Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported

From: Sean Christopherson
Date: Thu May 12 2022 - 10:39:18 EST

Next message: Guo Zhengkui: "Re: [PATCH] RDMA: replace ternary operator with min()"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v2 03/26] dmaengine: dw-edma: Release requested IRQs on failure"
In reply to: Thomas Gleixner: "Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported"
Next in thread: Thomas Gleixner: "Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 12, 2022, Thomas Gleixner wrote:
> On Wed, May 11 2022 at 23:43, Sean Christopherson wrote:
> > Disable SVM on all CPUs via NMI shootdown during an emergency reboot.
> > Like VMX, SVM can block INIT and thus prevent bringing up other CPUs via
> > INIT-SIPI-SIPI.
>
> With the delta patch applied, I'd make that:
>
> --- a/arch/x86/kernel/reboot.c
> +++ b/arch/x86/kernel/reboot.c
> @@ -530,29 +530,25 @@ static inline void kb_wait(void)
>
> static inline void nmi_shootdown_cpus_on_restart(void);
>
> -/* Use NMIs as IPIs to tell all CPUs to disable virtualization */
> -static void emergency_vmx_disable_all(void)
> +static void emergency_reboot_disable_virtualization(void)
> {
> /* Just make sure we won't change CPUs while doing this */
> local_irq_disable();
>
> /*
> - * Disable VMX on all CPUs before rebooting, otherwise we risk hanging
> - * the machine, because the CPU blocks INIT when it's in VMX root.
> + * Disable virtualization on all CPUs before rebooting to avoid hanging
> + * the system, as VMX and SVM block INIT when running in the host
> *
> * We can't take any locks and we may be on an inconsistent state, so
> - * use NMIs as IPIs to tell the other CPUs to exit VMX root and halt.
> + * use NMIs as IPIs to tell the other CPUs to disable VMX/SVM and halt.
> *
> - * Do the NMI shootdown even if VMX if off on _this_ CPU, as that
> - * doesn't prevent a different CPU from being in VMX root operation.
> + * Do the NMI shootdown even if virtualization is off on _this_ CPU, as
> + * other CPUs may have virtualization enabled.
> */
> - if (cpu_has_vmx()) {
> - /* Safely force _this_ CPU out of VMX root operation. */
> - __cpu_emergency_vmxoff();
> + cpu_crash_disable_virtualization();
>
> - /* Halt and exit VMX root operation on the other CPUs. */
> + if (cpu_has_vmx() || cpu_has_svm(NULL))
> nmi_shootdown_cpus_on_restart();
> - }

What about leaving cpu_crash_disable_virtualization() inside the if-statement?
It feels wierd to "disable" virtualization on the current CPU but ignore others,
e.g. if there's some newfangled type of virtualization in the future, I would be
quite surprised if only the CPU doing the transfer needed to disable virtualization.

if (cpu_has_vmx() || cpu_has_svm(NULL)) {
/* Safely force _this_ CPU out of VMX/SVM operation. */
cpu_crash_disable_virtualization();

/* Disable VMX/SVM and halt on other CPUs. */
nmi_shootdown_cpus_on_restart()
}

> }
>
>
> @@ -587,7 +583,7 @@ static void native_machine_emergency_res
> unsigned short mode;
>
> if (reboot_emergency)
> - emergency_vmx_disable_all();
> + emergency_reboot_disable_virtualization();
>
> tboot_shutdown(TB_SHUTDOWN_REBOOT);
>

Next message: Guo Zhengkui: "Re: [PATCH] RDMA: replace ternary operator with min()"
Previous message: Manivannan Sadhasivam: "Re: [PATCH v2 03/26] dmaengine: dw-edma: Release requested IRQs on failure"
In reply to: Thomas Gleixner: "Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported"
Next in thread: Thomas Gleixner: "Re: [PATCH 2/2] x86/reboot: Disable virtualization in an emergency if SVM is supported"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]