This is a note to let you know that I've just added the patch titled
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
x86-reboot-disable-svm-not-just-vmx-when-stopping-cpus.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From a2b07fa7b93321c059af0c6d492cc9a4f1e390aa Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@xxxxxxxxxx>
Date: Wed, 30 Nov 2022 23:36:50 +0000
Subject: x86/reboot: Disable SVM, not just VMX, when stopping CPUs
From: Sean Christopherson <seanjc@xxxxxxxxxx>
commit a2b07fa7b93321c059af0c6d492cc9a4f1e390aa upstream.
Disable SVM and more importantly force GIF=1 when halting a CPU or
rebooting the machine. Similar to VMX, SVM allows software to block
INITs via CLGI, and thus can be problematic for a crash/reboot. The
window for failure is smaller with SVM as INIT is only blocked while
GIF=0, i.e. between CLGI and STGI, but the window does exist.
Fixes: fba4f472b33a ("x86/reboot: Turn off KVM when halting a CPU")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20221130233650.1404148-5-seanjc@xxxxxxxxxx
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/smp.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/arch/x86/kernel/smp.c
+++ b/arch/x86/kernel/smp.c
@@ -32,7 +32,7 @@
#include <asm/mce.h>
#include <asm/trace/irq_vectors.h>
#include <asm/kexec.h>
-#include <asm/virtext.h>
+#include <asm/reboot.h>
/*
* Some notes on x86 processor bugs affecting SMP operation:
@@ -122,7 +122,7 @@ static int smp_stop_nmi_callback(unsigne
if (raw_smp_processor_id() == atomic_read(&stopping_cpu))
return NMI_HANDLED;
- cpu_emergency_vmxoff();
+ cpu_emergency_disable_virtualization();
stop_this_cpu(NULL);
return NMI_HANDLED;
@@ -134,7 +134,7 @@ static int smp_stop_nmi_callback(unsigne
DEFINE_IDTENTRY_SYSVEC(sysvec_reboot)
{
ack_APIC_irq();
- cpu_emergency_vmxoff();
+ cpu_emergency_disable_virtualization();
stop_this_cpu(NULL);
}
Patches currently in stable-queue which might be from seanjc@xxxxxxxxxx are
queue-6.1/kvm-svm-hyper-v-placate-modpost-section-mismatch-error.patch
queue-6.1/kvm-svm-flush-the-current-tlb-when-activating-avic.patch
queue-6.1/x86-virt-force-gif-1-prior-to-disabling-svm-for-reboot-flows.patch
queue-6.1/kvm-x86-inject-gp-if-wrmsr-sets-reserved-bits-in-apic-self-ipi.patch
queue-6.1/x86-reboot-disable-svm-not-just-vmx-when-stopping-cpus.patch
queue-6.1/kvm-svm-process-icr-on-avic-ipi-delivery-failure-due-to-invalid-target.patch
queue-6.1/kvm-x86-don-t-inhibit-apicv-avic-if-xapic-id-mismatch-is-due-to-32-bit-id.patch
queue-6.1/x86-reboot-disable-virtualization-in-an-emergency-if-svm-is-supported.patch
queue-6.1/kvm-svm-don-t-put-load-avic-when-setting-virtual-apic-mode.patch
queue-6.1/x86-crash-disable-virt-in-core-nmi-crash-handler-to-avoid-double-shootdown.patch
queue-6.1/kvm-register-dev-kvm-as-the-_very_-last-thing-during-initialization.patch
queue-6.1/kvm-x86-don-t-inhibit-apicv-avic-on-xapic-id-change-if-apic-is-disabled.patch
queue-6.1/kvm-destroy-target-device-if-coalesced-mmio-unregistration-fails.patch
queue-6.1/kvm-svm-fix-potential-overflow-in-sev-s-send-receive_update_data.patch
queue-6.1/kvm-x86-blindly-get-current-x2apic-reg-value-on-nodecode-write-traps.patch
queue-6.1/kvm-x86-purge-highest-isr-cache-when-updating-apicv-state.patch
queue-6.1/kvm-x86-inject-gp-on-x2apic-wrmsr-that-sets-reserved-bits-63-32.patch
queue-6.1/kvm-vmx-fix-crash-due-to-uninitialized-current_vmcs.patch
