TPPtbjcpFEYbZ2sv HFvHHZpggpNyDnl997q1MTmLt X-Received: by 2002:a1c:a101:0:b0:392:942f:3aa with SMTP id k1-20020a1ca101000000b00392942f03aamr8816044wme.1.1652344666110; Thu, 12 May 2022 01:37:46 -0700 (PDT) X-Received: by 2002:a1c:a101:0:b0:392:942f:3aa with SMTP id k1-20020a1ca101000000b00392942f03aamr8816024wme.1.1652344665892; Thu, 12 May 2022 01:37:45 -0700 (PDT) Received: from fedora (nat-2.ign.cz. [91.219.240.2]) by smtp.gmail.com with ESMTPSA id f16-20020a7bc8d0000000b003949dbc3790sm2035834wml.18.2022.05.12.01.37.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 May 2022 01:37:45 -0700 (PDT) From: Vitaly Kuznetsov To: Sean Christopherson Cc: "H. Peter Anvin" , linux-kernel@vger.kernel.org, "Guilherme G . Piccoli" , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org Subject: Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported In-Reply-To: <20220511234332.3654455-3-seanjc@google.com> References: <20220511234332.3654455-1-seanjc@google.com> <20220511234332.3654455-3-seanjc@google.com> Date: Thu, 12 May 2022 10:37:44 +0200 Message-ID: <87ee0zxi1z.fsf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sean Christopherson writes: > Disable SVM on all CPUs via NMI shootdown during an emergency reboot. > Like VMX, SVM can block INIT and thus prevent bringing up other CPUs via > INIT-SIPI-SIPI. > > Cc: stable@vger.kernel.org > Signed-off-by: Sean Christopherson > --- > arch/x86/kernel/reboot.c | 26 ++++++++++++++------------ > 1 file changed, 14 insertions(+), 12 deletions(-) > > diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c > index f9543a4e9b09..33c1f4883b27 100644 > --- a/arch/x86/kernel/reboot.c > +++ b/arch/x86/kernel/reboot.c > @@ -533,27 +533,29 @@ static void nmi_shootdown_nop(int cpu, struct pt_regs *regs) > /* Nothing to do, the NMI shootdown handler disables virtualization. */ > } > > -/* Use NMIs as IPIs to tell all CPUs to disable virtualization */ > -static void emergency_vmx_disable_all(void) > +static void emergency_reboot_disable_virtualization(void) > { > /* Just make sure we won't change CPUs while doing this */ > local_irq_disable(); > > /* > - * Disable VMX on all CPUs before rebooting, otherwise we risk hanging > - * the machine, because the CPU blocks INIT when it's in VMX root. > + * Disable virtualization on all CPUs before rebooting to avoid hanging > + * the system, as VMX and SVM block INIT when running in the host > * > * We can't take any locks and we may be on an inconsistent state, so > - * use NMIs as IPIs to tell the other CPUs to exit VMX root and halt. > + * use NMIs as IPIs to tell the other CPUs to disable VMX/SVM and halt. > * > - * Do the NMI shootdown even if VMX if off on _this_ CPU, as that > - * doesn't prevent a different CPU from being in VMX root operation. > + * Do the NMI shootdown even if virtualization is off on _this_ CPU, as > + * other CPUs may have virtualization enabled. > */ > - if (cpu_has_vmx()) { > - /* Safely force _this_ CPU out of VMX root operation. */ > - __cpu_emergency_vmxoff(); > + if (cpu_has_vmx() || cpu_has_svm(NULL)) { > + /* Safely force _this_ CPU out of VMX/SVM operation. */ > + if (cpu_has_vmx()) > + __cpu_emergency_vmxoff(); > + else > + cpu_emergency_svm_disable(); > > - /* Halt and exit VMX root operation on the other CPUs. */ > + /* Disable VMX/SVM and halt on other CPUs. */ > nmi_shootdown_cpus(nmi_shootdown_nop); > } Nitpicking: we can get rid of the second cpu_has_vmx() if we write this as: if (cpu_has_vmx()) __cpu_emergency_vmxoff(); else if (cpu_has_svm(NULL)) cpu_emergency_svm_disable(); else return; nmi_shootdown_cpus(nmi_shootdown_nop); > } > @@ -590,7 +592,7 @@ static void native_machine_emergency_restart(void) > unsigned short mode; > > if (reboot_emergency) > - emergency_vmx_disable_all(); > + emergency_reboot_disable_virtualization(); > > tboot_shutdown(TB_SHUTDOWN_REBOOT); Reviewed-by: Vitaly Kuznetsov -- Vitaly