[v2] two KVM MMU fixes for TDX

[PATCH v2 0/2] two KVM MMU fixes for TDX

Posted by Yan Zhao 9 months, 4 weeks ago

Hi, 

There are two fixes to KVM MMU for TDX in response to two hypothetically
triggered errors:
(1) errors in tdh_mem_page_add(),
(2) fatal errors in tdh_mem_sept_add()/tdh_mem_page_aug().

Patch 1 handles the error in SEPT zap resulting from error (1).
Patch 2 fixes a possible stuck in the kernel loop introduced by error (2).

The two errors are not observed in any real workloads yet.
The series is tested by faking the error in the SEAMCALL wrapper while
bypassing the real SEAMCALLs.

v2:
- Use kvm_check_request(KVM_REQ_VM_DEAD) to detect VM dead in patch 2.
  (Sean)

v1: https://lore.kernel.org/all/20250217085535.19614-1-yan.y.zhao@intel.com

Thanks
Yan


Yan Zhao (2):
  KVM: TDX: Handle SEPT zap error due to page add error in premap
  KVM: x86/mmu: Bail out kvm_tdp_map_page() when VM dead

 arch/x86/kvm/mmu/mmu.c |  4 +++
 arch/x86/kvm/vmx/tdx.c | 64 +++++++++++++++++++++++++++++-------------
 2 files changed, 49 insertions(+), 19 deletions(-)

-- 
2.43.2

Re: [PATCH v2 0/2] two KVM MMU fixes for TDX

Posted by Paolo Bonzini 9 months, 3 weeks ago

On 2/20/25 11:24, Yan Zhao wrote:
> Hi,
> 
> There are two fixes to KVM MMU for TDX in response to two hypothetically
> triggered errors:
> (1) errors in tdh_mem_page_add(),
> (2) fatal errors in tdh_mem_sept_add()/tdh_mem_page_aug().
> 
> Patch 1 handles the error in SEPT zap resulting from error (1).
> Patch 2 fixes a possible stuck in the kernel loop introduced by error (2).
> 
> The two errors are not observed in any real workloads yet.
> The series is tested by faking the error in the SEAMCALL wrapper while
> bypassing the real SEAMCALLs.
> 
> v2:
> - Use kvm_check_request(KVM_REQ_VM_DEAD) to detect VM dead in patch 2.
>    (Sean)
> 
> v1: https://lore.kernel.org/all/20250217085535.19614-1-yan.y.zhao@intel.com
> 
> Thanks
> Yan

Applied to kvm-coco-queue, thanks.

Paolo