Received: by 2002:a05:6a10:83d0:0:0:0:0 with SMTP id o16csp24934pxh; Thu, 7 Apr 2022 12:53:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyvuD/yiTyhqnOZwFAC732EvWt0ostwK4Bfhqi5qM9JRB5WBRzsu8/Qoqh/85TZazLsy1Xs X-Received: by 2002:a17:90a:8a85:b0:1ca:9d13:9f61 with SMTP id x5-20020a17090a8a8500b001ca9d139f61mr17868356pjn.35.1649361180600; Thu, 07 Apr 2022 12:53:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649361180; cv=none; d=google.com; s=arc-20160816; b=OgUhfMotduOB7I9aTFrUhFsS7dlLqxrCWgPgVGOJ36/VHUPNyJsfNTSOGWzPycx7wL +fZc47XRbj2VckwckJZBoXN3zC76JMYUH1tNbduzRlJsm7I3dZSackXaIFeRPUXYyb6i v++tNhSAJAXLoi6KwPxf7QvGfj3mnVq5mlGCeXXcUnc/uoGInPa9m56FZBGfH3Pyr7Kg MlZGvTJdQmuW+1MuYi+xx/sVrFm5wppu3ihasEevlpMNJVgsZ17hwTBjAJNnY7XtHl1X XB3NE3bKHbVBGHIriDCEls6szkmJqP1ZoTLgdUvW8l4V9r6sHXTtSzALhs5vfU4+8N1H K7UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=fJZ/B2Cqr9Bq7dsePUlPLogoqnBa/oQL2WrzzoEPgK0=; b=pEF0CNZMsN3aVePtjLNfnKycUNxUfTc8JkhbgnW8fwuXFX64pM4nTkdyTiV6yvCb1E XXzA7hKyr+ZixmtSh1tca6Gx9MQbFdZdoKKTWzuCMD5G73TYURPJ7Do052+gQRNHiMcE 49uYhQersN+C7fF/yWJ4lAyY+4wesGz5DpHqe0wHPZBzSewBuIx8nCvSwgRh+6YlWCLs 5oojeLuDPE2tbyK8dseYjjg5+XsOWicU2YMjKQc5kNkQ9Stpkuj2INpxU8MeUY1n2QWX t97KD+PEEA/Jbx3hL+4AM820mgcPJb/4eW/oFfGQVsAUmLp/3TFDmLHScKrmrP7yyyZq jLJA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id o29-20020a635a1d000000b003816043ef86si19722277pgb.379.2022.04.07.12.53.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Apr 2022 12:53:00 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id D96C4274E7D; Thu, 7 Apr 2022 12:23:53 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236048AbiDGEX4 (ORCPT + 99 others); Thu, 7 Apr 2022 00:23:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229806AbiDGEXz (ORCPT ); Thu, 7 Apr 2022 00:23:55 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 388FE1BE0C9 for ; Wed, 6 Apr 2022 21:21:54 -0700 (PDT) Received: from kwepemi500001.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4KYp782hSWzFpVm; Thu, 7 Apr 2022 12:19:32 +0800 (CST) Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemi500001.china.huawei.com (7.221.188.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Thu, 7 Apr 2022 12:21:51 +0800 Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Thu, 7 Apr 2022 12:21:50 +0800 Message-ID: Date: Thu, 7 Apr 2022 12:21:50 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [RFC PATCH -next V2 0/7]arm64: add machine check safe support To: Mark Rutland CC: Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Catalin Marinas , Will Deacon , Alexander Viro , , "H. Peter Anvin" , , , , References: <20220406091311.3354723-1-tongtiangen@huawei.com> From: Tong Tiangen In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To kwepemm600017.china.huawei.com (7.193.23.234) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 在 2022/4/6 18:04, Mark Rutland 写道: > Hi, > > In future, for the arm64 uaccess stuff, could you please CC me, and for the > arm64 RAS bits (e.g. the SEA handling), could you please CC James Morse? ok :) > > On Wed, Apr 06, 2022 at 09:13:04AM +0000, Tong Tiangen wrote: >> This patchset is based on[1]. > > That link below appears to be a single patch. Sending that separately makes > this harder to review, so in future could you please send this as a combined > series? > >> With the increase of memory capacity and density, the probability of >> memory error increases. The increasing size and density of server RAM >> in the data center and cloud have shown increased uncorrectable memory >> errors. >> >> Currently, the kernel has a mechanism to recover from hardware memory >> errors. This patchset provides an new recovery mechanism. >> >> For ARM64, the hardware error handling is do_sea() which divided into >> two cases: >> 1. The user state consumed the memory errors, the solution is kill th >> user process and isolate the error page. >> 2. The kernel state consumed the memory errors, the solution is panic. >> >> For kernelspace, Undifferentiated panic maybe not the optimal choice, >> it can be handled better. >> >> This patchset deals with four sscenarios of hardware memory error consumed >> in kernelspace: >> 1. copy_from_user. >> 2. get_user. > > What about atomics to user memory? e.g. futexes, or the armv8_deprecated > emulations? > > It seems the assumption is that writing to user memory (e.g. copy_to_user() and > put_user()) don't matter? Could you please mention why? e.g. do we never take > an exception for writes to memory with errors? First, explain why only pay attention to the errors that occur when reading memory and not when writing memory: 1. For Linux reading page, the Linux is consumer[*], the DDR controller is producer. if page with memory error, Linux consumes the error will receive an error signal than process the signal. 