From: Sean Christopherson <seanjc@google.com>

Date: Wed, 30 Nov 2022 23:36:49 +0000

Subject: [PATCH] x86/reboot: Disable virtualization in an emergency if SVM is

 supported

References: bsc#1012628

Patch-mainline: 6.2.3

Git-commit: d81f952aa657b76cea381384bef1fea35c5fd266

commit d81f952aa657b76cea381384bef1fea35c5fd266 upstream.

Disable SVM on all CPUs via NMI shootdown during an emergency reboot.

Like VMX, SVM can block INIT, e.g. if the emergency reboot is triggered

between CLGI and STGI, and thus can prevent bringing up other CPUs via

INIT-SIPI-SIPI.

Cc: stable@vger.kernel.org

Reviewed-by: Thomas Gleixner <tglx@linutronix.de>

Link: https://lore.kernel.org/r/20221130233650.1404148-4-seanjc@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Signed-off-by: Jiri Slaby <jslaby@suse.cz>

---

 arch/x86/kernel/reboot.c | 23 +++++++++++------------

 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c

index 374c14b3..d03c551d 100644

--- a/arch/x86/kernel/reboot.c

+++ b/arch/x86/kernel/reboot.c

@@ -530,27 +530,26 @@ static inline void kb_wait(void)

 static inline void nmi_shootdown_cpus_on_restart(void);

-/* Use NMIs as IPIs to tell all CPUs to disable virtualization */

-static void emergency_vmx_disable_all(void)

+static void emergency_reboot_disable_virtualization(void)

 {

 	/* Just make sure we won't change CPUs while doing this */

 	local_irq_disable();

 	/*

-	 * Disable VMX on all CPUs before rebooting, otherwise we risk hanging

-	 * the machine, because the CPU blocks INIT when it's in VMX root.

+	 * Disable virtualization on all CPUs before rebooting to avoid hanging

+	 * the system, as VMX and SVM block INIT when running in the host.

 	 *

 	 * We can't take any locks and we may be on an inconsistent state, so

-	 * use NMIs as IPIs to tell the other CPUs to exit VMX root and halt.

+	 * use NMIs as IPIs to tell the other CPUs to disable VMX/SVM and halt.

 	 *

-	 * Do the NMI shootdown even if VMX if off on _this_ CPU, as that

-	 * doesn't prevent a different CPU from being in VMX root operation.

+	 * Do the NMI shootdown even if virtualization is off on _this_ CPU, as

+	 * other CPUs may have virtualization enabled.

 	 */

-	if (cpu_has_vmx()) {

-		/* Safely force _this_ CPU out of VMX root operation. */

-		__cpu_emergency_vmxoff();

+	if (cpu_has_vmx() || cpu_has_svm(NULL)) {

+		/* Safely force _this_ CPU out of VMX/SVM operation. */

+		cpu_emergency_disable_virtualization();

-		/* Halt and exit VMX root operation on the other CPUs. */

+		/* Disable VMX/SVM and halt on other CPUs. */

 		nmi_shootdown_cpus_on_restart();

 	}

 }

@@ -587,7 +586,7 @@ static void native_machine_emergency_restart(void)

 	unsigned short mode;

 	if (reboot_emergency)

-		emergency_vmx_disable_all();

+		emergency_reboot_disable_virtualization();

 	tboot_shutdown(TB_SHUTDOWN_REBOOT);

-- 

2.35.3