Public bug reported:
Impact:
In Ubuntu-intel-6.8.0-1028.35 (linux-intel), KVM x86 TDP MMU may unnecessarily
split hugeleaf SPTEs into 4K entries when zapping private memory, which
triggers excessive level=1 SPTE updates .
Affected source:
Tag: Ubuntu-intel-6.8.0-1028.35
File: arch/x86/kvm/mmu/tdp_mmu.c
Function: tdp_mmu_zap_leafs()
Root cause:
The hugepage coverage check uses (gfn & mask) when comparing against the zap
range [start, end):
if (kvm_hugepage_test_mixed(slot, gfn, iter.level) ||
(gfn & mask) < start ||
end < (gfn & mask) + KVM_PAGES_PER_HPAGE(iter.level))
However, (gfn & mask) is the offset within the hugepage (0..pages_per_hpage-1),
not the aligned base GFN of the hugepage. The comparison should be made against
the hugepage base GFN:
base = gfn & ~mask
Suggested fix:
if (kvm_hugepage_test_mixed(slot, gfn, iter.level) ||
(gfn & ~mask) < start ||
end < (gfn & ~mask) + KVM_PAGES_PER_HPAGE(iter.level))
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: linux-image-6.14.0-37-generic 6.14.0-37.37~24.04.1
ProcVersionSignature: Ubuntu 6.14.0-37.37~24.04.1-generic 6.14.11
Uname: Linux 6.14.0-37-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path',
'/dev/snd/controlC0', '/dev/snd/controlC1', '/dev/snd/hwC0D0',
'/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/hwC1D0',
'/dev/snd/pcmC1D7p', '/dev/snd/pcmC1D3p', '/dev/snd/seq', '/dev/snd/timer']
failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: unknown
Date: Mon Mar 9 16:51:27 2026
DistributionChannelDescriptor:
# This is the distribution channel descriptor for the OEM CDs
# For more information see http://wiki.ubuntu.com/DistributionChannelDescriptor
canonical-oem-somerville-focal-amd64-20200502-85
InstallationDate: Installed on 2023-05-06 (1038 days ago)
InstallationMedia: Ubuntu 20.04 "Focal" - Build amd64 LIVE Binary 20200502-05:58
Lsusb:
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 0bda:5411 Realtek Semiconductor Corp. RTS5411 Hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 002: ID 0bda:0411 Realtek Semiconductor Corp. Hub
Bus 002 Device 003: ID 0bda:0328 Realtek Semiconductor Corp. USB3.0-CRW
Lsusb-t:
/: Bus 001.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/16p, 480M
|__ Port 008: Dev 002, If 0, Class=Hub, Driver=hub/2p, 480M
/: Bus 002.Port 001: Dev 001, Class=root_hub, Driver=xhci_hcd/10p, 5000M
|__ Port 008: Dev 002, If 0, Class=Hub, Driver=hub/2p, 5000M
|__ Port 009: Dev 003, If 0, Class=Mass Storage, Driver=usb-storage, 5000M
MachineType: Dell Inc. Precision 7920 Tower
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-6.14.0-37-generic
root=UUID=a3d69cd7-13c1-4ec4-844f-6fbaedd8d2e1 ro memmap=32G!96G quiet splash
vt.handoff=7
RebootRequiredPkgs: Error: path contained symlinks.
RelatedPackageVersions:
linux-restricted-modules-6.14.0-37-generic N/A
linux-backports-modules-6.14.0-37-generic N/A
linux-firmware 20240318.git3b128b60-0ubuntu2.21
RfKill:
SourcePackage: linux-hwe-6.14
UpgradeStatus: Upgraded to noble on 2025-11-06 (123 days ago)
WifiSyslog:
dmi.bios.date: 12/15/2022
dmi.bios.release: 2.29
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 2.29.0
dmi.board.name: 0K8D6D
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias:
dmi:bvnDellInc.:bvr2.29.0:bd12/15/2022:br2.29:svnDellInc.:pnPrecision7920Tower:pvr:rvnDellInc.:rn0K8D6D:rvrA00:cvnDellInc.:ct3:cvr:sku073A:
dmi.product.family: Precision
dmi.product.name: Precision 7920 Tower
dmi.product.sku: 073A
dmi.sys.vendor: Dell Inc.
** Affects: linux-hwe-6.14 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2143704
Title:
KVM x86 TDP MMU: wrong hugepage coverage check in tdp_mmu_zap_leafs
triggers unnecessary hugepage splits
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-hwe-6.14/+bug/2143704/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
