Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69DDBC6FD1F for ; Sun, 12 Mar 2023 10:21:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229958AbjCLKVV (ORCPT ); Sun, 12 Mar 2023 06:21:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229756AbjCLKVS (ORCPT ); Sun, 12 Mar 2023 06:21:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98632392A9; Sun, 12 Mar 2023 03:21:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 27EF660EA5; Sun, 12 Mar 2023 10:21:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6D709C433D2; Sun, 12 Mar 2023 10:21:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1678616476; bh=j/D7OCr3A6Ye/wZ/o+dAr/WEgQ5exDAy5KhgPofXXFM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=lAPfnhPBiBCNTCkuMzDEtJiee2ZP9re4OIfUEE8846ALE1YcKepPf3JlgXciXD3Se 5nq2eExflrWtSur1Pk5z0AG2Rquc5w1mUC/gwHFezG2M7Pl3/NCVFbp/SAl7NNwhQL V2/qIpHEKMUZ1bM8fbzB3EHTum9LyxWBDt2qtENYvlL7j4kHtR7pb9GWfoQSS2BOfc 5eDGs33fKvoqlvUmd3W+/NerypoKsnCv2KD+pkgsD5iiYfP+EJSexqO6LLe8rzzvPF k7aRVDookS4R1saZ2ZlF9bYT9jCSl8xK/pBcnk2FXMUuqNO4yeFGnoQ8iC0X5/6vgd koTOfGJorq4Lg== Received: from sofa.misterjones.org ([185.219.108.64] helo=wait-a-minute.misterjones.org) by disco-boy.misterjones.org with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1pbIpF-00GyNO-PA; Sun, 12 Mar 2023 10:21:13 +0000 Date: Sun, 12 Mar 2023 10:21:12 +0000 Message-ID: <87fsaa5kyv.wl-maz@kernel.org> From: Marc Zyngier To: Sean Christopherson Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Oliver Upton , James Morse , Suzuki K Poulose , Zenghui Yu , kvmarm@lists.linux.dev, Huacai Chen , Aleksandar Markovic , Anup Patel , Atish Patra , kvm-riscv@lists.infradead.org Subject: Re: [PATCH 2/2] KVM: Don't enable hardware after a restart/shutdown is initiated In-Reply-To: <20230310221414.811690-3-seanjc@google.com> References: <20230310221414.811690-1-seanjc@google.com> <20230310221414.811690-3-seanjc@google.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?B?R29qxY0=?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-SA-Exim-Connect-IP: 185.219.108.64 X-SA-Exim-Rcpt-To: seanjc@google.com, pbonzini@redhat.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, oliver.upton@linux.dev, james.morse@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com, kvmarm@lists.linux.dev, chenhuacai@kernel.org, aleksandar.qemu.devel@gmail.com, anup@brainfault.org, atishp@atishpatra.org, kvm-riscv@lists.infradead.org X-SA-Exim-Mail-From: maz@kernel.org X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 10 Mar 2023 22:14:14 +0000, Sean Christopherson wrote: > > Reject hardware enabling, i.e. VM creation, if a restart/shutdown has > been initiated to avoid re-enabling hardware between kvm_reboot() and > machine_{halt,power_off,restart}(). The restart case is especially > problematic (for x86) as enabling VMX (or clearing GIF in KVM_RUN on > SVM) blocks INIT, which results in the restart/reboot hanging as BIOS > is unable to wake and rendezvous with APs. > > Note, this bug, and the original issue that motivated the addition of > kvm_reboot(), is effectively limited to a forced reboot, e.g. `reboot -f`. > In a "normal" reboot, userspace will gracefully teardown userspace before > triggering the kernel reboot (modulo bugs, errors, etc), i.e. any process > that might do ioctl(KVM_CREATE_VM) is long gone. > > Fixes: 8e1c18157d87 ("KVM: VMX: Disable VMX when system shutdown") > Signed-off-by: Sean Christopherson > --- > virt/kvm/kvm_main.c | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index 6cdfbb2c641b..b2bf4c105181 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -5182,7 +5182,20 @@ static void hardware_disable_all(void) > static int hardware_enable_all(void) > { > atomic_t failed = ATOMIC_INIT(0); > - int r = 0; > + int r; > + > + /* > + * Do not enable hardware virtualization if the system is going down. > + * If userspace initiated a forced reboot, e.g. reboot -f, then it's > + * possible for an in-flight KVM_CREATE_VM to trigger hardware enabling > + * after kvm_reboot() is called. Note, this relies on system_state > + * being set _before_ kvm_reboot(), which is why KVM uses a syscore ops > + * hook instead of registering a dedicated reboot notifier (the latter > + * runs before system_state is updated). > + */ > + if (system_state == SYSTEM_HALT || system_state == SYSTEM_POWER_OFF || > + system_state == SYSTEM_RESTART) > + return -EBUSY; Since we now seem to be relying on system_state for most things, is there any use for 'kvm_rebooting' other than the ease of evaluation in __svm_vcpu_run? M. -- Without deviation from the norm, progress is not possible.