Received: by 10.223.176.5 with SMTP id f5csp310999wra; Tue, 30 Jan 2018 11:55:30 -0800 (PST) X-Google-Smtp-Source: AH8x224O4akcbI2cV4UenPiSFGV+CpjAAAGvEss+5T6UdKuw9IQ2ewzyuXsRkq4gF7KiLWfdGyNs X-Received: by 2002:a17:902:7614:: with SMTP id k20-v6mr26259305pll.343.1517342130639; Tue, 30 Jan 2018 11:55:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517342130; cv=none; d=google.com; s=arc-20160816; b=fEq1l8POWiwT3Y37X9+fxeOInPkUVIk6AQokYoisctIojuI3XnltUyFmqZJFktWFrD ydckm+T8U7kcHhLMu/OpDSxIjktkaaKpRfM3uTa5UrydpIvvT8lPhStkmJKsk5u4D8Z3 PqCotBVlELNhQRsiCHYXXB0jcVIFfiWR3yAXcShGCfVtuJpL7IyJDzKAZM2dlmHyKzQP HjJ6J56zplNEWGpoBhuCTEhB2EDqEjhjy3WaDpZIrpjfcaMvYtcY43lD23UFRwWPKqEk GP7Ue6TmY+axkDa5CJKudKzBbJKfRXh/O3GYESw8TMvdtAvNzex/plH1UOtU2AZvcSyk Iwbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :references:subject:cc:to:mime-version:user-agent:from:date :message-id:arc-authentication-results; bh=yLK7Gv65EjMGxbEb7YsY3vxjCVUgR6GKJGvLYLC+7LA=; b=KTtPHTasCwBpk6lBQHmGvJqJIpCNW9iT69fcBgAU6aIhS2ZrJjnUG0bZCH7L1UbptK uHgRE89/JbObDHeBicJB2Bf0OZSVrzcf+fm6VHpuKiCLUR68URWrQ9+1S6dfgDDzSW84 ZptmBaRRWjV/RcxIK9Uj0YyaNwvrcdap154rt2Lcw0i2YI7uMsr/exS5Q9Zcec2rnckz eRr5xGx30RO0nYx2AGWn6gr1GQnPp1gQ4lK+cIf7ASSLX7EFfa3wL9h/9XU2E+pRp/hj MEDVAYYcjYCe8GXqYBYlYgM72NApyUKfswihC1KVNRYLnv1GpoR0+YN+mUvxVeSt/KTM vj4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k10si1859588pgs.499.2018.01.30.11.55.15; Tue, 30 Jan 2018 11:55:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752614AbeA3TVr (ORCPT + 99 others); Tue, 30 Jan 2018 14:21:47 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:57610 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751559AbeA3TVp (ORCPT ); Tue, 30 Jan 2018 14:21:45 -0500 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 458941435; Tue, 30 Jan 2018 11:21:45 -0800 (PST) Received: from [10.1.207.55] (melchizedek.cambridge.arm.com [10.1.207.55]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1CB573F25C; Tue, 30 Jan 2018 11:21:39 -0800 (PST) Message-ID: <5A70C536.7040208@arm.com> Date: Tue, 30 Jan 2018 19:19:18 +0000 From: James Morse User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0 MIME-Version: 1.0 To: Xie XiuQi CC: catalin.marinas@arm.com, will.deacon@arm.com, mingo@redhat.com, mark.rutland@arm.com, ard.biesheuvel@linaro.org, Dave.Martin@arm.com, takahiro.akashi@linaro.org, tbaicar@codeaurora.org, stephen.boyd@linaro.org, bp@suse.de, julien.thierry@arm.com, shiju.jose@huawei.com, zjzhang@codeaurora.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-acpi@vger.kernel.org, wangxiongfeng2@huawei.com, zhengqiang10@huawei.com, gengdongjiu@huawei.com, huawei.libin@huawei.com, wangkefeng.wang@huawei.com, lijinyue@huawei.com, guohanjun@huawei.com, hanjun.guo@linaro.org, cj.chengjian@huawei.com Subject: Re: [PATCH v5 1/3] arm64/ras: support sea error recovery References: <1516969885-150532-1-git-send-email-xiexiuqi@huawei.com> <1516969885-150532-2-git-send-email-xiexiuqi@huawei.com> In-Reply-To: <1516969885-150532-2-git-send-email-xiexiuqi@huawei.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Xie XiuQi, On 26/01/18 12:31, Xie XiuQi wrote: > With ARM v8.2 RAS Extension, SEA are usually triggered when memory errors > are consumed. According to the existing process, errors occurred in the > kernel, leading to direct panic, if it occurred the user-space, we should > just kill process. > > But there is a class of error, in fact, is not necessary to kill > process, you can recover and continue to run the process. Such as > the instruction data corrupted, where the memory page might be > read-only, which is has not been modified, the disk might have the > correct data, so you can directly drop the page, ant reload it when > necessary. With firmware-first support, we do all this... > So this patchset is just try to solve such problem: if the error is > consumed in user-space and the error occurs on a clean page, you can > directly drop the memory page without killing process. > > If the corrupted page is clean, just dropped it and return to user-space > without side effects. And if corrupted page is dirty, memory_failure() > will send SIGBUS with code=BUS_MCEERR_AR. While without this patchset, > do_sea() will just send SIGBUS, so the process was killed in the same place. ... but this happens too. I agree its something we should fix, but I don't think this is the best way to do it. This series is pulling the memory-failure-queue details back into the arch-code to build a second list, that gets processed as extra work when we return to user-space. The root of the issue is ghes_notify_sea() claims the notification as something APEI has dealt with, ... but it hasn't done it yet. The signals will be generated by something currently stuck in a queue. (Evidently x86 doesn't handle synchronous errors like this using firmware-first). I think a smaller fix is to give the queues that may be holding the memory_failure() work a kick as part of the code that calls ghes_notify_sea(). This means that by the time we return to do_sea() ghes_notify_sea()'s claim that APEI has dealt with it is true as any generated signals are pending. We can then skip the existing SIGBUS generation code. > Because memory_failure() may sleep, we can not call it directly in SEA (this one is more serious, I've attempted to fix it by moving all NMI-like GHES-notifications to use the estatus queue). > exception context. So we saved faulting physical address associated with > a process in the ghes handler and set __TIF_SEA_NOTIFY. When we return > from SEA exception context and get into do_notify_resume() before the > process running, we could check it and call memory_failure() to do > recovery. > It's safe, because we are in process context. I think this is the trick. When we take a Synchronous-external-abort out of userspace, we're in process context too. We can add helpers to drain the memory_failure_queue which can be called when do_sea() when we know we're preemptible and interrupts-et-al are unmasked. Thanks, James [0] https://www.spinics.net/lists/linux-acpi/msg80149.html > --- > arch/arm64/Kconfig | 11 +++ > arch/arm64/include/asm/ras.h | 23 ++++++ > arch/arm64/include/asm/thread_info.h | 4 +- > arch/arm64/kernel/Makefile | 1 + > arch/arm64/kernel/ras.c | 142 +++++++++++++++++++++++++++++++++++ > arch/arm64/kernel/signal.c | 7 ++ > arch/arm64/mm/fault.c | 27 +++++-- > drivers/acpi/apei/ghes.c | 8 +- > include/acpi/ghes.h | 3 + > 9 files changed, 216 insertions(+), 10 deletions(-) > create mode 100644 arch/arm64/include/asm/ras.h > create mode 100644 arch/arm64/kernel/ras.c