Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Date:   Mon, 8 Mar 2021 17:49:12 +0800
From:   Aili Yao <yaoaili@kingsoft.com>
To:     Andy Lutomirski <luto@amacapital.net>
CC:     "Luck, Tony" <tony.luck@intel.com>,
        Andy Lutomirski <luto@kernel.org>,
        HORIGUCHI NAOYA <naoya.horiguchi@nec.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        "H. Peter Anvin" <hpa@zytor.com>, X86 ML <x86@kernel.org>,
        <yangfeng1@kingsoft.com>, Linux-MM <linux-mm@kvack.org>,
        LKML <linux-kernel@vger.kernel.org>, <yaoaili@kingsoft.com>
Subject: Re: [PATCH v3] x86/fault: Send a SIGBUS to user process always for
 hwpoison page access.
Message-ID: <20210308174912.4ac9029a@alex-virtual-machine>
In-Reply-To: <CALCETrWFXgOtFYycpY7A5Z1yM2oiZwP4sRh4e7Rfu32N85Kxig@mail.gmail.com>
References: <8d0c76f97f35499f91a2b82d3e7c024d@intel.com>
        <59469ECC-5316-4074-98EF-52FFF7940818@amacapital.net>
        <20210303202402.384265a3@alex-virtual-machine>
        <20210303205129.0a66f7a7@alex-virtual-machine>
        <CALCETrWFXgOtFYycpY7A5Z1yM2oiZwP4sRh4e7Rfu32N85Kxig@mail.gmail.com>
Organization: kingsoft
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8BIT
Precedence: bulk

On Sun, 7 Mar 2021 11:16:24 -0800
Andy Lutomirski <luto@amacapital.net> wrote:

> > > > >> Some programs may use read(2), write(2), etc as ways to check if
> > > > >> memory is valid without getting a signal.  They might not want
> > > > >> signals, which means that this feature might need to be configurable.  
> > > > >
> > > > > That sounds like an appalling hack. If users need such a mechanism
> > > > > we should create some better way to do that.
> > > > >  
> > > >
> > > > Appalling hack or not, it works. So, if we’re going to send a signal to user code that looks like it originated from a bina fide architectural recoverable fault, it needs to be recoverable.  A load from a failed NVDIMM page is such a fault. A *kernel* load is not. So we need to distinguish it somehow.  
> > >
> > > Sorry for my previous mis-understanding, and i have some questions:
> > > if programs use read,write to check if if memory is valid, does it really want to cover the poison case?  
> 
> I don't know.
> 
> > > When for such a case, an error is returned,  can the program realize it's hwposion issue not other software error and process correctly?  
> 
> Again, I don't know.  But changing the API like this seems potentialy
> dangerous and needs to be done with care.
> 
> > >
> > > if this is the proper action, the original posion flow in current code from read and write need to change too.
> > >  
> >
> > Sorry, another question:
> >   When programs use read(2), write(2) as ways to check if memory is valid, does it really want to check if the user page the program provided is valid, not the destination or disk space valid?  
> 
> They may well be trying to see if their memory is valid.

Thanks for your reply, and I don't know what to do.
For current code, if user program write to a block device(maybe a test try) and if its user copy page corrupt when in kernel copy, the process is killed with a SIGBUS.
And for the page fault case in this thread, the process is error returned.

-- 
Thanks!
Aili Yao