From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 9287A343D8A; Wed, 8 Apr 2026 01:37:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612225; cv=none; b=B2qq92ysngSw9P2IXGXAP/1CaCi4nwnLE/QBRvTkEJhK3zvFZSwuvF7kZb3AoT6RYsc0EQE5dlw2i1poiSgSOKThRqjgegY59CCuohokh0PdAnTNOEbPI7YcwOJTJGhIXGoTX1k4O0mISBxItN5pJbB7zWvo1nidGZwLgAHytlQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612225; c=relaxed/simple; bh=obyKh64l9yrXn8gD04IWn9P9eLF+n7SG/27diORGajU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=oSWQeydAZccr8ZigLZFnAunKcILP7G0AGJ0Q5jU3jSIppYgKAEMpoI1SwZTumrSKNl01DWTmcPhsYU+af7/FQx7tCtawbl1fa2AKDqk+zpY33Ud2G/K/sClFvlS2TkJuJXcQfLYuMeMKWFGRzg+FpxPC5G/ItPnUZhZ2ePUbZ5k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=ODqa9X7p; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="ODqa9X7p" Received: by linux.microsoft.com (Postfix, from userid 1241) id 7F83F20B6F08; Tue, 7 Apr 2026 18:37:04 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7F83F20B6F08 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612224; bh=GnfbMemLS2Nq7SuzpUuTcCtFJ3VZEYcGXdV/uwz4RYQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ODqa9X7pSmJddXGEe96F9tdwarihCcaTGqdae+AqgyTZKnUeMDlzqIt84O817gCEK 1ivt0f03UemteE+XaBk5i8rEmz/KrqGrWiK+/Nkon2jelWn1yYEFuq2XMLydaODieh G+zkIPdsx67eegxES4Y44lAGe5S93qe+DABX/2QE= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser Subject: [PATCH v3 1/6] Drivers: hv: vmbus: fix hyperv_cpuhp_online variable shadowing Date: Tue, 7 Apr 2026 18:36:38 -0700 Message-ID: <20260408013645.286723-2-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" vmbus_alloc_synic_and_connect() declares a local 'int hyperv_cpuhp_online' that shadows the file-scope global of the same name. The cpuhp state returned by cpuhp_setup_state() is stored in the local, leaving the global at 0 (CPUHP_OFFLINE). When hv_kexec_handler() or hv_machine_shutdown() later call cpuhp_remove_state(hyperv_cpuhp_online) they pass 0, which hits the BUG_ON in __cpuhp_remove_state_cpuslocked(). Remove the local declaration so the cpuhp state is stored in the file-scope global where hv_kexec_handler() and hv_machine_shutdown() expect it. Fixes: 2647c96649ba ("Drivers: hv: Support establishing the confidential VM= Bus connection") Signed-off-by: Jork Loeser --- drivers/hv/vmbus_drv.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 3faa74e49a6b..5e7a6839c933 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -1422,7 +1422,6 @@ static int vmbus_alloc_synic_and_connect(void) { int ret, cpu; struct work_struct __percpu *works; - int hyperv_cpuhp_online; =20 ret =3D hv_synic_alloc(); if (ret < 0) --=20 2.43.0 From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 785FB345752; Wed, 8 Apr 2026 01:37:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612226; cv=none; b=f47buZuc/U7qoS7hpJJ0YswQYM/lLlICMSRgJjdy+Jk7+bzidfPAIuucKKSU0vRnjX1pt1RNljvcR+AgVowOiDeMip1Fo7e4Z5AtYL+5UvGP5s4CE+YQ88chLFRxdNT0AMTwbh/OX45EjYapl9hXkHKpB8qL1O8PLY5BtFstakM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612226; c=relaxed/simple; bh=D3+nTek4z+f2K6DxERB6jh7RqgMhOQ91+SvxspOvKjk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mLU1urpJw/+XsBacu+puBWkj26szeAUNMTwfagF2AC4gYpW48uynayZY7ByedmG56GwDty/C4g016G1QTK9t8DyhLV+86sOidjjBr6qt7rfw9a2swhbRHyaREsiZqsBSOxfXgzj8jLDLGrLmPlh4tC1jdcmh0WYq1oFMeuXZwuk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=dlhHp83C; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="dlhHp83C" Received: by linux.microsoft.com (Postfix, from userid 1241) id 6AF7120B6F0C; Tue, 7 Apr 2026 18:37:05 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6AF7120B6F0C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612225; bh=yfCzaUkvJYM8O7R2xk5HIq2mTUM6YiYpv8qiLrcpMaw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dlhHp83COysq0cK0LeYRJnstD1riOaHdPSvGYDI3FJFpdQYj8cn3/eK9nglQnscKU xoYp0e2kyck7F7cnqVT5aG9FMwxI3vxUSPh6MUdPlEqBu5+oi8GqODvAkheMEXKC9b x2/C3KjMuzBA/M7hNogi97m69drPn0hbd0ID4ZDY= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser , Anirudh Rayabharam Subject: [PATCH v3 2/6] x86/hyperv: move stimer cleanup to hv_machine_shutdown() Date: Tue, 7 Apr 2026 18:36:39 -0700 Message-ID: <20260408013645.286723-3-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move hv_stimer_global_cleanup() from vmbus's hv_kexec_handler() to hv_machine_shutdown() in the platform code. This ensures stimer cleanup happens before the vmbus unload, which is required for root partition kexec to work correctly. Co-developed-by: Anirudh Rayabharam Signed-off-by: Anirudh Rayabharam Signed-off-by: Jork Loeser --- arch/x86/kernel/cpu/mshyperv.c | 8 ++++++-- drivers/hv/vmbus_drv.c | 1 - 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index a7dfc29d3470..e498b6b2ef19 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -237,8 +237,12 @@ void hv_remove_crash_handler(void) #ifdef CONFIG_KEXEC_CORE static void hv_machine_shutdown(void) { - if (kexec_in_progress && hv_kexec_handler) - hv_kexec_handler(); + if (kexec_in_progress) { + hv_stimer_global_cleanup(); + + if (hv_kexec_handler) + hv_kexec_handler(); + } =20 /* * Call hv_cpu_die() on all the CPUs, otherwise later the hypervisor diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 5e7a6839c933..c5dfe9f3b206 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -2891,7 +2891,6 @@ static struct platform_driver vmbus_platform_driver = =3D { =20 static void hv_kexec_handler(void) { - hv_stimer_global_cleanup(); vmbus_initiate_unload(false); /* Make sure conn_state is set as hv_synic_cleanup checks for it */ mb(); --=20 2.43.0 From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5D29D35E958; Wed, 8 Apr 2026 01:37:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612227; cv=none; b=IBrd+ORL4+Dh1C8i6vNUUACsC4hQjsg/w7UWVfePj1A0IeaaI1+Xho24pd8K9Ylx9QYbTp5FYDkNFmzFkg5GWRhwLtCg8+Or8fJAQizHBRETDyBg7QnNUEKGkI7uZZGokHIn2YkBGjY46ld+rK9RqYFpJhrNgSEazhMb2oXNaWI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612227; c=relaxed/simple; bh=5vJHaq3eo4Y/hcgJmmq8UOBjqc/4Gj9YzufbwE8WrbE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Nvv9rbmEbszTHSZCjFAu29sa9qzuJE1CaEQaUsYMjeQFqvztnwN7+dbypAbHVrOllviWU3QUCRDAHlEY3SQOEUf63oEzHGgQd7A8vyNloAo48AeZumLgA94KzKu6tXb8rHKnILfEZmSY8U2NQpHkapJh/wjoU/RAQaTr3tkkGwM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=ZQg32MwE; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="ZQg32MwE" Received: by linux.microsoft.com (Postfix, from userid 1241) id 402BE20B6F15; Tue, 7 Apr 2026 18:37:06 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 402BE20B6F15 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612226; bh=nfTEGLuFUMN6pobJ916c4oa3BQ3jfNsFNHpUsQ5Xat8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ZQg32MwEyKraZJQCLnRqPK6HujYyiD9qmh3lImtGcATThtKIQegqnUMJXWFCKqpsF vEIrZVY1ZpmxwT2QPf7bmNHirNM4kwnHbyIJb4t/mIM3hyZGgrn+4EuoWKoV5mpKJt /F4Ax0Nn5sTvcFazUCCzPC2D4D1orMutE4v6DcuQ= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser , Anirudh Rayabharam , Stanislav Kinsburskii , Mukesh Rathor Subject: [PATCH v3 3/6] x86/hyperv: Skip LP/VP creation on kexec Date: Tue, 7 Apr 2026 18:36:40 -0700 Message-ID: <20260408013645.286723-4-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After a kexec the logical processors and virtual processors already exist in the hypervisor because they were created by the previous kernel. Attempting to add them again causes either a BUG_ON or corrupted VP state leading to MCEs