From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78F11C4321E for ; Wed, 30 Nov 2022 23:39:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229591AbiK3XjF (ORCPT ); Wed, 30 Nov 2022 18:39:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229600AbiK3XjD (ORCPT ); Wed, 30 Nov 2022 18:39:03 -0500 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70D244AF00 for ; Wed, 30 Nov 2022 15:39:02 -0800 (PST) Received: by mail-pj1-x102e.google.com with SMTP id e7-20020a17090a77c700b00216928a3917so3518907pjs.4 for ; Wed, 30 Nov 2022 15:39:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=+55T+4ONOvaYsE+6obyb6DikaQJsPRvNFJ9o9IsRukA=; b=Hnitb+mv3s4ykP8SrDWRgX4N7fmyxP9h0XNLylRtM/CT+Y6HwowRv85rVfw36Wia1I HVZfo/MoqbuvWyZ79FwPILHpihssnWQ3IH0Et1BuvekGJu7R0+pBcXdYkhZyGLjD/1vb GnuUCnTe6F0Cdu+d0JuNVtFP/dvrPUtI8CQZYq8KvigG5eeccMNv2HrxBxaQwYWOuTKd wf7dX0tFBEhXFcXr9aSATpBBrFhFfg0xhGAgMMpeHs+tgpQwe1fUM2EcyDYQjsF4zueA XQo8cuK0BsgpSmI0Wp9+4lkslJx3MZJm2CPoXcwhHrtSgFETJwauw0LgDElwcaoQ+c0+ T4Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=+55T+4ONOvaYsE+6obyb6DikaQJsPRvNFJ9o9IsRukA=; b=NRsLuIT4lly+A7SDDghed9DRvuMNgVy0AaASnUOFVzdqliBNAStrZPnaZnbac2WhnD tQRq9sSD9xZCCijbKmxRhK0wEVroOS91BT2ZKbpO4SkY1smoA11Zgz3Ye1RlQvLekKfT Ei6efb1CBTO5pnmtIMHmsetXndjYGjyKrq75dDSKJBV2FgRwKI0CqlNx6+71XHjsOS2p xIzkV7tY2QqQxXBoYwWT+y0xoy3pCMrxxUeAQwPogMMTCR9GSXtrqhy7X0VnhkE2aJ1q 0xyqiRfRRcwTqdAXyJw94cDbam9i2tpTmAecc13yKmYPmV0sPZE6DMKOZg+EDYLXgsgV DUaA== X-Gm-Message-State: ANoB5pld5rcn2oap1Dt5VcE1LMKTcLW1zN4/P+V35HS6e6O00g8JYRUg OGTEC7i7wwfh4WiU93lKrvBm4A== X-Google-Smtp-Source: AA0mqf7Pumi1TwhZ/YS4keCyLs2pVgC7z3TCjEFYMruTaQ6IQ4xgog1/oM5nhDr7SbcBkXyWk35bLg== X-Received: by 2002:a17:90a:4fc1:b0:213:16b5:f45e with SMTP id q59-20020a17090a4fc100b0021316b5f45emr71882071pjh.170.1669851541868; Wed, 30 Nov 2022 15:39:01 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id d77-20020a621d50000000b00575fea99db9sm895901pfd.27.2022.11.30.15.39.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Nov 2022 15:39:01 -0800 (PST) Date: Wed, 30 Nov 2022 23:38:57 +0000 From: Sean Christopherson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, "Guilherme G . Piccoli" , Vitaly Kuznetsov , Paolo Bonzini , Andrew Cooper , Tom Lendacky Subject: Re: [PATCH v4 4/4] x86/reboot: Disable SVM, not just VMX, when stopping CPUs Message-ID: References: <20221130233650.1404148-1-seanjc@google.com> <20221130233650.1404148-5-seanjc@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221130233650.1404148-5-seanjc@google.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 30, 2022, Sean Christopherson wrote: > Disable SVM and more importantly force GIF=1 when halting a CPU or > rebooting the machine. Similar to VMX, SVM allows software to block > INITs via CLGI, and thus can be problematic for a crash/reboot. The > window for failure is smaller with SVM as INIT is only blocked while > GIF=0, i.e. between CLGI and STGI, but the window does exist. > > Fixes: fba4f472b33a ("x86/reboot: Turn off KVM when halting a CPU") > Cc: stable@vger.kernel Argh, forgot the .org, and of course my scripts then failed to filter out the address.