From: Eduardo Habkost <ehabkost@redhat.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Avi Kivity <avi@redhat.com>, Ingo Molnar <mingo@elte.hu>,
Andrey Borzenkov <arvidjaar@mail.ru>,
mingo@redhat.com, Andrew Morton <akpm@osdl.org>,
"Rafael J. Wysocki" <rjw@sisk.pl>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Use BIOS reboot on Toshiba Portege 4000
Date: Mon, 3 Nov 2008 15:01:15 -0200 [thread overview]
Message-ID: <20081103170115.GC23893@blackpad> (raw)
In-Reply-To: <m1myggdbzg.fsf@frodo.ebiederm.org>
On Mon, Nov 03, 2008 at 08:13:07AM -0800, Eric W. Biederman wrote:
> Avi Kivity <avi@redhat.com> writes:
>
> > Eduardo Habkost wrote:
> >> We probably need to disable vmx on all CPUs, but emergency reboot skips
> >> native_smp_send_stop() (where we could hook a virt_disable call in).
> >>
> >> As relying on IPIs defeats the whole point of emergency_restart, a proper
> >> fix will need to use NMIs like the kdump code does.
> >>
> >
> > They should use the same code; they have a similar environment at entry and
> > reliability requirements for e_r are not greater than kdump's.
>
> Just a sec.
>
> I think we are confusing two issues here.
>
> - Ordinary machine_restart which happens to call emergency_restart.
> And is proceeded by machine_shutdown.
>
> - And emergency_restart itself.
>
I am considering only emergency_restart() itself, that simply reboots
the machine. All other cases should be calling the KVM reboot notifier,
that disables virtualization on all CPUs.
> To some extent I would be a lot happier if Alt-sysrq-r did what
> was necessary to get into a context where it can call machine_restart
> or even better kernel_restart().
> emergency_restart() is a nice idea but is broken by design.
Eliminating emergency_restart() looks good in theory, but can we
eliminate it on all cases? We need something for cases when we are on
a possibly-broken state and we want to reboot the machine as reliably
as possible.
>
> That said. If we can turn off vmx on that one processor.
> That should be enough for the cpu to triple fault and let
> the BIOS do what it needs to do on that cpu i.e. outb(magic, 0x92)
> and toggle a motherboard level reset?
>
> If I read the earlier comments correctly the deep issue is
> that going through ACPI to reset systems is less reliable than
> doing it the classic way.
That's what Ingo suggested: instead of defaulting to ACPI reboot,
disable VMX before rebooting if needed and get back to a safer default.
That leads us to the NMI stuff: we need to disable VMX on all CPUs,
and we can't use IPIs if we are on a possibly-broken state.
--
Eduardo
next prev parent reply other threads:[~2008-11-03 17:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-31 18:18 [PATCH] Use BIOS reboot on Toshiba Portege 4000 Andrey Borzenkov
2008-11-03 9:08 ` Ingo Molnar
2008-11-03 10:02 ` Avi Kivity
2008-11-03 10:04 ` Ingo Molnar
2008-11-03 13:33 ` Eduardo Habkost
2008-11-03 14:41 ` Avi Kivity
2008-11-03 16:13 ` Eric W. Biederman
2008-11-03 17:01 ` Eduardo Habkost [this message]
2008-11-04 10:47 ` Avi Kivity
2008-11-04 11:22 ` Eric W. Biederman
2008-11-04 11:57 ` Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081103170115.GC23893@blackpad \
--to=ehabkost@redhat.com \
--cc=akpm@osdl.org \
--cc=arvidjaar@mail.ru \
--cc=avi@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.