in the new kernel. Add hv_lp_exists() to probe whether an LP is already present by calling HVCALL_GET_LOGICAL_PROCESSOR_RUN_TIME. When it succeeds the LP exists and we skip the add-LP and create-VP loops entirely. Also add hv_call_notify_all_processors_started() which informs the hypervisor that all processors are online. This is required after adding LPs (fresh boot) and is a no-op on kexec since we skip that path. Co-developed-by: Anirudh Rayabharam Signed-off-by: Anirudh Rayabharam Co-developed-by: Stanislav Kinsburskii Signed-off-by: Stanislav Kinsburskii Co-developed-by: Mukesh Rathor Signed-off-by: Mukesh Rathor Signed-off-by: Jork Loeser --- arch/x86/kernel/cpu/mshyperv.c | 7 +++++ drivers/hv/hv_proc.c | 47 ++++++++++++++++++++++++++++++++++ include/asm-generic/mshyperv.h | 10 ++++++++ include/hyperv/hvgdk_mini.h | 1 + include/hyperv/hvhdk_mini.h | 12 +++++++++ 5 files changed, 77 insertions(+) diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c index e498b6b2ef19..b5b6a58b67b0 100644 --- a/arch/x86/kernel/cpu/mshyperv.c +++ b/arch/x86/kernel/cpu/mshyperv.c @@ -431,6 +431,10 @@ static void __init hv_smp_prepare_cpus(unsigned int ma= x_cpus) } =20 #ifdef CONFIG_X86_64 + /* If AP LPs exist, we are in a kexec'd kernel and VPs already exist */ + if (num_present_cpus() =3D=3D 1 || hv_lp_exists(1)) + return; + for_each_present_cpu(i) { if (i =3D=3D 0) continue; @@ -438,6 +442,9 @@ static void __init hv_smp_prepare_cpus(unsigned int max= _cpus) BUG_ON(ret); } =20 + ret =3D hv_call_notify_all_processors_started(); + WARN_ON(ret); + for_each_present_cpu(i) { if (i =3D=3D 0) continue; diff --git a/drivers/hv/hv_proc.c b/drivers/hv/hv_proc.c index 3cb4b2a3035c..57b2c64197cb 100644 --- a/drivers/hv/hv_proc.c +++ b/drivers/hv/hv_proc.c @@ -239,3 +239,50 @@ int hv_call_create_vp(int node, u64 partition_id, u32 = vp_index, u32 flags) return ret; } EXPORT_SYMBOL_GPL(hv_call_create_vp); + +int hv_call_notify_all_processors_started(void) +{ + struct hv_input_notify_partition_event *input; + u64 status; + unsigned long irq_flags; + int ret =3D 0; + + local_irq_save(irq_flags); + input =3D *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->event =3D HV_PARTITION_ALL_LOGICAL_PROCESSORS_STARTED; + status =3D hv_do_hypercall(HVCALL_NOTIFY_PARTITION_EVENT, + input, NULL); + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + hv_status_err(status, "\n"); + ret =3D hv_result_to_errno(status); + } + return ret; +} + +bool hv_lp_exists(u32 lp_index) +{ + struct hv_input_get_logical_processor_run_time *input; + struct hv_output_get_logical_processor_run_time *output; + unsigned long flags; + u64 status; + + local_irq_save(flags); + input =3D *this_cpu_ptr(hyperv_pcpu_input_arg); + output =3D *this_cpu_ptr(hyperv_pcpu_output_arg); + + input->lp_index =3D lp_index; + status =3D hv_do_hypercall(HVCALL_GET_LOGICAL_PROCESSOR_RUN_TIME, + input, output); + local_irq_restore(flags); + + if (!hv_result_success(status) && + hv_result(status) !=3D HV_STATUS_INVALID_LP_INDEX) { + hv_status_err(status, "\n"); + BUG(); + } + + return hv_result_success(status); +} diff --git a/include/asm-generic/mshyperv.h b/include/asm-generic/mshyperv.h index d37b68238c97..bf601d67cecb 100644 --- a/include/asm-generic/mshyperv.h +++ b/include/asm-generic/mshyperv.h @@ -347,6 +347,8 @@ bool hv_result_needs_memory(u64 status); int hv_deposit_memory_node(int node, u64 partition_id, u64 status); int hv_call_deposit_pages(int node, u64 partition_id, u32 num_pages); int hv_call_add_logical_proc(int node, u32 lp_index, u32 acpi_id); +int hv_call_notify_all_processors_started(void); +bool hv_lp_exists(u32 lp_index); int hv_call_create_vp(int node, u64 partition_id, u32 vp_index, u32 