From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: "tglx@linutronix.de" <tglx@linutronix.de>,
"x86@kernel.org" <x86@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Chao Gao <chao.gao@intel.com>,
"andrew.cooper3@citrix.com" <andrew.cooper3@citrix.com>
Subject: Re: [PATCH v4 19/19] KVM: VMX: Skip VMCLEAR logic during emergency reboots if CR4.VMXE=0
Date: Tue, 25 Jul 2023 11:15:08 -0700 [thread overview]
Message-ID: <ZMARLNcPwovmOZvg@google.com> (raw)
In-Reply-To: <c90d244a6b372322028d0e5b42d60fb1a23476da.camel@intel.com>
On Tue, Jul 25, 2023, Kai Huang wrote:
> On Fri, 2023-07-21 at 13:18 -0700, Sean Christopherson wrote:
> > Bail from vmx_emergency_disable() without processing the list of loaded
> > VMCSes if CR4.VMXE=0, i.e. if the CPU can't be post-VMXON. It should be
> > impossible for the list to have entries if VMX is already disabled, and
> > even if that invariant doesn't hold, VMCLEAR will #UD anyways, i.e.
> > processing the list is pointless even if it somehow isn't empty.
> >
> > Assuming no existing KVM bugs, this should be a glorified nop. The
> > primary motivation for the change is to avoid having code that looks like
> > it does VMCLEAR, but then skips VMXON, which is nonsensical.
> >
> > Suggested-by: Kai Huang <kai.huang@intel.com>
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> > arch/x86/kvm/vmx/vmx.c | 12 ++++++++++--
> > 1 file changed, 10 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> > index 5d21931842a5..0ef5ede9cb7c 100644
> > --- a/arch/x86/kvm/vmx/vmx.c
> > +++ b/arch/x86/kvm/vmx/vmx.c
> > @@ -773,12 +773,20 @@ static void vmx_emergency_disable(void)
> >
> > kvm_rebooting = true;
> >
> > + /*
> > + * Note, CR4.VMXE can be _cleared_ in NMI context, but it can only be
> > + * set in task context. If this races with VMX is disabled by an NMI,
> > + * VMCLEAR and VMXOFF may #UD, but KVM will eat those faults due to
> > + * kvm_rebooting set.
> > + */
>
> I am not quite following this comment. IIUC this code path is only called from
> NMI context in case of emergency VMX disable.
The CPU that initiates the emergency reboot can invoke the callback from process
context, only responding CPUs are guaranteed to be handled via NMI shootdown.
E.g. `reboot -f` will reach this point synchronously.
> How can it race with "VMX is disabled by an NMI"?
Somewhat theoretically, a different CPU could panic() and do a shootdown of the
CPU that is handling `reboot -f`.
next prev parent reply other threads:[~2023-07-25 18:15 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-21 20:18 [PATCH v4 00/19] x86/reboot: KVM: Clean up "emergency" virt code Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 01/19] x86/reboot: VMCLEAR active VMCSes before emergency reboot Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 02/19] x86/reboot: Harden virtualization hooks for " Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 03/19] x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback Sean Christopherson
2023-07-24 23:57 ` Huang, Kai
2023-07-21 20:18 ` [PATCH v4 04/19] x86/reboot: KVM: Disable SVM during reboot via virt/KVM " Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 05/19] x86/reboot: Assert that IRQs are disabled when turning off virtualization Sean Christopherson
2023-07-24 21:19 ` Peter Zijlstra
2023-07-24 21:41 ` Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 06/19] x86/reboot: Hoist "disable virt" helpers above "emergency reboot" path Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 07/19] x86/reboot: Disable virtualization during reboot iff callback is registered Sean Christopherson
2023-07-24 23:57 ` Huang, Kai
2023-07-21 20:18 ` [PATCH v4 08/19] x86/reboot: Expose VMCS crash hooks if and only if KVM_{INTEL,AMD} is enabled Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 09/19] x86/virt: KVM: Open code cpu_has_vmx() in KVM VMX Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 10/19] x86/virt: KVM: Move VMXOFF helpers into " Sean Christopherson
2023-07-28 9:08 ` Xu Yilun
2023-07-28 9:43 ` Huang, Kai
2023-07-21 20:18 ` [PATCH v4 11/19] KVM: SVM: Make KVM_AMD depend on CPU_SUP_AMD or CPU_SUP_HYGON Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 12/19] x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 13/19] x86/virt: KVM: Open code cpu_has_svm() into kvm_is_svm_supported() Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 14/19] KVM: SVM: Check that the current CPU supports SVM in kvm_is_svm_supported() Sean Christopherson
2023-07-24 21:21 ` Peter Zijlstra
2023-07-24 21:40 ` Sean Christopherson
2023-07-25 9:16 ` Peter Zijlstra
2023-07-27 16:39 ` Sean Christopherson
2023-07-24 22:29 ` Dmitry Torokhov
2023-07-24 23:53 ` Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 15/19] KVM: VMX: Ensure CPU is stable when probing basic VMX support Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 16/19] x86/virt: KVM: Move "disable SVM" helper into KVM SVM Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 17/19] KVM: x86: Force kvm_rebooting=true during emergency reboot/crash Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 18/19] KVM: SVM: Use "standard" stgi() helper when disabling SVM Sean Christopherson
2023-07-21 20:18 ` [PATCH v4 19/19] KVM: VMX: Skip VMCLEAR logic during emergency reboots if CR4.VMXE=0 Sean Christopherson
2023-07-25 3:51 ` Huang, Kai
2023-07-25 18:15 ` Sean Christopherson [this message]
2023-07-25 22:20 ` Huang, Kai
2023-08-04 0:40 ` [PATCH v4 00/19] x86/reboot: KVM: Clean up "emergency" virt code Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMARLNcPwovmOZvg@google.com \
--to=seanjc@google.com \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).