2. For Linux writing page, the Linux is producer, the DDR controller is consumer, the DDR controller will process the memory error. 3. From the perspective of Linux, here we only focus on his situation as a consumer. Focus on how Linux responds to errors when reading pages. [*]For definitions of producers and consumers, refer to the documentation: Reliability, Availability, and Serviceability (RAS) Architecture Extension Second, explain why writing to user memory don't matter. Don't matter means that we will not deal with it in this patchset, but follow the current strategy of the kernel(kernel panic). Take copy_from[to]_user/get[put]_user as an example: 1. In copy_to_user()/put_user(), it read the kernel page and write to user page, We cannot judge the importance of this kernel page that holds kernel data, if a memory error is encountered while reading, the normal operation of the system after recovery cannot be guaranteed,so the current processing strategy of the kernel is panic,we will not change this. 2. In copy_from_user()/get_user(), it read the user page and write to kernel page in user process context, this user data is only critical to this user process and does not affect the operation of the whole system. Therefore, if a memory error is encountered while reading, we can recover by killing this process and isolating the error user page without going to kernel panic, This patchset is aimed at this situation. > >> 3. cow(copy on write). >> 4. pagecache reading. > > There are a bunch of other places where we'll access user memory via the linear > map, so I assume this is just a best-effort "try not to die" rather than "never > die" ? > > Are there other places we might need/want to expand this to in future? > > Thanks, > Mark. Yes. The strategy is "try not to die" in some specific scene. In both cases(cow and pagecache reading), when the page with memory error is read in user process context, the result is not fatal, because the data of the error page is only critical to the user process. Killing the process and isolating the error page will not affect the normal operation of the system. I hope I can explain this clearly. Great thanks to mark and I hope James can help take a look at this idea. Thanks. Tong. > >> These four scenarios have similarities. Although the error is consumed in >> the kernel state, but the consumed data belongs to the user state. >> >> The processing scheme is based on CONFIG_ARCH_HAS_COPY_MC and uses the >> process killing plus isolate error page to replace kernel panic. >> >> [1]https://lore.kernel.org/lkml/20220323033705.3966643-1-tongtiangen@huawei.com/ >> >> Since V2: >> 1.Consistent with PPC/x86, Using CONFIG_ARCH_HAS_COPY_MC instead of >> ARM64_UCE_KERNEL_RECOVERY. >> 2.Add two new scenarios, cow and pagecache reading. >> 3.Fix two small bug(the first two patch). >> >> Tong Tiangen (7): >> x86: fix copy_mc_to_user compile error >> arm64: fix page_address return value in copy_highpage >> arm64: add support for machine check error safe >> arm64: add copy_from_user to machine check safe >> arm64: add get_user to machine check safe >> arm64: add cow to machine check safe >> arm64: add pagecache reading to machine check safe >> >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/asm-extable.h | 25 +++++++ >> arch/arm64/include/asm/asm-uaccess.h | 16 +++++ >> arch/arm64/include/asm/esr.h | 5 ++ >> arch/arm64/include/asm/extable.h | 2 +- >> arch/arm64/include/asm/page.h | 10 +++ >> arch/arm64/include/asm/uaccess.h | 17 ++++- >> arch/arm64/kernel/probes/kprobes.c | 2 +- >> arch/arm64/lib/Makefile | 2 + >> arch/arm64/lib/copy_from_user.S | 11 ++-- >> arch/arm64/lib/copy_page_mc.S | 98 ++++++++++++++++++++++++++++ >> arch/arm64/lib/copy_to_user_mc.S | 78 ++++++++++++++++++++++ >> arch/arm64/mm/copypage.c | 36 ++++++++-- >> arch/arm64/mm/extable.c | 21 +++++- >> arch/arm64/mm/fault.c | 30 ++++++++- >> arch/x86/include/asm/uaccess.h | 1 + >> include/linux/highmem.h | 8 +++ >> include/linux/uaccess.h | 8 +++ >> include/linux/uio.h | 9 ++- >> lib/iov_iter.c | 85 +++++++++++++++++++----- >> mm/memory.c | 2 +- >> 21 files changed, 432 insertions(+), 35 deletions(-) >> create mode 100644 arch/arm64/lib/copy_page_mc.S >> create mode 100644 arch/arm64/lib/copy_to_user_mc.S >> >> -- >> 2.18.0.huawei.25 >> >> >> _______________________________________________ >> linux-arm-kernel mailing list >> linux-arm-kernel@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel > .