[PATCH v2 0/2] x86: clear vmcss on all cpus when doing kdump if necessary

[PATCH v2 0/2] x86: clear vmcss on all cpus when doing kdump if necessary

[Zhang Yanfei]

Currently, kdump just makes all the logical processors leave VMX operation by
executing VMXOFF instruction, so any VMCSs active on the logical processors may
be corrupted. But, sometimes, we need the VMCSs to debug guest images contained
in the host vmcore. To prevent the corruption, we should VMCLEAR the VMCSs before
executing the VMXOFF instruction.

The patch set provides a way to VMCLEAR vmcss related to guests on all cpus before
executing the VMXOFF when doing kdump. This is used to ensure the VMCSs in the
vmcore updated and non-corrupted.

Changelog from v1 to v2:
1. remove the sysctl and clear VMCSs unconditionally.

zhangyanfei (2):
  x86/kexec: VMCLEAR vmcss on all cpus if necessary
  KVM: make crash_clear_loaded_vmcss valid when loading kvm_intel
    module

 arch/x86/include/asm/kexec.h |    2 ++
 arch/x86/kernel/crash.c      |   27 +++++++++++++++++++++++++++
 arch/x86/kvm/vmx.c           |    9 +++++++++
 3 files changed, 38 insertions(+), 0 deletions(-)

[PATCH 1/2] x86/kexec: VMCLEAR vmcss on all cpus if necessary

[Zhang Yanfei]

This patch provides a way to VMCLEAR vmcss related to guests
on all cpus before executing the VMXOFF when doing kdump. This
is used to ensure the VMCSs in the vmcore updated and
non-corrupted.

Signed-off-by: zhangyanfei <zhangyanfei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
---
 arch/x86/include/asm/kexec.h |    2 ++
 arch/x86/kernel/crash.c      |   27 +++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 0 deletions(-)

diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h
index 317ff17..fc05440 100644
--- a/arch/x86/include/asm/kexec.h
+++ b/arch/x86/include/asm/kexec.h
@@ -163,6 +163,8 @@ struct kimage_arch {
 };
 #endif
 
+extern void (*crash_clear_loaded_vmcss)(void);
+
 #endif /* __ASSEMBLY__ */
 
 #endif /* _ASM_X86_KEXEC_H */
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index 13ad899..7289976 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -16,6 +16,7 @@
 #include <linux/delay.h>
 #include <linux/elf.h>
 #include <linux/elfcore.h>
+#include <linux/module.h>
 
 #include <asm/processor.h>
 #include <asm/hardirq.h>
@@ -30,6 +31,22 @@
 
 int in_crash_kexec;
 
+/*
+ * This is used to VMCLEAR vmcss loaded on all
+ * cpus. And when loading kvm_intel module, the
+ * function pointer will be made valid.
+ */
+void (*crash_clear_loaded_vmcss)(void) = NULL;
+EXPORT_SYMBOL_GPL(crash_clear_loaded_vmcss);
+
+static void cpu_emergency_clear_loaded_vmcss(void)
+{
+	if (crash_clear_loaded_vmcss &&
+	    cpu_has_vmx() && cpu_vmx_enabled()) {
+		crash_clear_loaded_vmcss();
+	}
+}
+
 #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC)
 
 static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
@@ -46,6 +63,11 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
 #endif
 	crash_save_cpu(regs, cpu);
 
+	/*
+	 * VMCLEAR vmcss loaded on all cpus if needed.
+	 */
+	cpu_emergency_clear_loaded_vmcss();
+
 	/* Disable VMX or SVM if needed.
 	 *
 	 * We need to disable virtualization on all CPUs.
@@ -88,6 +110,11 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
 
 	kdump_nmi_shootdown_cpus();
 
+	/*
+	 * VMCLEAR vmcss loaded on this cpu if needed.
+	 */
+	cpu_emergency_clear_loaded_vmcss();
+
 	/* Booting kdump kernel with VMX or SVM enabled won't work,
 	 * because (among other limitations) we can't disable paging
 	 * with the virt flags.
-- 
1.7.1

[PATCH 2/2] KVM: make crash_clear_loaded_vmcss valid when loading kvm_intel module

[Zhang Yanfei]

Signed-off-by: zhangyanfei <zhangyanfei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
---
 arch/x86/kvm/vmx.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4ff0ab9..f6a16b2 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -41,6 +41,7 @@
 #include <asm/i387.h>
 #include <asm/xcr.h>
 #include <asm/perf_event.h>
+#include <asm/kexec.h>
 
 #include "trace.h"
 
@@ -7230,6 +7231,10 @@ static int __init vmx_init(void)
 	if (r)
 		goto out3;
 
