Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp774892pxf; Wed, 10 Mar 2021 18:03:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJxsnOxu+o14Ss2Oidu2+cMFKvKN+Mg9OG4ojBL6l3iE6s/42hegDYbViX4bkDA8s1wLgmmS X-Received: by 2002:a17:906:a94b:: with SMTP id hh11mr750274ejb.459.1615428234316; Wed, 10 Mar 2021 18:03:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615428234; cv=none; d=google.com; s=arc-20160816; b=UXdfvYFlPgQtkrnZqjeDQ9d6a9gakjaITuxY5N8AgX320kxUc9r1SMzfoIA+nG9oDf 9qUQ2yHn9MlSw4jjf6MDNkIUVTk6FTOi8mjsuDvSDdJshfUTCPGafURRPb2hMUbzzRHV dX5wepmmZs4FmxryPcw6H4CJcYV6PMmEcI4dqq2LvejmwlbZbIJWuSnlZsRSsn2xb1Jw ECJ+etnRAYSXmvdiT5vW3g5V89YTMwrQ7OV5Q8KQ0H2WlcVfYbMwEJi6yBP4DlbTqAKf Cd7T3LFlcTVjG1G63KcXf/3v4cXd8pSClUraVazdFHBvC1feWBbayfgw3suHE4s62J0N 5RXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=7+YhEY6qUSLV+53KIn4u6OPZT5Dd3Y82TG9Mro84/lk=; b=rJhKycdtS5rEGt/GE5I0D8mN4cof/Uk7vfQ7RGBvgWU/Y+i1sGLzH+ND/YR6+sZHxJ 8koGPCo49dhZNZpGXZUYZ9RU/Rq/BjUut49e3TO/MGato9dRL9GLdxTAjppcwq9bV+Ii ANNtxdrZkuJT90EVWuBT4WLD2iFvQFSpJYKo5Dx6/bqMtN3tN5fhA7EttnUwgkB5Zi4l 0Xl/YVUttAHq8WSOmTk5LsLmEAYr+8+PRXDvcKcsoUTThWGrLuRI/t/PDkSjAI882fw+ kR+FxIoG8Nv+VqEifdDMXGBxqBEquxgpGA4W5UZ8D2AGGpA10lMN62BWB3XP1EoGYS47 7NMQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v12si682856ejb.425.2021.03.10.18.03.30; Wed, 10 Mar 2021 18:03:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229718AbhCKCC0 convert rfc822-to-8bit (ORCPT + 99 others); Wed, 10 Mar 2021 21:02:26 -0500 Received: from mail.kingsoft.com ([114.255.44.146]:47467 "EHLO mail.kingsoft.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S229714AbhCKCB5 (ORCPT ); Wed, 10 Mar 2021 21:01:57 -0500 X-AuditID: 0a580155-1f5ff7000005482e-22-6049728f68b2 Received: from mail.kingsoft.com (localhost [10.88.1.32]) (using TLS with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mail.kingsoft.com (SMG-2-NODE-85) with SMTP id 89.95.18478.F8279406; Thu, 11 Mar 2021 09:29:51 +0800 (HKT) Received: from alex-virtual-machine (172.16.253.254) by KSBJMAIL2.kingsoft.cn (10.88.1.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.2; Thu, 11 Mar 2021 10:01:54 +0800 Date: Thu, 11 Mar 2021 10:01:54 +0800 From: Aili Yao To: Andy Lutomirski CC: "Luck, Tony" , Oleg Nesterov , Linux API , Andy Lutomirski , HORIGUCHI NAOYA , Dave Hansen , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , X86 ML , , Linux-MM , LKML , , , Subject: Re: [PATCH v3] x86/fault: Send a SIGBUS to user process always for hwpoison page access. Message-ID: <20210311100154.5a75c62e@alex-virtual-machine> In-Reply-To: References: <4fc1b4e8f1fb4c8c81f280db09178797@intel.com> <047D5B49-FDBB-494C-81E9-DA811476747D@amacapital.net> <20210311091941.45790fcf@alex-virtual-machine> Organization: kingsoft X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.30; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT X-Originating-IP: [172.16.253.254] X-ClientProxiedBy: KSBJMAIL1.kingsoft.cn (10.88.1.31) To KSBJMAIL2.kingsoft.cn (10.88.1.32) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrJIsWRmVeSWpSXmKPExsXCFcGooNtf5Jlg8PUUs8XnDf/YLF5saGe0 mLZR3GLz9w42i8u75rBZ3Fvzn9Vi9doGVovzu9ayWlw6sIDJ4mLjAUaLrftbGS2O9x5gsti8 aSqzxZsL91gsfmx4zOrA7/G9tY/F4/6bvywem1doeSze85LJY9OqTjaPTZ8msXu8O3eO3WPe