lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250618120806.113884-1-adrian.hunter@intel.com>
Date: Wed, 18 Jun 2025 15:08:04 +0300
From: Adrian Hunter <adrian.hunter@...el.com>
To: Tony Luck <tony.luck@...el.com>,
	pbonzini@...hat.com,
	seanjc@...gle.com
Cc: vannapurve@...gle.com,
	Borislav Petkov <bp@...en8.de>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Dave Hansen <dave.hansen@...ux.intel.com>,
	x86@...nel.org,
	H Peter Anvin <hpa@...or.com>,
	linux-edac@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org,
	rick.p.edgecombe@...el.com,
	kirill.shutemov@...ux.intel.com,
	kai.huang@...el.com,
	reinette.chatre@...el.com,
	xiaoyao.li@...el.com,
	tony.lindgren@...ux.intel.com,
	binbin.wu@...ux.intel.com,
	isaku.yamahata@...el.com,
	yan.y.zhao@...el.com,
	chao.gao@...el.com
Subject: [PATCH 0/2] Fixes for recovery for machine check in TDX/SEAM non-root mode

Hi

Here are 2 small fixes related to recovery for machine check in TDX/SEAM
non-root mode.

The issues were noticed as part of work to determine the conditions under
which TDX private memory needs to be cleared after being reclaimed.
For guests with a large amount of memory, clearing all private pages during
VM shutdown can take minutes, so we are looking at when that can be
skipped.  A future patch will deal with that.

One thing that was investigated was the effect of deliberately corrupting a
TDX guest private page by writing to it on the host, and then reading it
on the guest, which results in a machine check as expected, but revealed
the issue addressed in patch 1.

Patch 2 follows on and ensures the poisoned page is not touched.

There are 2 outstanding issues:

1. It is assumed that once the TDX VM is shutdown that the memory is
returned to the allocator.  That is true at present, but may not be in the
future.  Consider, for example, patch set "New KVM ioctl to link a gmem
inode to a new gmem file" :

      https://lore.kernel.org/r/cover.1747368092.git.afranji@google.com/

2. Currently, KVM TDX does not cater for the TDX VM to enter a FATAL error
state, where the only operation permitted is to tear down the VM.  KVM just
carries on, hitting various errors, but in particular, memory reclaim fails
because it is not following the teardown procedure, and all guest private
memory is leaked.


Adrian Hunter (3):
      x86/mce: Fix missing address mask in recovery for errors in TDX/SEAM non-root mode
      KVM: TDX: Do not clear poisoned pages

 arch/x86/kernel/cpu/mce/core.c | 3 ++-
 arch/x86/kvm/vmx/tdx.c         | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)


Regards
Adrian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