+#ifdef CONFIG_KEXEC
+	crash_clear_loaded_vmcss = vmclear_local_loaded_vmcss;
+#endif
+
 	vmx_disable_intercept_for_msr(MSR_FS_BASE, false);
 	vmx_disable_intercept_for_msr(MSR_GS_BASE, false);
 	vmx_disable_intercept_for_msr(MSR_KERNEL_GS_BASE, true);
@@ -7265,6 +7270,10 @@ static void __exit vmx_exit(void)
 	free_page((unsigned long)vmx_io_bitmap_b);
 	free_page((unsigned long)vmx_io_bitmap_a);
 
+#ifdef CONFIG_KEXEC
+	crash_clear_loaded_vmcss = NULL;
+#endif
+
 	kvm_exit();
 }
 
-- 
1.7.1

Re: [PATCH v2 0/2] x86: clear vmcss on all cpus when doing kdump if necessary

[zhangyanfei]

Would anyone help review the patch, and give some comments, please ? 

Avi?

于 2012年10月19日 13:41, Zhang Yanfei 写道:
> Currently, kdump just makes all the logical processors leave VMX operation by
> executing VMXOFF instruction, so any VMCSs active on the logical processors may
> be corrupted. But, sometimes, we need the VMCSs to debug guest images contained
> in the host vmcore. To prevent the corruption, we should VMCLEAR the VMCSs before
> executing the VMXOFF instruction.
> 
> The patch set provides a way to VMCLEAR vmcss related to guests on all cpus before
> executing the VMXOFF when doing kdump. This is used to ensure the VMCSs in the
> vmcore updated and non-corrupted.
> 
> Changelog from v1 to v2:
> 1. remove the sysctl and clear VMCSs unconditionally.
> 
> zhangyanfei (2):
>   x86/kexec: VMCLEAR vmcss on all cpus if necessary
>   KVM: make crash_clear_loaded_vmcss valid when loading kvm_intel
>     module
> 
>  arch/x86/include/asm/kexec.h |    2 ++
>  arch/x86/kernel/crash.c      |   27 +++++++++++++++++++++++++++
>  arch/x86/kvm/vmx.c           |    9 +++++++++
>  3 files changed, 38 insertions(+), 0 deletions(-)
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 

Re: [PATCH 1/2] x86/kexec: VMCLEAR vmcss on all cpus if necessary

[Marcelo Tosatti]

On Fri, Oct 19, 2012 at 01:44:31PM +0800, Zhang Yanfei wrote:
> This patch provides a way to VMCLEAR vmcss related to guests
> on all cpus before executing the VMXOFF when doing kdump. This
> is used to ensure the VMCSs in the vmcore updated and
> non-corrupted.
> 
> Signed-off-by: zhangyanfei <zhangyanfei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
> ---
>  arch/x86/include/asm/kexec.h |    2 ++
>  arch/x86/kernel/crash.c      |   27 +++++++++++++++++++++++++++
>  2 files changed, 29 insertions(+), 0 deletions(-)
> 
> diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h
> index 317ff17..fc05440 100644
> --- a/arch/x86/include/asm/kexec.h
> +++ b/arch/x86/include/asm/kexec.h
> @@ -163,6 +163,8 @@ struct kimage_arch {
>  };
>  #endif
>  
> +extern void (*crash_clear_loaded_vmcss)(void);
> +
>  #endif /* __ASSEMBLY__ */
>  
>  #endif /* _ASM_X86_KEXEC_H */
> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
> index 13ad899..7289976 100644
> --- a/arch/x86/kernel/crash.c
> +++ b/arch/x86/kernel/crash.c
> @@ -16,6 +16,7 @@
>  #include <linux/delay.h>
>  #include <linux/elf.h>
>  #include <linux/elfcore.h>
> +#include <linux/module.h>
>  
>  #include <asm/processor.h>
>  #include <asm/hardirq.h>
> @@ -30,6 +31,22 @@
>  
>  int in_crash_kexec;
>  
> +/*
> + * This is used to VMCLEAR vmcss loaded on all
> + * cpus. And when loading kvm_intel module, the
> + * function pointer will be made valid.
> + */
> +void (*crash_clear_loaded_vmcss)(void) = NULL;
> +EXPORT_SYMBOL_GPL(crash_clear_loaded_vmcss);
> +
> +static void cpu_emergency_clear_loaded_vmcss(void)
> +{
> +	if (crash_clear_loaded_vmcss &&
> +	    cpu_has_vmx() && cpu_vmx_enabled()) {
> +		crash_clear_loaded_vmcss();
> +	}
> +}
> +

Are all this checks necessary? 

if (crash_clear_loaded_vmcss)
	crash_clear_loaded_vmcss();

Should be enough ? (callback only set if kvm-vmx module loaded).

