This series is meant to fix CVE-2023-52514, with 5 LTS patches which are depended on but not backported before.
Sean Christopherson (6): x86/reboot: Force all cpus to exit VMX root if VMX is supported x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/reboot: Disable virtualization in an emergency if SVM is supported x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/reboot: VMCLEAR active VMCSes before emergency reboot
arch/x86/include/asm/kexec.h | 2 - arch/x86/include/asm/reboot.h | 4 ++ arch/x86/include/asm/virtext.h | 16 ++++- arch/x86/kernel/crash.c | 47 +------------ arch/x86/kernel/reboot.c | 121 ++++++++++++++++++++++++--------- arch/x86/kernel/smp.c | 6 +- arch/x86/kvm/vmx.c | 12 +--- 7 files changed, 112 insertions(+), 96 deletions(-)