From: Jason Gunthorpe <jgg@nvidia.com>
To: Jiaqi Yan <jiaqiyan@google.com>
Cc: maz@kernel.org, oliver.upton@linux.dev, duenwen@google.com,
rananta@google.com, jthoughton@google.com, vsethi@nvidia.com,
joey.gouly@arm.com, suzuki.poulose@arm.com, yuzenghui@huawei.com,
catalin.marinas@arm.com, will@kernel.org, pbonzini@redhat.com,
corbet@lwn.net, shuah@kernel.org, kvm@vger.kernel.org,
kvmarm@lists.linux.dev, linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v4 0/3] VMM can handle guest SEA via KVM_EXIT_ARM_SEA
Date: Mon, 20 Oct 2025 11:46:46 -0300 [thread overview]
Message-ID: <20251020144646.GT316284@nvidia.com> (raw)
In-Reply-To: <20251013185903.1372553-1-jiaqiyan@google.com>
On Mon, Oct 13, 2025 at 06:59:00PM +0000, Jiaqi Yan wrote:
> Problem
> =======
>
> When host APEI is unable to claim a synchronous external abort (SEA)
> during guest abort, today KVM directly injects an asynchronous SError
> into the VCPU then resumes it. The injected SError usually results in
> unpleasant guest kernel panic.
>
> One of the major situation of guest SEA is when VCPU consumes recoverable
> uncorrected memory error (UER), which is not uncommon at all in modern
> datacenter servers with large amounts of physical memory. Although SError
> and guest panic is sufficient to stop the propagation of corrupted memory,
> there is room to recover from an UER in a more graceful manner.
>
> Proposed Solution
> =================
>
> The idea is, we can replay the SEA to the faulting VCPU. If the memory
> error consumption or the fault that cause SEA is not from guest kernel,
> the blast radius can be limited to the poison-consuming guest process,
> while the VM can keep running.
>
> In addition, instead of doing under the hood without involving userspace,
> there are benefits to redirect the SEA to VMM:
>
> - VM customers care about the disruptions caused by memory errors, and
> VMM usually has the responsibility to start the process of notifying
> the customers of memory error events in their VMs. For example some
> cloud provider emits a critical log in their observability UI [1], and
> provides a playbook for customers on how to mitigate disruptions to
> their workloads.
>
> - VMM can protect future memory error consumption by unmapping the poisoned
> pages from stage-2 page table with KVM userfault [2], or by splitting the
> memslot that contains the poisoned pages.
>
> - VMM can keep track of SEA events in the VM. When VMM thinks the status
> on the host or the VM is bad enough, e.g. number of distinct SEAs
> exceeds a threshold, it can restart the VM on another healthy host.
>
> - Behavior parity with x86 architecture. When machine check exception
> (MCE) is caused by VCPU, kernel or KVM signals userspace SIGBUS to
> let VMM either recover from the MCE, or terminate itself with VM.
> The prior RFC proposes to implement SIGBUS on arm64 as well, but
> Marc preferred KVM exit over signal [3]. However, implementation
> aside, returning SEA to VMM is on par with returning MCE to VMM.
>
> Once SEA is redirected to VMM, among other actions, VMM is encouraged
> to inject external aborts into the faulting VCPU.
I don't know much about the KVM details but this explanation makes
sense to me and we also have use cases for all of what is written
here.
Thanks,
Jason
next prev parent reply other threads:[~2025-10-20 14:46 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-13 18:59 [PATCH v4 0/3] VMM can handle guest SEA via KVM_EXIT_ARM_SEA Jiaqi Yan
2025-10-13 18:59 ` [PATCH v4 1/3] KVM: arm64: VM exit to userspace to handle SEA Jiaqi Yan
2025-11-03 18:17 ` Jose Marinho
2025-11-03 20:45 ` Jiaqi Yan
2025-11-11 9:53 ` Oliver Upton
2025-11-11 23:32 ` Jiaqi Yan
2025-11-03 22:22 ` Marc Zyngier
2025-10-13 18:59 ` [PATCH v4 2/3] KVM: selftests: Test for KVM_EXIT_ARM_SEA Jiaqi Yan
2025-10-13 18:59 ` [PATCH v4 3/3] Documentation: kvm: new UAPI for handling SEA Jiaqi Yan
2025-10-14 1:51 ` Randy Dunlap
2025-10-21 16:13 ` Jiaqi Yan
2025-10-20 14:46 ` Jason Gunthorpe [this message]
2025-11-10 17:41 ` [PATCH v4 0/3] VMM can handle guest SEA via KVM_EXIT_ARM_SEA Jiaqi Yan
2025-11-13 13:54 ` Mauro Carvalho Chehab
2025-11-13 18:21 ` Oliver Upton
2025-11-13 21:06 ` Oliver Upton
2025-11-13 22:14 ` Jiaqi Yan
2025-11-13 22:33 ` Oliver Upton
2025-11-14 0:53 ` Jiaqi Yan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251020144646.GT316284@nvidia.com \
--to=jgg@nvidia.com \
--cc=catalin.marinas@arm.com \
--cc=corbet@lwn.net \
--cc=duenwen@google.com \
--cc=jiaqiyan@google.com \
--cc=joey.gouly@arm.com \
--cc=jthoughton@google.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=maz@kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=rananta@google.com \
--cc=shuah@kernel.org \
--cc=suzuki.poulose@arm.com \
--cc=vsethi@nvidia.com \
--cc=will@kernel.org \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).