Re: [RFC] Expose a memory poison detector ioctl to user space.

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Jue Wang <juew@google.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Erdem Aktas <erdemaktas@google.com>,
	almasrymina@google.com,  dave.hansen@linux.intel.com,
	gthelen@google.com, jiaqiyan@google.com,  linux-mm@kvack.org,
	naoya.horiguchi@nec.com, seanjc@google.com,  tony.luck@intel.com
Subject: Re: [RFC] Expose a memory poison detector ioctl to user space.
Date: Fri, 29 Apr 2022 14:44:15 -0700	[thread overview]
Message-ID: <CAPcxDJ4=NpRy9y34JQWofYTF=oF6-8TuYsGohBhd=8cUfFQNNw@mail.gmail.com> (raw)
In-Reply-To: <CAPcxDJ6V=JK+wdRju58t3R=3W2ggZAvQkjV1UgoXSbj58zHH1w@mail.gmail.com>

On Fri, Apr 29, 2022 at 2:32 PM Jue Wang <juew@google.com> wrote:
>
> On Fri, Apr 29, 2022 at 2:10 PM Dave Hansen <dave.hansen@intel.com> wrote:
> >
> > On 4/29/22 12:46, Jue Wang wrote:
> > > Per seanjc@google.com:
> > > TDX doesn't support #MC exception injection, but IRQ "injection" via
> > > posted interrupts is supported. Accesses to machine check MSRs will
> > > #VE, i.e. can be emulated by KVM, so CMCI should work fine for TDX
> > > guests.
> > >
> > > Proactively scanning for memory error should benefit TDX guests
> > > preventing potential host shutdowns.
> >
> > It also need to know to avoid unaccepted memory in TDX guests at *least*.
> >
> > > It seems the current proposed design can cover TDX & SEV-SNP if the
> > > direct mapping to guest private memory is preserved?
> >
> > I wouldn't go that far.  The unaccepted TDX guest memory thing is just
> > the obvious one at the moment.  There are a whole ton of other guest
> > ballooning mechanisms out there and I'm not sure that all of them are
> > happy to let you touch ballooned-away memory.
>
> This type of scanning is intended to be run on the host side. That
> should avoid concerns around the guest ballooning or any effects to
> the host side reclaim that's based on the guest's working set.
>
> I don't know why a guest wants to spend its CPU cycles and pollute its
> caches etc to run this scanner, anyway. This should be a benefit
> provide by the cloud platform transparently to the guest.

The coverage of a guest scanning its own memory does not provide the
benefit that a host wide scanning can in terms of preventing fatal
system crashes or on memory that affects this guest but is not
accessible to the guest.

>
>
> >
> > But, the bigger issue is that those cases had not even been considered.
> >  It means that there is a *LOT* of homework needed to seek out and cover
> > all the other weird cases.
> >
> > I also think the proposed ABI -- exposing physical addresses to
> > userspace as a part of the design -- is an utter non-starter.
>
> This can be addressed with a different design.

next prev parent reply	other threads:[~2022-04-29 21:44 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-25 16:34 Jue Wang
2022-04-26 15:40 ` Dave Hansen
2022-04-26 17:57   ` Jue Wang
2022-04-26 18:02     ` Jue Wang
2022-04-26 18:21       ` Dave Hansen
2022-04-26 19:25         ` Jue Wang
2022-04-26 19:52           ` Luck, Tony
2022-04-26 20:06             ` Jue Wang
2022-04-26 18:20     ` Dave Hansen
2022-04-26 19:23       ` Jue Wang
2022-04-26 19:39         ` Dave Hansen
2022-04-26 19:50           ` Jue Wang
2022-04-28 16:15           ` Erdem Aktas
2022-04-28 16:34             ` Dave Hansen
2022-04-29 19:46               ` Jue Wang
2022-04-29 21:10                 ` Dave Hansen
2022-04-29 21:32                   ` Jue Wang
2022-04-29 21:44                     ` Jue Wang [this message]
2022-04-29 22:29                     ` Dave Hansen
2022-04-29 22:53                       ` Jue Wang
2022-05-02 15:30                 ` Dave Hansen
2022-05-02 17:19           ` David Hildenbrand
2022-05-02 17:30             ` Jue Wang
2022-05-02 17:33               ` David Hildenbrand
2022-05-02 17:36                 ` Jue Wang
2022-05-02 17:38                   ` David Hildenbrand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcxDJ4=NpRy9y34JQWofYTF=oF6-8TuYsGohBhd=8cUfFQNNw@mail.gmail.com' \
    --to=juew@google.com \
    --cc=almasrymina@google.com \
    --cc=dave.hansen@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=erdemaktas@google.com \
    --cc=gthelen@google.com \
    --cc=jiaqiyan@google.com \
    --cc=linux-mm@kvack.org \
    --cc=naoya.horiguchi@nec.com \
    --cc=seanjc@google.com \
    --cc=tony.luck@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox