Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3276280pxb; Tue, 12 Jan 2021 10:27:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJx+It8j+GwlCFfOT3mH1ET28DQMJxwoGjmxofkJroR7JzdN/w8dEXHxk/pNnA92Pg1Z05R7 X-Received: by 2002:a17:906:2087:: with SMTP id 7mr109995ejq.232.1610476034915; Tue, 12 Jan 2021 10:27:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610476034; cv=none; d=google.com; s=arc-20160816; b=IxLA91AAdRXjK1t70JttQi+1ytqD2VTNTpz1hpU1pjz5ujNOz624iRSWPFc5k+ndh3 PcGzMY7orn26KCbUH2zmMlCtc12SXgCe4bc0TdZTa7N7UkwHVDKEj2LBJH9wjILgKJM5 R9/wSB2cl1QWRYxVJ3jqzN8zlQNBjd5erMGkzoFiSNmjWjgCypFXOqyswL2/9vYsGUMq gMpl8cIpuKGUh5m95k7wW776oXMD5EIbXEgd/PBY1x4sszhUjDNFqz8Hf+4tFHj8uC6F ZIuT791GA3csYZjqUiYcs1ivxc3AE0wmrH2by826C5C+Snw3e81Uj/rHzuhIG78sCQhn fXfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=P3f8Kz+UKrZhSz/N6tL0h9CF6PKD1GdMu15PPMtv7qE=; b=d5iLeKzAcB2CP1abxs1m0oGoZWtyozZ9NpCqQIuSPPTMz261gsWC2cceuO/mr+kf/0 bFkclIazVOkIDwFGES/hnjOkpvhNySV1nJj3zN9I97c7JZUNR0/Ej5D6lSw4Oua5CFiw eLWbzICk+YoWSAMUetiGcx8hgAAqBAng5gw+LwaklUJZfMINL6zc3p60gm1yfCXqTbKF B52RvXTV2webdQD8YIO0LIjoIfUHiZmw/wByRxCoOyi5aABQ6YZd4dH+L8FbGBfspUjM LBQmHF/CO3r9mzuG2sicPvl2pbG7hayUOieIeDEBzBjwJRQm8tiHYlJhi4hRREba7cF3 Ls9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bt17si1421633ejb.333.2021.01.12.10.26.51; Tue, 12 Jan 2021 10:27:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406218AbhALSYk (ORCPT + 99 others); Tue, 12 Jan 2021 13:24:40 -0500 Received: from mga18.intel.com ([134.134.136.126]:9648 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2406161AbhALSYj (ORCPT ); Tue, 12 Jan 2021 13:24:39 -0500 IronPort-SDR: 8UZWU7DFyj7TgU+9cNiRjuWSQIvc5g8iJhXCbPgstmLjJ5pcMwXV/z57MNMUB4XENWU2eXvQpB CWpHoGdLp7sA== X-IronPort-AV: E=McAfee;i="6000,8403,9862"; a="165764966" X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="165764966" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2021 10:23:58 -0800 IronPort-SDR: ohLXLssT4T57MYIoJBHSlpn4WHeghfurRajLgrIXE/VuuJ6lqmocvtLygDAzEJMDKX5wobDyWj PlGu+p9zMXzA== X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="381521649" Received: from agluck-desk2.sc.intel.com (HELO agluck-desk2.amr.corp.intel.com) ([10.3.52.68]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2021 10:23:58 -0800 Date: Tue, 12 Jan 2021 10:23:57 -0800 From: "Luck, Tony" To: Andy Lutomirski Cc: Borislav Petkov , X86 ML , Andrew Morton , Peter Zijlstra , Darren Hart , LKML , linux-edac , Linux-MM Subject: Re: [PATCH v2 1/3] x86/mce: Avoid infinite loop for copy from user recovery Message-ID: <20210112182357.GA16390@agluck-desk2.amr.corp.intel.com> References: <20210111214452.1826-2-tony.luck@intel.com> <20210111222057.GA2369@agluck-desk2.amr.corp.intel.com> <20210112171628.GA15664@agluck-desk2.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 12, 2021 at 09:21:21AM -0800, Andy Lutomirski wrote: > Well, we need to do *something* when the first __get_user() trips the > #MC. It would be nice if we could actually fix up the page tables > inside the #MC handler, but, if we're in a pagefault_disable() context > we might have locks held. Heck, we could have the pagetable lock > held, be inside NMI, etc. Skipping the task_work_add() might actually > make sense if we get a second one. > > We won't actually infinite loop in pagefault_disable() context -- if > we would, then we would also infinite loop just from a regular page > fault, too. Fixing the page tables inside the #MC handler to unmap the poison page would indeed be a good solution. But, as you point out, not possible because of locks. Could we take a more drastic approach? We know that this case the kernel is accessing a user address for the current process. Could the machine check handler just re-write %cr3 to point to a kernel-only page table[1]. I.e. unmap the entire current user process. Then any subsequent access to user space will page fault. Maybe have a flag in the task structure to help the #PF handler understand what just happened. The code we execute in the task_work handler can restore %cr3 -Tony [1] Does such a thing already exist? If not, I'd need some help/pointers to create it.