Hi,
With support for contiguous hugepages being turned off[0], some of the
problems arising from swap entries go away[1]. This simplifies the
changes needed to enable memory corruption handling for arm64 (done in
this seris).
In this series, we updates huge_pte_offset() to correctly deal with
swap entries (Patch 1). This function will need to be updated when
contiguous hugepages are re-enabled.
Patch 2 adds support to send SIGBUS to processes that have their
memory corrupted. With the prerequisites in place, enable memory
corruption handling for arm64 (patch 3).
Thanks,
Punit
[0] https://lkml.org/lkml/2017/4/7/486
[1] https://lkml.org/lkml/2017/4/5/402
Jonathan (Zhixiong) Zhang (2):
arm64: hwpoison: add VM_FAULT_HWPOISON[_LARGE] handling
arm64: kconfig: allow support for memory failure handling
Punit Agrawal (1):
arm64: hugetlb: Fix huge_pte_offset to return poisoned page table
entries
arch/arm64/Kconfig | 1 +
arch/arm64/mm/fault.c | 22 +++++++++++++++++++---
arch/arm64/mm/hugetlbpage.c | 20 +++++++++++++++-----
3 files changed, 35 insertions(+), 8 deletions(-)
--
2.11.0
When memory failure is enabled, a poisoned hugepage pte is marked as a
swap entry. huge_pte_offset() does not return the poisoned page table
entries when it encounters PUD/PMD hugepages.
This behaviour of huge_pte_offset() leads to error such as below when
munmap is called on poisoned hugepages.
[ 344.165544] mm/pgtable-generic.c:33: bad pmd 000000083af00074.
Fix huge_pte_offset() to return the poisoned pte which is then
appropriately handled by the generic layer code.
Signed-off-by: Punit Agrawal <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Steve Capper <[email protected]>
Cc: David Woods <[email protected]>
---
arch/arm64/mm/hugetlbpage.c | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
index 7514a000e361..5f1832165d69 100644
--- a/arch/arm64/mm/hugetlbpage.c
+++ b/arch/arm64/mm/hugetlbpage.c
@@ -143,15 +143,24 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
pr_debug("%s: addr:0x%lx pgd:%p\n", __func__, addr, pgd);
if (!pgd_present(*pgd))
return NULL;
- pud = pud_offset(pgd, addr);
- if (!pud_present(*pud))
- return NULL;
- if (pud_huge(*pud))
+ pud = pud_offset(pgd, addr);
+ /*
+ * In case of HW Poisoning, a hugepage pud/pmd can contain
+ * poisoned entries. Poisoned entries are marked as swap
+ * entries.
+ *
+ * For puds/pmds that are not present, check to see if it
+ * could be a swap entry (!present and !none).
+ */
+ if ((!pte_present(pud_pte(*pud)) && !pud_none(*pud)) || pud_huge(*pud))
return (pte_t *)pud;
+
pmd = pmd_offset(pud, addr);
- if (!pmd_present(*pmd))
+ if (pmd_none(*pmd))
return NULL;
+ if (!pmd_present(*pmd) && !pmd_none(*pmd))
+ return (pte_t *)pmd;
if (pte_cont(pmd_pte(*pmd))) {
pmd = pmd_offset(
@@ -160,6 +169,7 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
}
if (pmd_huge(*pmd))
return (pte_t *)pmd;
+
pte = pte_offset_kernel(pmd, addr);
if (pte_present(*pte) && pte_cont(*pte)) {
pte = pte_offset_kernel(
--
2.11.0
From: "Jonathan (Zhixiong) Zhang" <[email protected]>
Add VM_FAULT_HWPOISON[_LARGE] handling to the arm64 page fault
handler. Handling of VM_FAULT_HWPOISON[_LARGE] is very similar
to VM_FAULT_OOM, the only difference is that a different si_code
(BUS_MCEERR_AR) is passed to user space and si_addr_lsb field is
initialized.
Signed-off-by: Jonathan (Zhixiong) Zhang <[email protected]>
Signed-off-by: Tyler Baicar <[email protected]>
(fix new __do_user_fault call-site)
Signed-off-by: Punit Agrawal <[email protected]>
---
arch/arm64/mm/fault.c | 22 +++++++++++++++++++---
1 file changed, 19 insertions(+), 3 deletions(-)
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index 1b35b8bddbfb..7684219d8cc4 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -31,6 +31,7 @@
#include <linux/highmem.h>
#include <linux/perf_event.h>
#include <linux/preempt.h>
+#include <linux/hugetlb.h>
#include <asm/bug.h>
#include <asm/cpufeature.h>
@@ -207,10 +208,11 @@ static void __do_kernel_fault(struct mm_struct *mm, unsigned long addr,
*/
static void __do_user_fault(struct task_struct *tsk, unsigned long addr,
unsigned int esr, unsigned int sig, int code,
- struct pt_regs *regs)
+ struct pt_regs *regs, int fault)
{
struct siginfo si;
const struct fault_info *inf;
+ unsigned int lsb = 0;
if (unhandled_signal(tsk, sig) && show_unhandled_signals_ratelimited()) {
inf = esr_to_fault_info(esr);
@@ -227,6 +229,17 @@ static void __do_user_fault(struct task_struct *tsk, unsigned long addr,
si.si_errno = 0;
si.si_code = code;
si.si_addr = (void __user *)addr;
+ /*
+ * Either small page or large page may be poisoned.
+ * In other words, VM_FAULT_HWPOISON_LARGE and
+ * VM_FAULT_HWPOISON are mutually exclusive.
+ */
+ if (fault & VM_FAULT_HWPOISON_LARGE)
+ lsb = hstate_index_to_shift(VM_FAULT_GET_HINDEX(fault));
+ else if (fault & VM_FAULT_HWPOISON)
+ lsb = PAGE_SHIFT;
+ si.si_addr_lsb = lsb;
+
force_sig_info(sig, &si, tsk);
}
@@ -242,7 +255,7 @@ static void do_bad_area(unsigned long addr, unsigned int esr, struct pt_regs *re
*/
if (user_mode(regs)) {
inf = esr_to_fault_info(esr);
- __do_user_fault(tsk, addr, esr, inf->sig, inf->code, regs);
+ __do_user_fault(tsk, addr, esr, inf->sig, inf->code, regs, 0);
} else
__do_kernel_fault(mm, addr, esr, regs);
}
@@ -444,6 +457,9 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
*/
sig = SIGBUS;
code = BUS_ADRERR;
+ } else if (fault & (VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) {
+ sig = SIGBUS;
+ code = BUS_MCEERR_AR;
} else {
/*
* Something tried to access memory that isn't in our memory
@@ -454,7 +470,7 @@ static int __kprobes do_page_fault(unsigned long addr, unsigned int esr,
SEGV_ACCERR : SEGV_MAPERR;
}
- __do_user_fault(tsk, addr, esr, sig, code, regs);
+ __do_user_fault(tsk, addr, esr, sig, code, regs, fault);
return 0;
no_context:
--
2.11.0
From: "Jonathan (Zhixiong) Zhang" <[email protected]>
Declare ARCH_SUPPORTS_MEMORY_FAILURE, as arm64 does support
memory failure recovery attempt.
Signed-off-by: Jonathan (Zhixiong) Zhang <[email protected]>
Signed-off-by: Tyler Baicar <[email protected]>
(Dropped changes to ACPI APEI Kconfig and updated commit log)
Signed-off-by: Punit Agrawal <[email protected]>
---
arch/arm64/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 3741859765cf..993a5fd85452 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -19,6 +19,7 @@ config ARM64
select ARCH_HAS_STRICT_MODULE_RWX
select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
select ARCH_USE_CMPXCHG_LOCKREF
+ select ARCH_SUPPORTS_MEMORY_FAILURE
select ARCH_SUPPORTS_ATOMIC_RMW
select ARCH_SUPPORTS_NUMA_BALANCING
select ARCH_WANT_COMPAT_IPC_PARSE_VERSION
--
2.11.0
On 4/12/2017 8:04 AM, Punit Agrawal wrote:
> When memory failure is enabled, a poisoned hugepage pte is marked as a
> swap entry. huge_pte_offset() does not return the poisoned page table
> entries when it encounters PUD/PMD hugepages.
>
> This behaviour of huge_pte_offset() leads to error such as below when
> munmap is called on poisoned hugepages.
>
> [ 344.165544] mm/pgtable-generic.c:33: bad pmd 000000083af00074.
>
> Fix huge_pte_offset() to return the poisoned pte which is then
> appropriately handled by the generic layer code.
>
> Signed-off-by: Punit Agrawal <[email protected]>
> Cc: Catalin Marinas <[email protected]>
> Cc: Steve Capper <[email protected]>
> Cc: David Woods <[email protected]>
Tested-by: Tyler Baicar <[email protected]>
Thanks,
Tyler
> ---
> arch/arm64/mm/hugetlbpage.c | 20 +++++++++++++++-----
> 1 file changed, 15 insertions(+), 5 deletions(-)
>
> diff --git a/arch/arm64/mm/hugetlbpage.c b/arch/arm64/mm/hugetlbpage.c
> index 7514a000e361..5f1832165d69 100644
> --- a/arch/arm64/mm/hugetlbpage.c
> +++ b/arch/arm64/mm/hugetlbpage.c
> @@ -143,15 +143,24 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
> pr_debug("%s: addr:0x%lx pgd:%p\n", __func__, addr, pgd);
> if (!pgd_present(*pgd))
> return NULL;
> - pud = pud_offset(pgd, addr);
> - if (!pud_present(*pud))
> - return NULL;
>
> - if (pud_huge(*pud))
> + pud = pud_offset(pgd, addr);
> + /*
> + * In case of HW Poisoning, a hugepage pud/pmd can contain
> + * poisoned entries. Poisoned entries are marked as swap
> + * entries.
> + *
> + * For puds/pmds that are not present, check to see if it
> + * could be a swap entry (!present and !none).
> + */
> + if ((!pte_present(pud_pte(*pud)) && !pud_none(*pud)) || pud_huge(*pud))
> return (pte_t *)pud;
> +
> pmd = pmd_offset(pud, addr);
> - if (!pmd_present(*pmd))
> + if (pmd_none(*pmd))
> return NULL;
> + if (!pmd_present(*pmd) && !pmd_none(*pmd))
> + return (pte_t *)pmd;
>
> if (pte_cont(pmd_pte(*pmd))) {
> pmd = pmd_offset(
> @@ -160,6 +169,7 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr)
> }
> if (pmd_huge(*pmd))
> return (pte_t *)pmd;
> +
> pte = pte_offset_kernel(pmd, addr);
> if (pte_present(*pte) && pte_cont(*pte)) {
> pte = pte_offset_kernel(
--
Qualcomm Datacenter Technologies, Inc. as an affiliate of Qualcomm Technologies, Inc.
Qualcomm Technologies, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.