>  #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC)
>  
>  static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
> @@ -46,6 +63,11 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
>  #endif
>  	crash_save_cpu(regs, cpu);
>  
> +	/*
> +	 * VMCLEAR vmcss loaded on all cpus if needed.
> +	 */
> +	cpu_emergency_clear_loaded_vmcss();
> +
>  	/* Disable VMX or SVM if needed.
>  	 *
>  	 * We need to disable virtualization on all CPUs.
> @@ -88,6 +110,11 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
>  
>  	kdump_nmi_shootdown_cpus();
>  
> +	/*
> +	 * VMCLEAR vmcss loaded on this cpu if needed.
> +	 */
> +	cpu_emergency_clear_loaded_vmcss();
> +
>  	/* Booting kdump kernel with VMX or SVM enabled won't work,
>  	 * because (among other limitations) we can't disable paging
>  	 * with the virt flags.
> -- 
> 1.7.1
> 
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] x86/kexec: VMCLEAR vmcss on all cpus if necessary

[zhangyanfei]

于 2012年10月31日 08:18, Marcelo Tosatti 写道:
> On Fri, Oct 19, 2012 at 01:44:31PM +0800, Zhang Yanfei wrote:
>> This patch provides a way to VMCLEAR vmcss related to guests
>> on all cpus before executing the VMXOFF when doing kdump. This
>> is used to ensure the VMCSs in the vmcore updated and
>> non-corrupted.
>>
>> Signed-off-by: zhangyanfei <zhangyanfei@cn.fujitsu.com>
>> ---
>>  arch/x86/include/asm/kexec.h |    2 ++
>>  arch/x86/kernel/crash.c      |   27 +++++++++++++++++++++++++++
>>  2 files changed, 29 insertions(+), 0 deletions(-)
>>
>> diff --git a/arch/x86/include/asm/kexec.h b/arch/x86/include/asm/kexec.h
>> index 317ff17..fc05440 100644
>> --- a/arch/x86/include/asm/kexec.h
>> +++ b/arch/x86/include/asm/kexec.h
>> @@ -163,6 +163,8 @@ struct kimage_arch {
>>  };
>>  #endif
>>  
>> +extern void (*crash_clear_loaded_vmcss)(void);
>> +
>>  #endif /* __ASSEMBLY__ */
>>  
>>  #endif /* _ASM_X86_KEXEC_H */
>> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
>> index 13ad899..7289976 100644
>> --- a/arch/x86/kernel/crash.c
>> +++ b/arch/x86/kernel/crash.c
>> @@ -16,6 +16,7 @@
>>  #include <linux/delay.h>
>>  #include <linux/elf.h>
>>  #include <linux/elfcore.h>
>> +#include <linux/module.h>
>>  
>>  #include <asm/processor.h>
>>  #include <asm/hardirq.h>
>> @@ -30,6 +31,22 @@
>>  
>>  int in_crash_kexec;
>>  
>> +/*
>> + * This is used to VMCLEAR vmcss loaded on all
>> + * cpus. And when loading kvm_intel module, the
>> + * function pointer will be made valid.
>> + */
>> +void (*crash_clear_loaded_vmcss)(void) = NULL;
>> +EXPORT_SYMBOL_GPL(crash_clear_loaded_vmcss);
>> +
>> +static void cpu_emergency_clear_loaded_vmcss(void)
>> +{
>> +	if (crash_clear_loaded_vmcss &&
>> +	    cpu_has_vmx() && cpu_vmx_enabled()) {
>> +		crash_clear_loaded_vmcss();
>> +	}
>> +}
>> +
> 
> Are all this checks necessary? 
> 
> if (crash_clear_loaded_vmcss)
> 	crash_clear_loaded_vmcss();
> 
> Should be enough ? (callback only set if kvm-vmx module loaded).

Hmm, it is enough. Thanks.

> 
>>  #if defined(CONFIG_SMP) && defined(CONFIG_X86_LOCAL_APIC)
>>  
>>  static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
>> @@ -46,6 +63,11 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs)
>>  #endif
>>  	crash_save_cpu(regs, cpu);
>>  
>> +	/*
>> +	 * VMCLEAR vmcss loaded on all cpus if needed.
>> +	 */
>> +	cpu_emergency_clear_loaded_vmcss();
>> +
>>  	/* Disable VMX or SVM if needed.
>>  	 *
>>  	 * We need to disable virtualization on all CPUs.
>> @@ -88,6 +110,11 @@ void native_machine_crash_shutdown(struct pt_regs *regs)
>>  
>>  	kdump_nmi_shootdown_cpus();
>>  
>> +	/*
>> +	 * VMCLEAR vmcss loaded on this cpu if needed.
>> +	 */
>> +	cpu_emergency_clear_loaded_vmcss();
>> +
>>  	/* Booting kdump kernel with VMX or SVM enabled won't work,
>>  	 * because (among other limitations) we can't disable paging
>>  	 * with the virt flags.
>> -- 
>> 1.7.1
>>