On Wed, Jun 10, 2020 at 02:59:19PM -0700, Andy Lutomirski wrote: > > > > On Jun 10, 2020, at 11:21 AM, David P. Reed <[email protected]> wrote: > > > > If a panic/reboot occurs when CR4 has VMX enabled, a VMXOFF is > > done on all CPUS, to allow the INIT IPI to function, since > > INIT is suppressed when CPUs are in VMX root operation. > > However, VMXOFF causes an undefined operation fault if the CPU is not > > in VMX operation, that is, VMXON has not been executed, or VMXOFF > > has been executed, but VMX is enabled. > > I’m surprised. Wouldn’t this mean that emergency reboots always fail it a VM > is running? I would think someone would have noticed before.
The call to cpu_vmxoff() is conditioned on CR4.VMXE==1, which KVM toggles in tandem with VMXON and VMXOFF. Out of tree hypervisors presumably do the same. That's obviously not atomic though, e.g. VMXOFF will #UD if the vmxoff_nmi() NMI arrives between CR4.VMXE=1 and VMXON, or between VMXOFF and CR4.VMXE=0.
