From: Adrian Hunter <adrian.hunter@intel.com>
To: Tony Luck <tony.luck@intel.com>, pbonzini@redhat.com, seanjc@google.com
Cc: vannapurve@google.com, Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, H Peter Anvin <hpa@zytor.com>,
linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org, rick.p.edgecombe@intel.com,
kirill.shutemov@linux.intel.com, kai.huang@intel.com,
reinette.chatre@intel.com, xiaoyao.li@intel.com,
tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com,
isaku.yamahata@intel.com, yan.y.zhao@intel.com,
chao.gao@intel.com
Subject: [PATCH 0/2] Fixes for recovery for machine check in TDX/SEAM non-root mode
Date: Wed, 18 Jun 2025 15:08:04 +0300 [thread overview]
Message-ID: <20250618120806.113884-1-adrian.hunter@intel.com> (raw)
Hi
Here are 2 small fixes related to recovery for machine check in TDX/SEAM
non-root mode.
The issues were noticed as part of work to determine the conditions under
which TDX private memory needs to be cleared after being reclaimed.
For guests with a large amount of memory, clearing all private pages during
VM shutdown can take minutes, so we are looking at when that can be
skipped. A future patch will deal with that.
One thing that was investigated was the effect of deliberately corrupting a
TDX guest private page by writing to it on the host, and then reading it
on the guest, which results in a machine check as expected, but revealed
the issue addressed in patch 1.
Patch 2 follows on and ensures the poisoned page is not touched.
There are 2 outstanding issues:
1. It is assumed that once the TDX VM is shutdown that the memory is
returned to the allocator. That is true at present, but may not be in the
future. Consider, for example, patch set "New KVM ioctl to link a gmem
inode to a new gmem file" :
https://lore.kernel.org/r/cover.1747368092.git.afranji@google.com/
2. Currently, KVM TDX does not cater for the TDX VM to enter a FATAL error
state, where the only operation permitted is to tear down the VM. KVM just
carries on, hitting various errors, but in particular, memory reclaim fails
because it is not following the teardown procedure, and all guest private
memory is leaked.
Adrian Hunter (3):
x86/mce: Fix missing address mask in recovery for errors in TDX/SEAM non-root mode
KVM: TDX: Do not clear poisoned pages
arch/x86/kernel/cpu/mce/core.c | 3 ++-
arch/x86/kvm/vmx/tdx.c | 8 ++++----
2 files changed, 6 insertions(+), 5 deletions(-)
Regards
Adrian
next reply other threads:[~2025-06-18 12:09 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-18 12:08 Adrian Hunter [this message]
2025-06-18 12:08 ` [PATCH 1/2] x86/mce: Fix missing address mask in recovery for errors in TDX/SEAM non-root mode Adrian Hunter
2025-06-18 12:36 ` Xiaoyao Li
2025-06-18 14:55 ` Dave Hansen
2025-06-19 11:57 ` Adrian Hunter
2025-06-27 15:23 ` Adrian Hunter
2025-06-27 15:25 ` Dave Hansen
2025-06-27 16:24 ` Luck, Tony
2025-06-27 16:33 ` Dave Hansen
2025-07-30 10:54 ` Adrian Hunter
2025-07-30 11:57 ` Huang, Kai
2025-07-30 14:20 ` Vishal Annapurve
2025-06-27 16:28 ` Luck, Tony
2025-06-18 23:20 ` Huang, Kai
2025-06-18 23:39 ` Luck, Tony
2025-06-18 23:46 ` Luck, Tony
2025-06-18 23:57 ` Huang, Kai
2025-06-18 23:53 ` Huang, Kai
2025-06-18 12:08 ` [PATCH 2/2] KVM: TDX: Do not clear poisoned pages Adrian Hunter
2025-06-18 12:39 ` Xiaoyao Li
2025-06-18 14:58 ` Dave Hansen
2025-06-25 14:33 ` Vishal Annapurve
2025-06-25 16:25 ` Adrian Hunter
2025-06-25 16:31 ` Dave Hansen
2025-06-25 16:42 ` Adrian Hunter
2025-06-25 16:57 ` Dave Hansen
2025-06-25 16:42 ` Edgecombe, Rick P
2025-06-25 22:32 ` Huang, Kai
2025-06-25 22:38 ` Dave Hansen
2025-06-26 1:19 ` Huang, Kai
2025-06-26 15:31 ` Luck, Tony
2025-06-26 22:20 ` Huang, Kai
2025-06-26 22:33 ` Dave Hansen
2025-06-27 0:56 ` Huang, Kai
2025-06-18 23:09 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250618120806.113884-1-adrian.hunter@intel.com \
--to=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.lindgren@linux.intel.com \
--cc=tony.luck@intel.com \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.