flags); =20 #else /* CONFIG_MSHV_ROOT */ @@ -366,6 +368,14 @@ static inline int hv_call_add_logical_proc(int node, u= 32 lp_index, u32 acpi_id) { return -EOPNOTSUPP; } +static inline int hv_call_notify_all_processors_started(void) +{ + return -EOPNOTSUPP; +} +static inline bool hv_lp_exists(u32 lp_index) +{ + return false; +} static inline int hv_call_create_vp(int node, u64 partition_id, u32 vp_ind= ex, u32 flags) { return -EOPNOTSUPP; diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index f9600f87186a..6a4e8b9d570f 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -435,6 +435,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_AS= SIST_PAGE */ /* HV_CALL_CODE */ #define HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE 0x0002 #define HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST 0x0003 +#define HVCALL_GET_LOGICAL_PROCESSOR_RUN_TIME 0x0004 #define HVCALL_NOTIFY_LONG_SPIN_WAIT 0x0008 #define HVCALL_SEND_IPI 0x000b #define HVCALL_ENABLE_VP_VTL 0x000f diff --git a/include/hyperv/hvhdk_mini.h b/include/hyperv/hvhdk_mini.h index 091c03e26046..b4cb2fa26e9b 100644 --- a/include/hyperv/hvhdk_mini.h +++ b/include/hyperv/hvhdk_mini.h @@ -362,6 +362,7 @@ union hv_partition_event_input { =20 enum hv_partition_event { HV_PARTITION_EVENT_ROOT_CRASHDUMP =3D 2, + HV_PARTITION_ALL_LOGICAL_PROCESSORS_STARTED =3D 4, }; =20 struct hv_input_notify_partition_event { @@ -369,6 +370,17 @@ struct hv_input_notify_partition_event { union hv_partition_event_input input; } __packed; =20 +struct hv_input_get_logical_processor_run_time { + u32 lp_index; +} __packed; + +struct hv_output_get_logical_processor_run_time { + u64 global_time; + u64 local_run_time; + u64 rsvdz0; + u64 hypervisor_time; +} __packed; + struct hv_lp_startup_status { u64 hv_status; u64 substatus1; --=20 2.43.0 From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0D1511448E0; Wed, 8 Apr 2026 01:37:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612228; cv=none; b=AGQ55d7fcqE9+TszIWjE44eirqTMF2Q6lnEmID84aj15nLL2Qa3WAwfMIoafOU/iFHwqUGeQldpy1G+iA/PMtVsO8EO6Dk1nQ3lHBIXIsLceKxdn7dUuH0/iFSBRN7HwUqk51NZyLfH+ga57LGVrtoM6ZFrBizMI9drMJNKsOq4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612228; c=relaxed/simple; bh=1xwNPpWCJJHzAunNsCZ36KEBj++s0IvEH8fJ/QguJfU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JaPgLMin7gdPCPBpzZaF1t2k9QoUW/WjNsZ+D0/ukx78jk4y/d5PErLGBRBmKTuiTeP3uBSo9kl0ed0PwHviRQuYrjLSxqlU9Rb2VIzmOxYDTdDc0Dkrec8A9g8EZa296o1CDX1Dn7ueqhrsd9CVpnuOsxv0nPi0DVfYjF7mbaM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=EIiVGlKZ; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="EIiVGlKZ" Received: by linux.microsoft.com (Postfix, from userid 1241) id 035A720B6F1F; Tue, 7 Apr 2026 18:37:07 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 035A720B6F1F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612227; bh=csyZ7K2c0JqRTNIFzxpMvEwiQQ941LLIyuYU3krJCrc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EIiVGlKZVuQVb5XrkLsCKG+kL8GkaQ3tQuJ/9V79ZeRy0bG4p3z/w5QGfpRKV0rKr fwyqdMwxjz+6SO1yHgvR4LfRrg/IbkRrbqlJKy5CDjNgStACoNw0usg/xYXTjyiKR+ YLq7XKLRC8ytbfMvu0jOZ1iUE6BH+cxPSCOxdZm8= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser Subject: [PATCH v3 4/6] mshv: limit SynIC management to MSHV-owned resources Date: Tue, 7 Apr 2026 18:36:41 -0700 Message-ID: <20260408013645.286723-5-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The SynIC is shared between VMBus and MSHV. VMBus owns the message page (SIMP), event flags page (SIEFP), global enable (SCONTROL), and SINT2. MSHV adds SINT0, SINT5, and the event ring page (SIRBP). Currently mshv_synic_cpu_init() redundantly enables SIMP, SIEFP, and SCONTROL that VMBus already configured, and mshv_synic_cpu_exit() disables all of them. This is wrong because MSHV can be torn down while VMBus is still active. In particular, a kexec reboot notifier tears down MSHV first. Disabling SCONTROL, SIMP, and SIEFP out from under VMBus causes its later cleanup to write SynIC MSRs while SynIC is disabled, which the hypervisor does not tolerate. Restrict MSHV to managing only the resources it owns: - SINT0, SINT5: mask on cleanup, unmask on init - SIRBP: enable/disable as before - SIMP, SIEFP, SCONTROL: leave to VMBus when it is active (L1VH and nested root partition); on a non-nested root partition VMBus doesn't run, so MSHV must enable/disable them Signed-off-by: Jork Loeser --- drivers/hv/mshv_synic.c | 142 ++++++++++++++++++++++++++-------------- 1 file changed, 94 insertions(+), 48 deletions(-) diff --git a/drivers/hv/mshv_synic.c b/drivers/hv/mshv_synic.c index e2288a726fec..f71d5dfce1c1 100644 --- a/drivers/hv/mshv_synic.c +++ b/drivers/hv/mshv_synic.c @@ -456,46 +456,72 @@ static int mshv_synic_cpu_init(unsigned int cpu) union hv_synic_siefp siefp; union hv_synic_sirbp sirbp; union hv_synic_sint sint; - union hv_synic_scontrol sctrl; struct hv_synic_pages *spages =3D this_cpu_ptr(synic_pages); struct hv_message_page **msg_page =3D &spages->hyp_synic_message_page; struct hv_synic_event_flags_page **event_flags_page =3D &spages->synic_event_flags_page; struct hv_synic_event_ring_page **event_ring_page =3D &spages->synic_event_ring_page; + /* VMBus runs on L1VH and nested root; it owns SIMP/SIEFP/SCONTROL */ + bool vmbus_active =3D !hv_root_partition() || hv_nested; =20 - /* Setup the Synic's message page */ + /* + * Map the SYNIC message page. When VMBus is not active the + * hypervisor pre-provisions the SIMP GPA but may not set + * simp_enabled =E2=80=94 enable it here. + */ simp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIMP); - simp.simp_enabled =3D true; + if (!vmbus_active) { + simp.simp_enabled =3D true; + hv_set_non_nested_msr(HV_MSR_SIMP, simp.as_uint64); + } *msg_page =3D memremap(simp.base_simp_gpa << HV_HYP_PAGE_SHIFT, HV_HYP_PAGE_SIZE, MEMREMAP_WB); =20 if (!(*msg_page)) - return -EFAULT; + goto cleanup_simp; =20 - hv_set_non_nested_msr(HV_MSR_SIMP, simp.as_uint64); - - /* Setup the Synic's event flags page */ + /* + * Map the event flags page. Same as SIMP: enable when + * VMBus is not active, already enabled by VMBus otherwise. + */ siefp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIEFP); - siefp.siefp_enabled =3D true; + if (!vmbus_active) { + siefp.siefp_enabled =3D true; + hv_set_non_nested_msr(HV_MSR_SIEFP, siefp.as_uint64); + } *event_flags_page =3D memremap(siefp.base_siefp_gpa << PAGE_SHIFT, PAGE_SIZE, MEMREMAP_WB); =20 if (!(*event_flags_page)) - goto cleanup; - - hv_set_non_nested_msr(HV_MSR_SIEFP, siefp.as_uint64); + goto cleanup_siefp; =20 /* Setup the Synic's event ring page */ sirbp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIRBP); - sirbp.sirbp_enabled =3D true; - *event_ring_page =3D memremap(sirbp.base_sirbp_gpa << PAGE_SHIFT, - PAGE_SIZE, MEMREMAP_WB); =20 - if (!(*event_ring_page)) - goto cleanup; + if (hv_root_partition()) { + *event_ring_page =3D memremap(sirbp.base_sirbp_gpa << PAGE_SHIFT, + PAGE_SIZE, MEMREMAP_WB); =20 + if (!(*event_ring_page)) + goto cleanup_siefp; + } else { + /* + * On L1VH the hypervisor does not provide a SIRBP page. + * Allocate one and program its GPA into the MSR. + */ + *event_ring_page =3D (struct hv_synic_event_ring_page *) + get_zeroed_page(GFP_KERNEL); + + if (!(*event_ring_page)) + goto cleanup_siefp; + + sirbp.base_sirbp_gpa =3D virt_to_phys(*event_ring_page) + >> PAGE_SHIFT; + } + + sirbp.sirbp_enabled =3D true; hv_set_non_nested_msr(HV_MSR_SIRBP, sirbp.as_uint64); =20 if (mshv_sint_irq !=3D -1) @@ -518,28 +544,30 @@ static int mshv_synic_cpu_init(unsigned int cpu) hv_set_non_nested_msr(HV_MSR_SINT0 + HV_SYNIC_DOORBELL_SINT_INDEX, sint.as_uint64); =20 - /* Enable global synic bit */ - sctrl.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SCONTROL); - sctrl.enable =3D 1; - hv_set_non_nested_msr(HV_MSR_SCONTROL, sctrl.as_uint64); + /* When VMBus is active it already enabled SCONTROL. */ + if (!vmbus_active) { + union hv_synic_scontrol sctrl; + + sctrl.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SCONTROL); + sctrl.enable =3D 1; + hv_set_non_nested_msr(HV_MSR_SCONTROL, sctrl.as_uint64); + } =20 return 0; =20 -cleanup: - if (*event_ring_page) { - sirbp.sirbp_enabled =3D false; - hv_set_non_nested_msr(HV_MSR_SIRBP, sirbp.as_uint64); - memunmap(*event_ring_page); - } - if (*event_flags_page) { +cleanup_siefp: + if (*event_flags_page) + memunmap(*event_flags_page); + if (!vmbus_active) { siefp.siefp_enabled =3D false; hv_set_non_nested_msr(HV_MSR_SIEFP, siefp.as_uint64); - memunmap(*event_flags_page); } - if (*msg_page) { +cleanup_simp: + if (*msg_page) + memunmap(*msg_page); + if (!vmbus_active) { simp.simp_enabled =3D false; hv_set_non_nested_msr(HV_MSR_SIMP, simp.as_uint64); - memunmap(*msg_page); } =20 return -EFAULT; @@ -548,16 +576,15 @@ static int mshv_synic_cpu_init(unsigned int cpu) static int mshv_synic_cpu_exit(unsigned int cpu) { union hv_synic_sint sint; - union hv_synic_simp simp; - union hv_synic_siefp siefp; union hv_synic_sirbp sirbp; - union hv_synic_scontrol sctrl; struct hv_synic_pages *spages =3D this_cpu_ptr(synic_pages); struct hv_message_page **msg_page =3D &spages->hyp_synic_message_page; struct hv_synic_event_flags_page **event_flags_page =3D &spages->synic_event_flags_page; struct hv_synic_event_ring_page **event_ring_page =3D &spages->synic_event_ring_page; + /* VMBus runs on L1VH and nested root; it owns SIMP/SIEFP/SCONTROL */ + bool vmbus_active =3D !hv_root_partition() || hv_nested; =20 /* Disable the interrupt */ sint.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SINT0 + HV_SYNIC_INTERCEP= TION_SINT_INDEX); @@ -574,28 +601,47 @@ static int mshv_synic_cpu_exit(unsigned int cpu) if (mshv_sint_irq !=3D -1) disable_percpu_irq(mshv_sint_irq); =20 - /* Disable Synic's event ring page */ + /* Disable SYNIC event ring page owned by MSHV */ sirbp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIRBP); sirbp.sirbp_enabled =3D false; - hv_set_non_nested_msr(HV_MSR_SIRBP, sirbp.as_uint64); - memunmap(*event_ring_page); =20 - /* Disable Synic's event flags page */ - siefp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIEFP); - siefp.siefp_enabled =3D false; - hv_set_non_nested_msr(HV_MSR_SIEFP, siefp.as_uint64); + if (hv_root_partition()) { + hv_set_non_nested_msr(HV_MSR_SIRBP, sirbp.as_uint64); + memunmap(*event_ring_page); + } else { + sirbp.base_sirbp_gpa =3D 0; + hv_set_non_nested_msr(HV_MSR_SIRBP, sirbp.as_uint64); + free_page((unsigned long)*event_ring_page); + } + + /* + * Release our mappings of the message and event flags pages. + * When VMBus is not active, we enabled SIMP/SIEFP =E2=80=94 disable + * them. Otherwise VMBus owns the MSRs =E2=80=94 leave them. + */ memunmap(*event_flags_page); + if (!vmbus_active) { + union hv_synic_simp simp; + union hv_synic_siefp siefp; =20 - /* Disable Synic's message page */ - simp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIMP); - simp.simp_enabled =3D false; - hv_set_non_nested_msr(HV_MSR_SIMP, simp.as_uint64); + siefp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIEFP); + siefp.siefp_enabled =3D false; + hv_set_non_nested_msr(HV_MSR_SIEFP, siefp.as_uint64); + + simp.