Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2828441pxb;
        Mon, 19 Apr 2021 15:19:46 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxcg1nC0uLaFhexkMjGl0jFJsO2IrAdxnd50rtX7EM2two35TjqXDUffKdrNiDtYjXu9/yU
X-Received: by 2002:aa7:908c:0:b029:209:aacd:d8b with SMTP id i12-20020aa7908c0000b0290209aacd0d8bmr21907032pfa.74.1618870786203;
        Mon, 19 Apr 2021 15:19:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1618870786; cv=none;
        d=google.com; s=arc-20160816;
        b=vZcdxuoiIdl8eMjRsHaWOtZsN83Pr46TzsDJzrglpKs+oOT1oRuY6qc208sps1rqx3
         SQ4mhzzj/0fRzKxFkr3E6TjZdhu+xtZpKuypU5NLoOzh6TookCQpKe9safOnPT6pSC//
         8ud5kZ5da4/btPR+VuLUEuuTQrRGziP0OHeRIe2TjriiW/qq4POIZIHAlkqh99SI4Yiw
         SIx5rHjt3ZJzTATGJYrTsfFrCdaEoGk9hcE/Be+M5/Mrav+zT4hlXPygw7ymFeTOY49l
         fWRXZm7Sk9A0krCk9vf//g5jmSD6LV7/BCg9VO8ZrQpTLwq6NPezBdBRbWuraVKFPTM5
         PbJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:mime-version
         :dkim-signature;
        bh=hZIM+x23q0A7UAi2bLceHdWLfsqyYiEeL8Ivzgxf6vI=;
        b=wP+q9LC+/2Lq20xaYwHWF4sZmV4qoDoBIyiuRb88im4DJB559RMN05X6Q4bij4c4z9
         CHHgbCxH7wkRwiT5JTQuLba5uwv0l+LJNy/w+GHCMYhgV5VSboACFKakIyDTHI8P/WCG
         2CAf5rRO1eoDKnffIl8uxPvQ5y3d3stTc/GD+GSoHYZ5YCPLajcfWt1Ms/sw72WvTo32
         RXRfGIlySvBVnxkz+RwuuSlXcpSBkNqD3EYrS1/nRNjHcVtpbYUwe0gc95+5NZ2ZGOk0
         FtTk1Rx/6+tt0ZSzdz7TIN2cMVZIPWtd15TiI5Ru8/NJFCp/4mWmbz1ttUTGYz61OZgE
         slaA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=bBeMgwnb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w3si17347039pgk.397.2021.04.19.15.19.34;
        Mon, 19 Apr 2021 15:19:46 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=bBeMgwnb;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232431AbhDSUdS (ORCPT <rfc822;lists.md@gmail.com> + 99 others);
        Mon, 19 Apr 2021 16:33:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42018 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229842AbhDSUdR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 19 Apr 2021 16:33:17 -0400
Received: from mail-vk1-xa31.google.com (mail-vk1-xa31.google.com [IPv6:2607:f8b0:4864:20::a31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3468CC06174A
        for <linux-kernel@vger.kernel.org>; Mon, 19 Apr 2021 13:32:47 -0700 (PDT)
Received: by mail-vk1-xa31.google.com with SMTP id a11so1469348vkl.0
        for <linux-kernel@vger.kernel.org>; Mon, 19 Apr 2021 13:32:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to:cc;
        bh=hZIM+x23q0A7UAi2bLceHdWLfsqyYiEeL8Ivzgxf6vI=;
        b=bBeMgwnbZMMu0gE4mk9GFkiorCqXAKTvE45soY4o1fvNiBkfqj8H7aQ5SfEL77FQ7t
         nqXhsJpW0e/la0/iqsnbeeqOsVobBbzjQG9Kei7s2d+QJ/Au2nsJtFc6r6DBZp3NFzSV
         tw/Fztic2l0Ejp+/ArbfzmOIONJauF991A0EcnwbM/yB9S5e1bDTqtZYM1jts8OQLNWN
         qfiiYtsV4QrODCCrL4l1Az8ApDtYfNikE8rmhkiy24U8NN4o4UtRDFn+gkFO83pJFkkp
         VytK19MCX5Qo9SsqCdxV6KXpLti9mgp7wu5lKLRsMwvv88DESrXik2gLQk8iAMiHUMQK
         7H1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
        bh=hZIM+x23q0A7UAi2bLceHdWLfsqyYiEeL8Ivzgxf6vI=;
        b=g0WjQ8/12FI7IAsMNHDMvJe8PairD7iRtWC8vahT9po08p/C+LSW63yI5/GyHRGiyP
         N/UDuAe5BuIoLQfofZ4g9D79f+1HXqGflQtTtC+KlrTYPpxQwO3+w909YCSoB5terq3V
         gCqmZ+pIErSQXtdc15TpyTAIAisLw9ysFVJOo93Dx/q/j/XU4bKPaO6xrezEbO14PKq7
         EQ2ATDQfBxIIixZXYT0gKzUp8AykrXikmAv0H+Cgz+EKSoQc4aXpeikCkxCeiUy8YEHS
         CmHmIDfdLpxUdyaiv77W5Evy432Dlo5PZ9aokYrehVcgzBEU9ovQ2ObXRDOLIG7RrsQc
         UlUQ==
X-Gm-Message-State: AOAM532yg7IagQZrLq4H0L1LDrUdZEWu/TMWbeQ3wYbdoJ4Lvp8AoK4q
        WEMf70/qV7AiBKaOyByzdDuzgWbWz1+T7IUIISYtUg==
X-Received: by 2002:ac5:c185:: with SMTP id z5mr16995254vkb.19.1618864365806;
 Mon, 19 Apr 2021 13:32:45 -0700 (PDT)
MIME-Version: 1.0
From:   Jue Wang <juew@google.com>
Date:   Mon, 19 Apr 2021 13:32:35 -0700
Message-ID: <CAPcxDJ7fKHF69T6jepX+yVP=+t43i9hQD3W6SaaDLk9_UBy9uw@mail.gmail.com>
Subject: Re: [PATCH 3/4] mce/copyin: fix to not SIGBUS when copying from user
 hits poison
To:     "Luck, Tony" <tony.luck@intel.com>
Cc:     Borislav Petkov <bp@alien8.de>, linux-kernel@vger.kernel.org,
        linux-mm@kvack.org, luto@kernel.org,
        =?UTF-8?B?SE9SSUdVQ0hJIE5BT1lBKOWggOWPoyDnm7TkuZ8p?= 
        <naoya.horiguchi@nec.com>, x86 <x86@kernel.org>,
        yaoaili@kingsoft.com
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 8 Apr 2021 10:08:52 -0700, Tony Luck wrote:
> KVM apparently passes a machine check into the guest. Though it seems
> to be misisng the MCG_STATUS information to tell the guest whether this
> is an "Action Required" machine check, or an "Action Optional" (i.e.
> whether the poison was found synchonously by execution of the current
> instruction, or asynchronously).

