Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3DBD6C6FD1F for ; Wed, 15 Mar 2023 00:47:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229811AbjCOArs (ORCPT ); Tue, 14 Mar 2023 20:47:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229525AbjCOArq (ORCPT ); Tue, 14 Mar 2023 20:47:46 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF97F40F8 for ; Tue, 14 Mar 2023 17:47:45 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id n4-20020a170902f60400b0019f287674d3so5941250plg.1 for ; Tue, 14 Mar 2023 17:47:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1678841265; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=EwBPx+UqTO7grWmvIHxQBcyLrYQZ/vCH68LZPZ9S27k=; b=PpujC94juOdIxalzZNUL4tG38/HNR2WGhAGj9T1fvOcxs2slzb10featCWd873gRxJ bkZp7WhjdLIw3jJWE7qsd03ysV7ptnc33mhSgilPFlHkZrrM+67GV2i5MY+jT4kdepKy lHoVlgDV9IaZP1TKAsFzUF4bOcjIeqJCtaV6tYKjCclel8wqSorc2bCWleFDpKshIRkd zCQJkxdCe2QVwjs23XRmX8bhnI5cLCTNdCcs2Dy86/hZ3j8APwbvdEUu4yTGcFq1wvn1 i5CQsNX/SOlk1oekGZxN1NS+WtB3FEKhNqrT75ElUEbLEd4JFj3ZDE7VHt93kwn6k/OT KF5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678841265; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=EwBPx+UqTO7grWmvIHxQBcyLrYQZ/vCH68LZPZ9S27k=; b=7wlfxJfGY2zkH5XJfn3kVKyixYEAyKoxLeAfUnekf63glBI2UqNNvTPbKWePBiWZXu daLFgGj8egbvzmO0x+4qjt0qGqt7d/0aImNDG/VNEv24hWrlaVI6p7lV6Y7uLR+AhdlW 8A/qhFsIFey8XjpkHhhJ4+WpbPMIw2ehZYNWD4s/eGae5qf1WHKZghUEuZhSzKX2L845 hFRCHs252uA6YmcAohfzPEBkKoWJ7xn3PW9DwTaTmosK6CRS5B66ohDM6hRAeWnC/aaC KosJudxPxM65IlcMLToSn4k52V2AD8fGcp4Vn2fNCq0/Sq0kpjRsW+V6zHJXB+0Q0pTI RzOQ== X-Gm-Message-State: AO0yUKWzXSaCE1A0WbgLIDyqLW6+iw2mhhyQ6bdg4C607T49KktAQHIN DWxYXqJ0XpfZtaeVdSomgGZzx4gbIH0= X-Google-Smtp-Source: AK7set+Ego0QgpRq74ayNUnPPG6DkSW/keRy1zLO+iY+AOV355NsEY8KkhW5jZcxHtbLJcx+p9Hh5wyQN1c= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:903:1312:b0:1a0:5402:b17b with SMTP id iy18-20020a170903131200b001a05402b17bmr444844plb.0.1678841265253; Tue, 14 Mar 2023 17:47:45 -0700 (PDT) Date: Tue, 14 Mar 2023 17:47:43 -0700 In-Reply-To: <9f8c89bf44a8eb68407369d26956c24082562cd2.camel@intel.com> Mime-Version: 1.0 References: <20230310214232.806108-1-seanjc@google.com> <20230310214232.806108-6-seanjc@google.com> <9f8c89bf44a8eb68407369d26956c24082562cd2.camel@intel.com> Message-ID: Subject: Re: [PATCH v2 05/18] x86/reboot: KVM: Disable SVM during reboot via virt/KVM reboot callback From: Sean Christopherson To: Kai Huang Cc: Chao Gao , "dave.hansen@linux.intel.com" , "bp@alien8.de" , "x86@kernel.org" , "mingo@redhat.com" , "tglx@linutronix.de" , "andrew.cooper3@citrix.com" , "pbonzini@redhat.com" , "kvm@vger.kernel.org" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 14, 2023, Huang, Kai wrote: > On Mon, 2023-03-13 at 10:18 -0700, Sean Christopherson wrote: > > On Mon, Mar 13, 2023, Huang, Kai wrote: > > > On Fri, 2023-03-10 at 13:42 -0800, Sean Christopherson wrote: > > > > Use the virt callback to disable SVM (and set GIF=3D1) during an em= ergency > > > > instead of blindly attempting to disable SVM.