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SIMP); + simp.simp_enabled =3D false; + hv_set_non_nested_msr(HV_MSR_SIMP, simp.as_uint64); + } memunmap(*msg_page); =20 - /* Disable global synic bit */ - sctrl.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SCONTROL); - sctrl.enable =3D 0; - hv_set_non_nested_msr(HV_MSR_SCONTROL, sctrl.as_uint64); + /* When VMBus is active it owns SCONTROL =E2=80=94 leave it. */ + if (!vmbus_active) { + union hv_synic_scontrol sctrl; + + sctrl.as_uint64 =3D hv_get_non_nested_msr(HV_MSR_SCONTROL); + sctrl.enable =3D 0; + hv_set_non_nested_msr(HV_MSR_SCONTROL, sctrl.as_uint64); + } =20 return 0; } --=20 2.43.0 From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 82742346E66; Wed, 8 Apr 2026 01:37:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612229; cv=none; b=eOYkG2ttKyOde2PXqowH8gt857ZhLs9IR/Aqz19EMSvX74H7xdUcncRKXoLl/UDwXbWNl6JVePgZ8PnWdkytZmzYeOu7+ky/9l2QPooj/zvJZCZQumxQcENN7HFlPk2XqwWWF/S9cLRXvK/4JiIL/qj3k44I4OCjYEtj88Ed7wM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612229; c=relaxed/simple; bh=Q2izXC+z+WbDbggmCi3c0ohROAx7P7cRonWTVcfg1Z0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=BuUJTvvlfQgDQw0VKUIOYSHO4twNOY+d+B1cR5gvAtg4OJDw+ths+vciH450bTJzCCPdkpyEuH34FIN93vR/ncifHUukj31zrChH0W5KlZ0ZkP4cyptqpmhmbOFiOFICo9P7d0Nj5HOj1O69ZX3qjI7eF3e9tjDAFpvFn1lBCqE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=pThPYPrH; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="pThPYPrH" Received: by linux.microsoft.com (Postfix, from userid 1241) id 82DCB20B6F28; Tue, 7 Apr 2026 18:37:08 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 82DCB20B6F28 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612228; bh=qnoh1H1pe46ptsG+0LuWtQ2zk76EKOhH6XRzycpSQRA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pThPYPrH0DQUmVBVWzRMsJx3EV8MyMvi0U5Ys0DheZDosVyTFzMk/veGahRVH2yOb jSB13o7OKYfh8bsFSpfqKEHuHfpk2HGihLW7+pSn0wUuNI1I2dmZ8Jrpa2MKhMKT3z jDmCnLldSAWMjk3mQkENLHSj7ys0cKi4cB67C1IM= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser Subject: [PATCH v3 5/6] mshv: clean up SynIC state on kexec for L1VH Date: Tue, 7 Apr 2026 18:36:42 -0700 Message-ID: <20260408013645.286723-6-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The reboot notifier that tears down the SynIC cpuhp state guards the cleanup with hv_root_partition(), so on L1VH (where hv_root_partition() is false) SINT0, SINT5, and SIRBP are never cleaned up before kexec. The kexec'd kernel then inherits stale unmasked SINTs and an enabled SIRBP pointing to freed memory. Remove the hv_root_partition() guard so the cleanup runs for all parent partitions. Signed-off-by: Jork Loeser --- drivers/hv/mshv_synic.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/hv/mshv_synic.c b/drivers/hv/mshv_synic.c index f71d5dfce1c1..8fe673c876fd 100644 --- a/drivers/hv/mshv_synic.c +++ b/drivers/hv/mshv_synic.c @@ -719,9 +719,6 @@ mshv_unregister_doorbell(u64 partition_id, int doorbell= _portid) static int mshv_synic_reboot_notify(struct notifier_block *nb, unsigned long code, void *unused) { - if (!hv_root_partition()) - return 0; - cpuhp_remove_state(synic_cpuhp_online); return 0; } --=20 2.43.0 From nobody Mon Jun 15 03:52:33 2026 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7CFFA35E959; Wed, 8 Apr 2026 01:37:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=13.77.154.