Received: by 2002:a05:6a10:1d13:0:0:0:0 with SMTP id pp19csp1769813pxb; Fri, 20 Aug 2021 13:35:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz5HN2LjBRixM2Oafku+QzIB40i0+zxQOrBsAGUmw/ZZ06rUUMk+zzn1KoPC4XgQzuTe7KQ X-Received: by 2002:a17:906:a382:: with SMTP id k2mr23347118ejz.454.1629491747251; Fri, 20 Aug 2021 13:35:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1629491747; cv=none; d=google.com; s=arc-20160816; b=ln7nNItpmF+7x/rzxk6ZpnkodNvFdhywpAVmBTLRTKS/maPGN8FnUpBou//r94f9db HMFnkGNti1bTXRWt2YbUhuPmDZVVB8/B90mQp4VWZeC+xCqdBMMjjWDKobLM8nCTxtqb TAROJigxTlauEk9vt5O2saAAIgOyYtljc8VGtaYwPK0uNPiEjmdUvdW8lLvA2lMWTf7D cCDM2UMgcmkXn27lFGlwNU2QAVVZNpu72FQ/OlvaWwZ3athxtCMHmAenDC00P0p/8z6g H3es2nmJ+P7thQGtt3U5APkQfwdE6G3Y8/E/iUTMsov2SpCwOeXx8iD81xpZGRrK+JhB x8lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=cJjX7btopZcMVgY3si+1ndDXQ/nnbovrq1uYW5DYMIw=; b=ICegX+PmOicZEjm3XoY/0XcTiM0/RgHWmJQYmOJ+zlmsqeM2IT1QJUbUa3AUR7b136 ww9oFdsvbt0/BMsm7iiePdOY5UiY1TDcsXhbmXolas1rsfP8UTORr/X0sZGib2fg2nbU d+AGxKgEDrA+yDAE2diCkHRZm5M/PpXwdMJyp8jBk2jOGpe30o/AiUV+4usa0shi5JJq f55ylCWAfLYoKUi6NpJoHUSbbNt1gUMNle66CNbDoJsNEfK29JtSWpfRbJuaKJLFbjSA Q51F0lXqH9z/XgB7cvceFJKY/+NA2WYHnFLPgrZLjtcW4tYcxWzJvyhLh5grIeHZlxDp D1/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z10si1091821edd.270.2021.08.20.13.35.23; Fri, 20 Aug 2021 13:35:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239175AbhHTUeh (ORCPT + 99 others); Fri, 20 Aug 2021 16:34:37 -0400 Received: from mga18.intel.com ([134.134.136.126]:57756 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230282AbhHTUeg (ORCPT ); Fri, 20 Aug 2021 16:34:36 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10082"; a="203983993" X-IronPort-AV: E=Sophos;i="5.84,338,1620716400"; d="scan'208";a="203983993" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Aug 2021 13:33:57 -0700 X-IronPort-AV: E=Sophos;i="5.84,338,1620716400"; d="scan'208";a="463496452" Received: from agluck-desk2.sc.intel.com (HELO agluck-desk2.amr.corp.intel.com) ([10.3.52.146]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Aug 2021 13:33:57 -0700 Date: Fri, 20 Aug 2021 13:33:56 -0700 From: "Luck, Tony" To: Borislav Petkov Cc: Jue Wang , Ding Hui , naoya.horiguchi@nec.com, osalvador@suse.de, Youquan Song , huangcun@sangfor.com.cn, x86@kernel.org, linux-edac@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 1/3] x86/mce: Avoid infinite loop for copy from user recovery Message-ID: <20210820203356.GA1623896@agluck-desk2.amr.corp.intel.com> References: <20210706190620.1290391-1-tony.luck@intel.com> <20210818002942.1607544-1-tony.luck@intel.com> <20210818002942.1607544-2-tony.luck@intel.com> <20210820185945.GA1623421@agluck-desk2.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 20, 2021 at 09:27:44PM +0200, Borislav Petkov wrote: > On Fri, Aug 20, 2021 at 11:59:45AM -0700, Luck, Tony wrote: > As in: there was an MCE while trying to access this user memory, you > should not do get_user anymore. You did add that > > * Return zero to pretend that this copy succeeded. This > * is counter-intuitive, but needed to prevent the code > * in lib/iov_iter.c from retrying and running back into > > which you're removing with the last patch so I'm confused. Forget to address this part in the earlier reply. My original code that forced a zero return has a hack. It allowed recovery to complete, but only because there was going to be a SIGBUS. There were some unplesant side effects. E.g. on a write syscall the file size was updated as if the write had succeeded. That would be very confusing for anyone trying to clean up afterwards as the file would have good data that was copied from the user up to the point where the machine check interrupted things. Then NUL bytes after (because the kernel clears pages that are allocated into the page cache). The new version (thanks to All fixing iov_iter.c) now does exactly what POSIX says should happen. If I have a buffer with poison at offset 213, and I do this: ret = write(fd, buf, 512); Then the return from write is 213, and the first 213 bytes from the buffer appear in the file, and the file size is incremented by 213 (assuming the write started with the lseek offset at the original size of the file). -Tony