From d4e670e3793696375b79af1c7b79ee5b947edb7f Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Mar 2021 12:32:23 +0100 Subject: [PATCH] 4.9-stable patches added patches: x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch --- queue-4.9/series | 1 + ...to-exit-vmx-root-if-vmx-is-supported.patch | 70 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 queue-4.9/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch diff --git a/queue-4.9/series b/queue-4.9/series index 599a741c95c..910d0d0652e 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -105,3 +105,4 @@ btrfs-fix-extent-buffer-leak-on-failure-to-copy-root.patch seccomp-add-missing-return-in-non-void-function.patch drivers-misc-vmw_vmci-restrict-too-big-queue-size-in-qp_host_alloc_queue.patch staging-rtl8188eu-add-edimax-ew-7811un-v2-to-device-table.patch +x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch diff --git a/queue-4.9/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch b/queue-4.9/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch new file mode 100644 index 00000000000..f8bd9785559 --- /dev/null +++ b/queue-4.9/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch @@ -0,0 +1,70 @@ +From ed72736183c45a413a8d6974dd04be90f514cb6b Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 30 Dec 2020 16:26:55 -0800 +Subject: x86/reboot: Force all cpus to exit VMX root if VMX is supported + +From: Sean Christopherson + +commit ed72736183c45a413a8d6974dd04be90f514cb6b upstream. + +Force all CPUs to do VMXOFF (via NMI shootdown) during an emergency +reboot if VMX is _supported_, as VMX being off on the current CPU does +not prevent other CPUs from being in VMX root (post-VMXON). This fixes +a bug where a crash/panic reboot could leave other CPUs in VMX root and +prevent them from being woken via INIT-SIPI-SIPI in the new kernel. + +Fixes: d176720d34c7 ("x86: disable VMX on all CPUs on reboot") +Cc: stable@vger.kernel.org +Suggested-by: Sean Christopherson +Signed-off-by: David P. Reed +[sean: reworked changelog and further tweaked comment] +Signed-off-by: Sean Christopherson +Message-Id: <20201231002702.2223707-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/reboot.c | 29 ++++++++++------------------- + 1 file changed, 10 insertions(+), 19 deletions(-) + +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -539,29 +539,20 @@ static void emergency_vmx_disable_all(vo + local_irq_disable(); + + /* +- * We need to disable VMX on all CPUs before rebooting, otherwise +- * we risk hanging up the machine, because the CPU ignore INIT +- * signals when VMX is enabled. ++ * Disable VMX on all CPUs before rebooting, otherwise we risk hanging ++ * the machine, because the CPU blocks INIT when it's in VMX root. + * +- * We can't take any locks and we may be on an inconsistent +- * state, so we use NMIs as IPIs to tell the other CPUs to disable +- * VMX and halt. ++ * We can't take any locks and we may be on an inconsistent state, so ++ * use NMIs as IPIs to tell the other CPUs to exit VMX root and halt. + * +- * For safety, we will avoid running the nmi_shootdown_cpus() +- * stuff unnecessarily, but we don't have a way to check +- * if other CPUs have VMX enabled. So we will call it only if the +- * CPU we are running on has VMX enabled. +- * +- * We will miss cases where VMX is not enabled on all CPUs. This +- * shouldn't do much harm because KVM always enable VMX on all +- * CPUs anyway. But we can miss it on the small window where KVM +- * is still enabling VMX. ++ * Do the NMI shootdown even if VMX if off on _this_ CPU, as that ++ * doesn't prevent a different CPU from being in VMX root operation. + */ +- if (cpu_has_vmx() && cpu_vmx_enabled()) { +- /* Disable VMX on this CPU. */ +- cpu_vmxoff(); ++ if (cpu_has_vmx()) { ++ /* Safely force _this_ CPU out of VMX root operation. */ ++ __cpu_emergency_vmxoff(); + +- /* Halt and disable VMX on the other CPUs */ ++ /* Halt and exit VMX root operation on the other CPUs. */ + nmi_shootdown_cpus(vmxoff_nmi); + + } -- 2.47.3