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612230; cv=none; b=DUqGSF7IlhB7ISB0z2jfJjRWvrqeDmqEOpgBCIF7Ew6Z724qbYFqvk6feUEqtmVatl7O/YND/NH8NOfpFHrcml0harr6U4M6DlmJzoXpm/wv1NAqqwMg9ABTlNxYneYl8XXFQa1aywr3gS8gNCARMxm1VdZcn5orUBMNZXXzro8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775612230; c=relaxed/simple; bh=Qa47xpsTwc0NoOrDL+Xc0AOo5MDDI34B1r1aXQhRz5A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=eX5H9S0Bxm+LqJNYwUwXAxoTYkelvE0HTyKUVp+AL2qucIae/GCzLZwwy3vxeYiUDpgOBiFQ2wdmqojlgVGkeuoBT1s80GUXE4Jw1tlhzBoV6X/1v950jpSoHn8E05s19egAL/qsv375GwmIjli0LOIctZAMU0+w35Z6HxYMPCY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com; spf=pass smtp.mailfrom=linux.microsoft.com; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b=o+f6ibhx; arc=none smtp.client-ip=13.77.154.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.microsoft.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.microsoft.com header.i=@linux.microsoft.com header.b="o+f6ibhx" Received: by linux.microsoft.com (Postfix, from userid 1241) id 7F6AF20B6F1B; Tue, 7 Apr 2026 18:37:09 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 7F6AF20B6F1B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1775612229; bh=tB4BZhw0Vkrh5XhzS7hac2vx15vGtVKUShHe3x1I80o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o+f6ibhxPrqSK7TKU1UTbef35g+K06I2J0M95ZzyLkWs6viSCQqUb6VN9cFgiBpVs uo3xwL/HOwGDgCLuXHDhEF/wd+OkqCNlChF5QCznoTIwpOyR/K/QQn7zsXTBESW+te 1CLtgZO9QE49kdf2VXEzhbn5evZrGYhbFyF9VAEU= From: Jork Loeser To: linux-hyperv@vger.kernel.org Cc: x86@kernel.org, "K . Y . Srinivasan" , Haiyang Zhang , Wei Liu , Dexuan Cui , Long Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H . Peter Anvin" , Arnd Bergmann , Michael Kelley , linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, Jork Loeser Subject: [PATCH v3 6/6] mshv: unmap debugfs stats pages on kexec Date: Tue, 7 Apr 2026 18:36:43 -0700 Message-ID: <20260408013645.286723-7-jloeser@linux.microsoft.com> X-Mailer: git-send-email 2.43.7 In-Reply-To: <20260408013645.286723-1-jloeser@linux.microsoft.com> References: <20260408013645.286723-1-jloeser@linux.microsoft.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On L1VH, debugfs stats pages are overlay pages: the kernel allocates them and registers the GPAs with the hypervisor via HVCALL_MAP_STATS_PAGE2. These overlay mappings persist in the hypervisor across kexec. If the kexec'd kernel reuses those physical pages, the hypervisor's overlay semantics cause a machine check exception. Fix this by calling mshv_debugfs_exit() from the reboot notifier, which issues HVCALL_UNMAP_STATS_PAGE for each mapped stats page before kexec. This releases the overlay bindings so the physical pages can be safely reused. Guard mshv_debugfs_exit() against being called when init failed. Signed-off-by: Jork Loeser --- drivers/hv/mshv_debugfs.c | 7 ++++++- drivers/hv/mshv_synic.c | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/hv/mshv_debugfs.c b/drivers/hv/mshv_debugfs.c index 418b6dc8f3c2..3c3e02237ae9 100644 --- a/drivers/hv/mshv_debugfs.c +++ b/drivers/hv/mshv_debugfs.c @@ -674,8 +674,10 @@ int __init mshv_debugfs_init(void) =20 mshv_debugfs =3D debugfs_create_dir("mshv", NULL); if (IS_ERR(mshv_debugfs)) { + err =3D PTR_ERR(mshv_debugfs); + mshv_debugfs =3D NULL; pr_err("%s: failed to create debugfs directory\n", __func__); - return PTR_ERR(mshv_debugfs); + return err; } =20 if (hv_root_partition()) { @@ -710,6 +712,9 @@ int __init mshv_debugfs_init(void) =20 void mshv_debugfs_exit(void) { + if (!mshv_debugfs) + return; + mshv_debugfs_parent_partition_remove(); =20 if (hv_root_partition()) { diff --git a/drivers/hv/mshv_synic.c b/drivers/hv/mshv_synic.c index 8fe673c876fd..ed025f90003f 100644 --- a/drivers/hv/mshv_synic.c +++ b/drivers/hv/mshv_synic.c @@ -719,6 +719,7 @@ mshv_unregister_doorbell(u64 partition_id, int doorbell= _portid) static int mshv_synic_reboot_notify(struct notifier_block *nb, unsigned long code, void *unused) { + mshv_debugfs_exit(); cpuhp_remove_state(synic_cpuhp_online); return 0; } --=20 2.43.0