=EF=BF=BD Like the VMX= case, if KVM > > > > (or an out-of-tree hypervisor) isn't loaded/active, SVM can't be in= use. > > > >=20 > > > > Signed-off-by: Sean Christopherson > > >=20 > > > [...] > > >=20 > > > > -#if IS_ENABLED(CONFIG_KVM_INTEL) > > > > +#if IS_ENABLED(CONFIG_KVM_INTEL) || IS_ENABLED(CONFIG_KVM_AMD) > > > > =EF=BF=BD/* RCU-protected callback to disable virtualization prior = to reboot. */ > > > > =EF=BF=BDstatic cpu_emergency_virt_cb __rcu *cpu_emergency_virt_cal= lback; > > > > =EF=BF=BD > > > > @@ -821,7 +821,7 @@ int crashing_cpu =3D -1; > > > > =EF=BF=BD */ > > > > =EF=BF=BDvoid cpu_emergency_disable_virtualization(void) > > > > =EF=BF=BD{ > > > > -#if IS_ENABLED(CONFIG_KVM_INTEL) > > > > +#if IS_ENABLED(CONFIG_KVM_INTEL) || IS_ENABLED(CONFIG_KVM_AMD) > > > > =EF=BF=BD cpu_emergency_virt_cb *callback; > > > > =EF=BF=BD > > > > =EF=BF=BD rcu_read_lock(); > > > > @@ -830,8 +830,6 @@ void cpu_emergency_disable_virtualization(void) > > > > =EF=BF=BD callback(); > > > > =EF=BF=BD rcu_read_unlock(); > > > > =EF=BF=BD#endif > > > > - /* KVM_AMD doesn't yet utilize the common callback. */ > > > > - cpu_emergency_svm_disable(); > > > > =EF=BF=BD} > > >=20 > > > Shouldn't the callback be always present since you want to consider '= out-of- > > > tree' hypervisor case? > >=20 > > No? The kernel doesn't provide any guarantees for out-of-tree code. I= don't have > > a super strong preference, though I do like the effective documentation= the checks > > provide. Buy more importantly, my understanding is that the x86 mainta= iners want > > to limit the exposure for these types of interfaces, e.g. `git grep IS_= ENABLED\(CONFIG_KVM` > > for a variety of hooks that are enabled iff KVM is enabled in the kerne= l config. >=20 > How about doing the embracing the code to do the emergency virt callback = as the > last step? I like that idea, it also makes a few other patches a bit cleaner. > I like the "cleanup" work in this series regardless whether we should gua= rd the > emergency virt callback with CONFIG_KVM_INTEL || CONFIG_KVM_AMD. If we d= o the > actual "cleanup" work first, and put the CONFIG_KVM_INTEL || CONFIG_KVM_A= MD as > the last step, it is also easier to review I guess, because it's kinda a > separate logic independent to the actual "cleanup" work. >=20 > Also, personally I don't particularly like the middle state in patch 04: >=20 > void cpu_emergency_disable_virtualization(void) > { > #if IS_ENABLED(CONFIG_KVM_INTEL) > - cpu_crash_vmclear_loaded_vmcss(); > -#endif > + cpu_emergency_virt_cb *callback; > =20 > - cpu_emergency_vmxoff(); > + rcu_read_lock(); > + callback =3D rcu_dereference(cpu_emergency_virt_callback); > + if (callback) > + callback(); > + rcu_read_unlock(); > +#endif > + /* KVM_AMD doesn't yet utilize the common callback. */ > cpu_emergency_svm_disable(); > } >=20 > Which eventually got fixed up in patch 05: >=20 > void cpu_emergency_disable_virtualization(void) > { > -#if IS_ENABLED(CONFIG_KVM_INTEL) > +#if IS_ENABLED(CONFIG_KVM_INTEL) || IS_ENABLED(CONFIG_KVM_AMD) > cpu_emergency_virt_cb *callback; > =20 > rcu_read_lock(); > @@ -830,8 +830,6 @@ void cpu_emergency_disable_virtualization(void) > callback(); > rcu_read_unlock(); > #endif > - /* KVM_AMD doesn't yet utilize the common callback. */ > - cpu_emergency_svm_disable(); > } > =20 > Could we just merge the two patches together?=20 I'd prefer not to squash the two. I agree it's ugly, but I dislike convert= ing VMX and SVM at the same time. I'm not totally opposed to moving everything= in one fell swoop, but my preference is to keep them separate.