On Sun, Jul 05, 2020 at 01:53:39PM -0700, Andy Lutomirski wrote: > On Sun, Jul 5, 2020 at 1:00 PM David P. Reed <dpr...@deepplum.com> wrote: > > > > On Sunday, July 5, 2020 2:26pm, "Andy Lutomirski" <l...@kernel.org> said: > > > As a minor caveat, doing cr4_clear_bits() in NMI context is not really > > > okay, but we're about to reboot, so nothing too awful should happen. > > > And this has very little to do with your patch. > > > > I had wondered why the bit is cleared, too. (I assumed it was OK or > > desirable, because it was being cleared in NMI context before). Happy to > > submit a separate patch to eliminate that issue as well, since the point of > > emergency vmxoff is only to get out of VMX root mode - CR4.VMXE's state is > > irrelevant. Of course, clearing it prevents any future emergency vmxoff > > attempts. (there seemed to be some confusion about "enabling" VMX vs. "in > > VMX operation" in the comments) Should I? > > I have a vague recollection of some firmwares that got upset if rebooted with > CR4.VMXE set. Sean?
Hmm, rebooting with CR4.VMXE=1 shouldn't be a problem. VMXON does all the special stuff that causes problems with reboot, e.g. blocks INIT, prevents disabling paging, etc... That being said, I think it makes sense to keep the clearing of CR4.VMXE out of paranoia as BIOS will be BIOS, and there is no real downside. Not only is the system about to reboot, but the CPUs that call cr4_clear_bits() from NMI context are also being put into an infinite loop by crash_nmi_callback(), i.e. they never leave NMI context. And we rely on that behavior, otherwise KVM could set CR4.VMXE and do VMXON after the NMI and the whole thing would be for naught. > The real issue here is that the percpu CR4 machinery uses IRQ-offness as a > lock, and NMI breaks this.