Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp1951974rdg; Sun, 15 Oct 2023 05:02:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFJY7JnXwrQJH51u+M6EkerelHWStudkznECOqp4S+4DchoDcr2LJEaw8BjVQQXgfWqPjBa X-Received: by 2002:a17:903:2444:b0:1ca:2ec4:7f38 with SMTP id l4-20020a170903244400b001ca2ec47f38mr2294542pls.17.1697371333524; Sun, 15 Oct 2023 05:02:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697371333; cv=none; d=google.com; s=arc-20160816; b=V0d8PzCxN/EgglnwzMLXwDyb+L0sv1IHNKbEXF27ttzUA7avexUp/oAIN7fnL7YFiv LkDaATGhvVGeo/weZIwpRlFDVncLH1PE1N02xfSKsSbIiOTXvjTg7/qFRIPO7DxJstGX h7sLU9AwmMPqOaTVzBQpZOAMQU+sBFLmYVSO0m4mSP72PFlUlrigVB7Wxvag+R0wrFDv yOj9V7j2HVdA3ByAn6b/AOk3MgItktrRiUVpBp22KpLkHmoTHI0bMAQj3SibOPbUtHn/ /2HS7vRxumHKuqMr9fvIvqnzvYX0WWH8ACRfqSkM3Hii+NHqCqQzcdImrQRNXViRAbOl VkmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=7odMBbvZWVsldhQpSxACtvJJIZbtETAe+tcSmUnuJjg=; fh=oLCgLsxVBPmEUPfuhjUPGFtpC4Mt0Kp6G5wtJb7i9fo=; b=m9jIXLUhfeepXk5TavNnQ5H8OR4cJSwUjJr2MHQ8uEXPMA7s7sjfK23iiLYuuCIx4i HBUbpno7/CXdNjOmAunxWKqKi8/Oshsw8lSCCuX/Ur25XAm5kmWdPIE6OqDCMEQlXPzn OQ+8CyWmvcN8k5H1YF3Z1PDqEj1GmYwFljD+i2TahHzl+zXIDhqD+KrGTS4DWB9C7Zig lDkphJYvtjwnRsVW2KUqOdmTKAbVRwZTbT6X6d/QsINL2Mmozq3NZcce5pCgQn+NSTz2 gp6TlYPX4a9ual2UeCqqhP9oENfL73MUVZznhGQu4VHCcvFAbFZhHujCl2qY+aS1I/kJ 81XQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a41EoqoW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id c20-20020a170902c1d400b001ca27dfde3dsi3282795plc.541.2023.10.15.05.02.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Oct 2023 05:02:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a41EoqoW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 060ED8052584; Sun, 15 Oct 2023 05:02:09 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229837AbjJOMAP (ORCPT + 99 others); Sun, 15 Oct 2023 08:00:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229772AbjJOMAO (ORCPT ); Sun, 15 Oct 2023 08:00:14 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 147C4DC for ; Sun, 15 Oct 2023 04:59:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1697371166; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7odMBbvZWVsldhQpSxACtvJJIZbtETAe+tcSmUnuJjg=; b=a41EoqoW1G2L3hdhcydOQ0yobgubdV1VKWlS1ARhwEFqkaaauI2PwridMD5WiJTwfB7kJ8 cjgm9AoFczB7amyQxiP09gkftk81C8usZowc1vXtzDdxNjJblsda0mWyJDwq+D8uPbBKXI hwabISiTnmiKAhZW/JwW6OlPwupqm7c= Received: from mail-vs1-f71.google.com (mail-vs1-f71.google.com [209.85.217.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-205-oPq7Yw8uMF6FJ_qmb3ZiWA-1; Sun, 15 Oct 2023 07:59:19 -0400 X-MC-Unique: oPq7Yw8uMF6FJ_qmb3ZiWA-1 Received: by mail-vs1-f71.google.com with SMTP id ada2fe7eead31-457bcc71151so880361137.3 for ; Sun, 15 Oct 2023 04:59:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697371159; x=1697975959; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7odMBbvZWVsldhQpSxACtvJJIZbtETAe+tcSmUnuJjg=; b=D8/doDHGFqWl5OCry5xRAc4nJchLpaQo2Ogqhx3hzHuwYbOfRxS8Hrm4yXuPKPBhoy W48o7l1P9OxQ+CF/DGOGH82F1nc7tBwVbAQw7+LkuIAVIaXXJ3AvMoH+HbZrlBDVt4FK XhjJFNg2IFC1FIViH8Vgb7RPOD080skvOhlxVHo4SvzdwJ3eRiuWO13Cu9jqMf+hNmcE emTBPR3HSvtBEyRmOlPbKi/GUkh9faujEuFd0HCjJaHKJO4uWmsxBHM0zS38W0CkEAd1 V2Bnzjn9iJBJc0jMBexjGeBbDV0WI1U1Vc6njArVKFWeU78Lx4tADGfy2I14xaZwKKsV V+kw== X-Gm-Message-State: AOJu0YzgWn6fr/tdMa2QG2H6S2u5OuoGce2Xup5wn0H0HtcQ6x+vnX8L Vx8TVjWGy0OvCUH13r2Fgt40EeC4T5ZN+3oW29Gw2i0C0cs01zDslYf0DP7dOk2ChySuI34KQdh MHIIVHsvKmr1+1/OLHK0zhroyTfZLbi/ms9vgTQJ6 X-Received: by 2002:a67:f918:0:b0:452:8e07:db61 with SMTP id t24-20020a67f918000000b004528e07db61mr28478021vsq.6.1697371158539; Sun, 15 Oct 2023 04:59:18 -0700 (PDT) X-Received: by 2002:a67:f918:0:b0:452:8e07:db61 with SMTP id t24-20020a67f918000000b004528e07db61mr28478004vsq.6.1697371158260; Sun, 15 Oct 2023 04:59:18 -0700 (PDT) MIME-Version: 1.0 References: <20230914015459.51740-1-sashal@kernel.org> In-Reply-To: <20230914015459.51740-1-sashal@kernel.org> From: Paolo Bonzini Date: Sun, 15 Oct 2023 13:59:06 +0200 Message-ID: Subject: Re: [PATCH AUTOSEL 6.5 1/7] x86/reboot: VMCLEAR active VMCSes before emergency reboot To: Sasha Levin Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Sean Christopherson , Andrew Cooper , tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, akpm@linux-foundation.org, bhe@redhat.com, eric.devolder@oracle.com, hbathini@linux.ibm.com, sourabhjain@linux.ibm.com, bhelgaas@google.com, kai.huang@intel.com, peterz@infradead.org, jpoimboe@kernel.org, tiwai@suse.de, kvm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=0.6 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_SORBS_WEB,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sun, 15 Oct 2023 05:02:09 -0700 (PDT) On Thu, Sep 14, 2023 at 3:55=E2=80=AFAM Sasha Levin wro= te: > > From: Sean Christopherson > > [ Upstream commit b23c83ad2c638420ec0608a9de354507c41bec29 ] > > VMCLEAR active VMCSes before any emergency reboot, not just if the kernel > may kexec into a new kernel after a crash. Per Intel's SDM, the VMX > architecture doesn't require the CPU to flush the VMCS cache on INIT. If > an emergency reboot doesn't RESET CPUs, cached VMCSes could theoretically > be kept and only be written back to memory after the new kernel is booted= , > i.e. could effectively corrupt memory after reboot. > > Opportunistically remove the setting of the global pointer to NULL to mak= e > checkpatch happy. Intended as a cleanup but I guess it does not hurt, since it was the first = patch in the large series that included it. Acked-by: Paolo Bonzini Paolo > Cc: Andrew Cooper > Link: https://lore.kernel.org/r/20230721201859.2307736-2-seanjc@google.co= m > Signed-off-by: Sean Christopherson > Signed-off-by: Sasha Levin > --- > arch/x86/include/asm/kexec.h | 2 -- > arch/x86/include/asm/reboot.h | 2 ++ > arch/x86/kernel/crash.c | 31 ------------------------------- > arch/x86/kernel/reboot.c | 22 ++++++++++++++++++++++ > arch/x86/kvm/vmx/vmx.c | 10 +++------- > 5 files changed, 27 insertions(+), 40 deletions(-) > > diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h > index 5b77bbc28f969..819046974b997 100644 > --- a/arch/x86/include/asm/kexec.h > +++ b/arch/x86/include/asm/kexec.h > @@ -205,8 +205,6 @@ int arch_kimage_file_post_load_cleanup(struct kimage = *image); > #endif > #endif > > -typedef void crash_vmclear_fn(void); > -extern crash_vmclear_fn __rcu *crash_vmclear_loaded_vmcss; > extern void kdump_nmi_shootdown_cpus(void); > > #endif /* __ASSEMBLY__ */ > diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.= h > index 9177b4354c3f5..dc201724a6433 100644 > --- a/arch/x86/include/asm/reboot.h > +++ b/arch/x86/include/asm/reboot.h > @@ -25,6 +25,8 @@ void __noreturn machine_real_restart(unsigned int type)= ; > #define MRR_BIOS 0 > #define MRR_APM 1 > > +typedef void crash_vmclear_fn(void); > +extern crash_vmclear_fn __rcu *crash_vmclear_loaded_vmcss; > void cpu_emergency_disable_virtualization(void); > > typedef void (*nmi_shootdown_cb)(int, struct pt_regs*); > diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c > index cdd92ab43cda4..54cd959cb3160 100644 > --- a/arch/x86/kernel/crash.c > +++ b/arch/x86/kernel/crash.c > @@ -48,38 +48,12 @@ struct crash_memmap_data { > unsigned int type; > }; > > -/* > - * This