yUCPF1c3sni833eVzePzJjmPEy1fWAN4orhsUlJzMstSi/TtErgyrm5fyljQKlKxa+p91gbG A/xdjOwcEgImEntsuhi5OIQEpjNJHDu0lAnCecUosfH1cSCHk4NFQFXiZ8tWMJsNyN51bxYr iC0ioCnxcsp8FpAGZoFHLBINsxezgySEBZIlzkx6wAhi8wpYSWz4Mh+omYODUyBQ4sFBGYgF LxglOju3s4HU8AuISfRe+Q+2QELAXqJtyyKoXkGJkzOfsIDYzEDLWrf/ZoewtSWWLXzNDGIL CShKHF7yix2iV0niSPcMNgg7VmLZvFesExiFZyEZNQvJqFlIRi1gZF7FyFKcm260iRESm6E7 GGc0fdQ7xMjEwXiIUYKDWUmE1++4W4IQb0piZVVqUX58UWlOavEhRmkOFiVx3r3HXBOEBNIT S1KzU1MLUotgskwcnFINTAdWnODNFdlnd+0k64q9+yQ6157PmrlAMSnlz4YY9RsHn3lfexrT x9nftDLhu/nVi4F5tfKHOqr7fC76mSyO3CFkf7Ro2ZvEyhk2xte2+jrYJy1kNlnyzqs+5kGs yx+TpeeUzwarLhBSYWrYtXvig3nLDwicMj0TaBKdOenu1arXTF6lv5MnGxb/YHQqORmxeZ+E tPdeTjfZT/IS7EnecWUpgg6dhx5dCmW7krL0zv+DbXZ3HqbfcOE4FDWxPn6nk/7cu21yElXH HcNN93N8UpNPCSrmmNC+6vvcrYu+cn3ZkW3566bNzMg/G49qhCvEbL4Ye+sgQ2OGzAGTg3/W O2zeVnk2a+W93NMPtaxi/iixFGckGmoxFxUnAgBRSXrGPAMAAA== Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 10 Mar 2021 17:28:12 -0800 Andy Lutomirski wrote: > On Wed, Mar 10, 2021 at 5:19 PM Aili Yao wrote: > > > > On Mon, 8 Mar 2021 11:00:28 -0800 > > Andy Lutomirski wrote: > > > > > > On Mar 8, 2021, at 10:31 AM, Luck, Tony wrote: > > > > > > > >  > > > >> > > > >> Can you point me at that SIGBUS code in a current kernel? > > > > > > > > It is in kill_me_maybe(). mce_vaddr is setup when we disassemble whatever get_user() > > > > or copy from user variant was in use in the kernel when the poison memory was consumed. > > > > > > > > if (p->mce_vaddr != (void __user *)-1l) { > > > > force_sig_mceerr(BUS_MCEERR_AR, p->mce_vaddr, PAGE_SHIFT); > > > > > > Hmm. On the one hand, no one has complained yet. On the other hand, hardware that supports this isn’t exactly common. > > > > > > We may need some actual ABI design here. We also need to make sure that things like io_uring accesses or, more generally, anything using the use_mm / use_temporary_mm ends up either sending no signal or sending a signal to the right target. > > > > > > > > > > > Would it be any better if we used the BUS_MCEERR_AO code that goes into siginfo? > > > > > > Dunno. > > > > I have one thought here but don't know if it's proper: > > > > Previous patch use force_sig_mceerr to the user process for such a scenario; with this method > > The SIGBUS can't be ignored as force_sig_mceerr() was designed to. > > > > If the user process don't want this signal, will it set signal config to ignore? > > Maybe we can use a send_sig_mceerr() instead of force_sig_mceerr(), if process want to > > ignore the SIGBUS, then it will ignore that, or it can also process the SIGBUS? > > I don't think the signal blocking mechanism makes sense for this. > Blocking a signal is for saying that, if another process sends the > signal (or an async event like ctrl-C), then the process doesn't want > it. Blocking doesn't block synchronous things like faults. > > I think we need to at least fix the existing bug before we add more > signals. AFAICS the MCE_IN_KERNEL_COPYIN code is busted for kernel > threads. Got this, Thanks! I read https://man7.org/linux/man-pages/man2/write.2.html, and it seems the write syscall is not expecting an signal, maybe a specific error code for this scenario is enough. -- Thanks! Aili Yao