Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp6290172rwd;
        Mon, 5 Jun 2023 16:21:42 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ54nDjVAVqDpozYMmczatl+gLII+wnk+XU8xDU3wo/5EGEx6ER62nxyGdXdXjzD+91AbSg6
X-Received: by 2002:a17:90a:1996:b0:255:c061:9e5b with SMTP id 22-20020a17090a199600b00255c0619e5bmr70318pji.37.1686007302586;
        Mon, 05 Jun 2023 16:21:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1686007302; cv=none;
        d=google.com; s=arc-20160816;
        b=JrWZajHAUKSnewAWM26aCAqvrqYGQQwml4KVdyrfRbHKndlaZHJgHDdK8zimsJ1k9b
         TmTGFr4k4OoAejl6AUe6nATOrcZr6pA/Hr4P0e5DVA3BHSKfJ8kW5mBdkSazdQjmrAhh
         PefY9O0zVfRhQ48dy3s+jgTrqwUzITQG4veK2ri4Fp7jqgUzp+pbUFlsFHO+8oWyoTbP
         v3F30KsHZ9LgYOhblhhYuLD8E7QZBbNi0MuHWtgpnA+eHxVih2tmrk07KlaVBMQCs9nG
         L+j4P7kEjtgfkokHrAlVSSnRgamS6Yqtqy5YRYFliK5TKu5TbHHKdw63UIa9IaKXfjTi
         Q9vQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=LSPALKOMgu0znVAkTZi0egalZkDuKKFX0FmKFEoVp3U=;
        b=zq4fjpmbs18tMDScIpT0W2L0MNNMe8QK+xHqYaem6ikPS2D/Cvs0uHWj999N5Od8YQ
         TtrzatWixM3csAWKiooyEK3qCn1NnsvBPjUKNklLE0krxa6OnenHmFPUH2zgRDofQlWt
         W9Yxnq0j2IRPsAcTB+1Vetsh+rBrws6HEUgisN5woJdGmu002cbE8l9vDy+6yx2ZDoBY
         5ulgx9abERBRXcr1wsB+hlQzJ8VDl+CK8ugJ6McXFQWl9unRJSFCti8Vpv72SVELJIGm
         jZ+EsrcmLQdYu9XmR5UhkgllDbHAPts+6yejZeOiACtb/kXU3wKWWtmw5SuGaQI+dPqI
         69/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=IgFASXeb;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id v202-20020a6361d3000000b0053fb50e49e5si1055823pgb.603.2023.06.05.16.21.27;
        Mon, 05 Jun 2023 16:21:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=IgFASXeb;
       dkim=neutral (no key) header.i=@linutronix.de;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231667AbjFEWls (ORCPT <rfc822;a.bouin@gmail.com> + 99 others);
        Mon, 5 Jun 2023 18:41:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39224 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229791AbjFEWlq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Jun 2023 18:41:46 -0400
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D68ADF3
        for <linux-kernel@vger.kernel.org>; Mon,  5 Jun 2023 15:41:45 -0700 (PDT)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1686004904;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=LSPALKOMgu0znVAkTZi0egalZkDuKKFX0FmKFEoVp3U=;
        b=IgFASXebsbHy0DHhjf+bWQPFvidaQRuzKyzdENs+T8rb5vFLB5bbQKAJ8XGvHnsOJz3PW6
        /zjHUbXHmOomgRUQROKDD0twpXXdUuxLCL2MwdJ+dbz0cyXZGVY7zDOsmJ4ucIiePMXjdj
        KHMkrE+zAJ2zjsGfQTmhLgCLBc2nMF4UVzIWLrGzNt8icMiA9jawB46xNPAzLWKzs4h4JI
        a/Jiq5FqteUgvX24RzrtuUyrfT58dNWkmw4B0VDAJU3GceQpJz//EbSS9vIIik4GMTPmS9
        SFSuXPYXjk25lwtvy8yAAqNdaVGgBi2NzfsuV3Om9gDdrWJRSDxzfknOJ/SYFw==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1686004904;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=LSPALKOMgu0znVAkTZi0egalZkDuKKFX0FmKFEoVp3U=;
        b=U8Iu9pLnoMu12CiBh6aRsUyv7srg1+VWpBhDzRS/ttJ3r8KoRNg8JpGecuyHR5TvM87UBV
        /EJ/VWV+t8tPqsCw==
To:     Sean Christopherson <seanjc@google.com>
Cc:     LKML <linux-kernel@vger.kernel.org>, x86@kernel.org,
        Ashok Raj <ashok.raj@linux.intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Tony Luck <tony.luck@intel.com>,
        Arjan van de Veen <arjan@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Eric Biederman <ebiederm@xmission.com>
Subject: Re: [patch 0/6] Cure kexec() vs. mwait_play_dead() troubles
In-Reply-To: <ZH4eNL4Bf7yPItee@google.com>
References: <20230603193439.502645149@linutronix.de>
 <ZH4eNL4Bf7yPItee@google.com>
Date:   Tue, 06 Jun 2023 00:41:43 +0200
Message-ID: <87pm694jmg.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Jun 05 2023 at 10:41, Sean Christopherson wrote:
> On Sat, Jun 03, 2023, Thomas Gleixner wrote:
>> This is only half safe because HLT can resume execution due to NMI, SMI and
>> MCE. Unfortunately there is no real safe mechanism to "park" a CPU reliably,
>
> On Intel.  On AMD, enabling EFER.SVME and doing CLGI will block everything except
> single-step #DB (lol) and RESET.  #MC handling is implementation-dependent and
> *might* cause shutdown, but at least there's a chance it will work.  And presumably
> modern CPUs do pend the #MC until GIF=1.

Abusing SVME for that is definitely in the realm of creative bonus
points, but not necessarily a general purpose solution.

>> So parking them via INIT is not completely solving the problem, but it
>> takes at least NMI and SMI out of the picture.
>
> Don't most SMM handlers rendezvous all CPUs?  I.e. won't blocking SMIs indefinitely
> potentially cause problems too?

Not that I'm aware of. If so then this would be a hideous firmware bug
as firmware must be aware of CPUs which hang around in INIT independent
of this.

> Why not carve out a page that's hidden across kexec() to hold whatever code+data
> is needed to safely execute a HLT loop indefinitely?

See below.

> E.g. doesn't the original kernel provide the e820 tables for the
> post-kexec() kernel?

Only for crash kernels if I'm not missing something.

Making this work for regular kexec() including this:

> To avoid OOM after many kexec(), reserving a page could be done iff
> the current kernel wasn't itself kexec()'d.

would be possible and I thought about it, but that needs a complete new
design of "offline", "shutdown offline" and a non-trivial amount of
backwards compatibility magic because you can't assume that the kexec()
kernel version is greater or equal to the current one. kexec() is
supposed to work both ways, downgrading and upgrading. IOW, that ship
sailed long ago.

Thanks,

        tglx