Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp16149pxb; Tue, 12 Jan 2021 18:34:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJxc9RLvuWug0dvT1l/J1U0Q10XP2WpzN18SkC2OUndR9xxEosILR2Rqa3NdN010pks4CdEj X-Received: by 2002:a17:907:9483:: with SMTP id dm3mr415801ejc.120.1610505277857; Tue, 12 Jan 2021 18:34:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610505277; cv=none; d=google.com; s=arc-20160816; b=PRuALw1K/ygzmtYXw1kcz5gcNyTbEbbRIyC2smr7N3fka8dRrvHvEG0AjS3QBS4HXm BYIoLdxo38CeUgw/c6WBtKBdpwDgJIiSb0atGk/vrc90QX4bu0YERUOSi0w+LQy29tzc 4Gq+TQHB26hXg8Ia2+kliBJtyQ42NzlSWuLQuNKPJb4DaytTBro1fXtcdrqipzX9jcaA jpJyYDklMy5h0gGGURo+RHkoxpBHxnwbZy+3CnjFLGwH7uhbChOeiQ1lH5DkRS5rUcXS UHqe+2WBM/MuGBnoV2wZYm7annFRTASAq6tsXYuk4EZUBmH3UD31LqyPsyWqo81GAdWq RKkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=uzo5tDFORmAn5YJDLJIn1dN4PGF0fMACM7CTf0Ba7uY=; b=svXF9TMr07Nuhw7p6Q6IvwINRFvmKyqgcnhoVkaIAcGKYSepFmDWE+CsT3AdsuVeLh fhU3rRGs7B9Q0VcHRmMpW/+Zhb/amf1mv51RLXbceDCExAWKbm4ChYmDK/UQzbeNd2Mw ZQTB7KhUEBv5LBp6SPrv59anjLpnqrMI8O+V30jP8npCLVP7Ir+DMPMhmTacLvw6rBTL lpnl56y5Do6A/R17TtOHXsXAUVjR77ClsLNCC9F1GTlPVHtnUuSq0o6ktA/OaDdzliUe 9rGNNDVVDmRwmkbmvNcQJypEwo3QF4Otf9E0c2mLAuDlacuXlt2vD+ryZ7tFKZ4sQ9ae gySQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n4si264582ejr.508.2021.01.12.18.34.14; Tue, 12 Jan 2021 18:34:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2437804AbhALVeg (ORCPT + 99 others); Tue, 12 Jan 2021 16:34:36 -0500 Received: from mga07.intel.com ([134.134.136.100]:31105 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2437054AbhALUwt (ORCPT ); Tue, 12 Jan 2021 15:52:49 -0500 IronPort-SDR: 2MDHTGdpGN4jXtezKKdvrIKrtSpBanrMCI52zNVmPbZ+pd1vWjAopTWbxBlTHrkZ8RVRlum+kC OhjB4JfyGXXw== X-IronPort-AV: E=McAfee;i="6000,8403,9862"; a="242177171" X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="242177171" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2021 12:52:08 -0800 IronPort-SDR: Wu6WoLc2o2d/j/ii4THsm2ucwjV0kUfST7rA1MiUlyzowea2bvapCYZNw2rQl2PSo/C2o3sWdV 8noJcyh/p2KQ== X-IronPort-AV: E=Sophos;i="5.79,342,1602572400"; d="scan'208";a="363643267" Received: from agluck-desk2.sc.intel.com (HELO agluck-desk2.amr.corp.intel.com) ([10.3.52.68]) by orsmga002-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Jan 2021 12:52:08 -0800 Date: Tue, 12 Jan 2021 12:52:07 -0800 From: "Luck, Tony" To: Andy Lutomirski Cc: Borislav Petkov , X86 ML , Andrew Morton , Peter Zijlstra , Darren Hart , LKML , linux-edac , Linux-MM Subject: Re: [PATCH v2 1/3] x86/mce: Avoid infinite loop for copy from user recovery Message-ID: <20210112205207.GA18195@agluck-desk2.amr.corp.intel.com> References: <20210111214452.1826-2-tony.luck@intel.com> <20210111222057.GA2369@agluck-desk2.amr.corp.intel.com> <20210112171628.GA15664@agluck-desk2.amr.corp.intel.com> <20210112182357.GA16390@agluck-desk2.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 12, 2021 at 10:57:07AM -0800, Andy Lutomirski wrote: > On Tue, Jan 12, 2021 at 10:24 AM Luck, Tony wrote: > > > > On Tue, Jan 12, 2021 at 09:21:21AM -0800, Andy Lutomirski wrote: > > > Well, we need to do *something* when the first __get_user() trips the > > > #MC. It would be nice if we could actually fix up the page tables > > > inside the #MC handler, but, if we're in a pagefault_disable() context > > > we might have locks held. Heck, we could have the pagetable lock > > > held, be inside NMI, etc. Skipping the task_work_add() might actually > > > make sense if we get a second one. > > > > > > We won't actually infinite loop in pagefault_disable() context -- if > > > we would, then we would also infinite loop just from a regular page > > > fault, too. > > > > Fixing the page tables inside the #MC handler to unmap the poison > > page would indeed be a good solution. But, as you point out, not possible > > because of locks. > > > > Could we take a more drastic approach? We know that this case the kernel > > is accessing a user address for the current process. Could the machine > > check handler just re-write %cr3 to point to a kernel-only page table[1]. > > I.e. unmap the entire current user process. > > That seems scary, especially if we're in the middle of a context > switch when this happens. We *could* make it work, but I'm not at all > convinced it's wise. Scary? It's terrifying! But we know that the fault happend in a get_user() or copy_from_user() call (i.e. an RIP with an extable recovery address). Does context switch access user memory? -Tony