is used to VMCLEAR all VMCSs loaded on the > - * processor. And when loading kvm_intel module, the > - * callback function pointer will be assigned. > - * > - * protected by rcu. > - */ > -crash_vmclear_fn __rcu *crash_vmclear_loaded_vmcss =3D NULL; > -EXPORT_SYMBOL_GPL(crash_vmclear_loaded_vmcss); > - > -static inline void cpu_crash_vmclear_loaded_vmcss(void) > -{ > - crash_vmclear_fn *do_vmclear_operation =3D NULL; > - > - rcu_read_lock(); > - do_vmclear_operation =3D rcu_dereference(crash_vmclear_loaded_vmc= ss); > - if (do_vmclear_operation) > - do_vmclear_operation(); > - rcu_read_unlock(); > -} > - > #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC) > > static void kdump_nmi_callback(int cpu, struct pt_regs *regs) > { > crash_save_cpu(regs, cpu); > > - /* > - * VMCLEAR VMCSs loaded on all cpus if needed. > - */ > - cpu_crash_vmclear_loaded_vmcss(); > - > /* > * Disable Intel PT to stop its logging > */ > @@ -133,11 +107,6 @@ void native_machine_crash_shutdown(struct pt_regs *r= egs) > > crash_smp_send_stop(); > > - /* > - * VMCLEAR VMCSs loaded on this cpu if needed. > - */ > - cpu_crash_vmclear_loaded_vmcss(); > - > cpu_emergency_disable_virtualization(); > > /* > diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c > index 3adbe97015c13..3fa4c6717a1db 100644 > --- a/arch/x86/kernel/reboot.c > +++ b/arch/x86/kernel/reboot.c > @@ -787,6 +787,26 @@ void machine_crash_shutdown(struct pt_regs *regs) > } > #endif > > +/* > + * This is used to VMCLEAR all VMCSs loaded on the > + * processor. And when loading kvm_intel module, the > + * callback function pointer will be assigned. > + * > + * protected by rcu. > + */ > +crash_vmclear_fn __rcu *crash_vmclear_loaded_vmcss; > +EXPORT_SYMBOL_GPL(crash_vmclear_loaded_vmcss); > + > +static inline void cpu_crash_vmclear_loaded_vmcss(void) > +{ > + crash_vmclear_fn *do_vmclear_operation =3D NULL; > + > + rcu_read_lock(); > + do_vmclear_operation =3D rcu_dereference(crash_vmclear_loaded_vmc= ss); > + if (do_vmclear_operation) > + do_vmclear_operation(); > + rcu_read_unlock(); > +} > > /* This is the CPU performing the emergency shutdown work. */ > int crashing_cpu =3D -1; > @@ -798,6 +818,8 @@ int crashing_cpu =3D -1; > */ > void cpu_emergency_disable_virtualization(void) > { > + cpu_crash_vmclear_loaded_vmcss(); > + > cpu_emergency_vmxoff(); > cpu_emergency_svm_disable(); > } > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > index df461f387e20d..f60fb79fea881 100644 > --- a/arch/x86/kvm/vmx/vmx.c > +++ b/arch/x86/kvm/vmx/vmx.c > @@ -41,7 +41,7 @@ > #include > #include > #include > -#include > +#include > #include > #include > #include > @@ -754,7 +754,6 @@ static int vmx_set_guest_uret_msr(struct vcpu_vmx *vm= x, > return ret; > } > > -#ifdef CONFIG_KEXEC_CORE > static void crash_vmclear_local_loaded_vmcss(void) > { > int cpu =3D raw_smp_processor_id(); > @@ -764,7 +763,6 @@ static void crash_vmclear_local_loaded_vmcss(void) > loaded_vmcss_on_cpu_link) > vmcs_clear(v->vmcs); > } > -#endif /* CONFIG_KEXEC_CORE */ > > static void __loaded_vmcs_clear(void *arg) > { > @@ -8622,10 +8620,9 @@ static void __vmx_exit(void) > { > allow_smaller_maxphyaddr =3D false; > > -#ifdef CONFIG_KEXEC_CORE > RCU_INIT_POINTER(crash_vmclear_loaded_vmcss, NULL); > synchronize_rcu(); > -#endif > + > vmx_cleanup_l1d_flush(); > } > > @@ -8674,10 +8671,9 @@ static int __init vmx_init(void) > pi_init_cpu(cpu); > } > > -#ifdef CONFIG_KEXEC_CORE > rcu_assign_pointer(crash_vmclear_loaded_vmcss, > crash_vmclear_local_loaded_vmcss); > -#endif > + > vmx_check_vmcs12_offsets(); > > /* > -- > 2.40.1 >