The KVM_X86_SET_MCE ioctl takes a parameter of struct kvm_x86_mce, hypervisor
can set with necessary semantics.

1140 #ifdef KVM_CAP_MCE
1141 /* x86 MCE */
1142 struct kvm_x86_mce {
1143         __u64 status;
1144         __u64 addr;
1145         __u64 misc;
1146         __u64 mcg_status;
1147         __u8 bank;
1148         __u8 pad1[7];
1149         __u64 pad2[3];
1150 };
1151 #endif

> > Are we documenting somewhere: "if your process gets a SIGBUS and this
> > and that, which means your page got offlined, you should do this and
> > that to recover"?

> Essentially it boils down to:
> SIGBUS handler gets additional data giving virtual address that has gone away

> 1) Can the application replace the lost page?
> Use mmap(addr, MAP_FIXED, ...) to map a fresh page into the gap
> and fill with replacement data. This case can return from SIGBUS
> handler to re-execute failed instruction
> 2) Can the application continue in degraded mode w/o the lost page?
> Hunt down pointers to lost page and update structures to say
> "this data lost". Use siglongjmp() to go to preset recovery path
> 3) Can the application shut down gracefully?
> Record details of the lost page. Inform next-of-kin. Exit.
> 4) Default - just exit
Two possible addition to these great points:
5) If for some reason the page cannot be unmapped (e.g.,
either losing to much memory like hugetlbfs 1G pages, or
THP split failure for SHMEM THP), kernel maintains a
consistent semantic (i.e., MCE SIGBUS with vaddr) to all future
accesses from user space, by leaving the hwpoisoned page
mapped or in the radix tree.
6). If for some reason the vaddr is not available upon the
first MCE recovery and page is unmapped, kernel provides
correct semantic (MCE SIGBUS with vaddr) in subsequent
page faults from user space accessing the same vaddr.