Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4687529iob;
        Sun, 8 May 2022 22:02:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzfE29rtyDD5ebuvJumOFd0fvfAiVcumqx9WftTlRuNdcIDThbKOr+Z/lkmxD9XM730T5Y5
X-Received: by 2002:a63:4cc:0:b0:3c2:2450:7d79 with SMTP id 195-20020a6304cc000000b003c224507d79mr11553169pge.502.1652072544499;
        Sun, 08 May 2022 22:02:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1652072544; cv=none;
        d=google.com; s=arc-20160816;
        b=X1RgBlFD8hnyy7nlZYlMNduBz3K6FZqM6W7E3lJ/m4peVDz0G7ju0o9/oT/CB2LssB
         oUUhwB/PfpujGiMCLsJKrcgll7iYRVG0T4TyzxSvL6e1m6BrR0lKP2jwDokl+PbsKYAY
         K9WJS/WqUkuahhDdVtoClK8CjS7oYxkgAbRmFCxX6ptVZ9jQ7ne9aw1n7lu1cXARS8Rd
         O+AVK4wF3sziMDHY4vPSpxsL8ievpuFPtH7d/60fc7slCEMJF5m7nYRJ/TapvhidSltT
         qjOP3rmrlnvvjR08FazWl94tj/MwPgg8bepNMbvBttI+Ow2hV18zxoDPtNQbe/eHy1Za
         j8pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=wMFHJNc2eSOLm97Oftde8lj7yNZXB2JkivdNLf83X5Q=;
        b=XwfLwpqLCrGPXf5Cfpg60R0XajCN8NUDcVbrnsGEXzihZe9iQUvmkWfjFqk30168+N
         IWGv+Q5LvoUdbQQrKn8Dg9xfF6vtLYAvSPt48BS2kSrWOaHTODJOKPs3KFe8a3nO/1rv
         6skQVyuRtRZrFHttY7YxyJ8NsBBpNT3ug2EXlXtFZIDPip6fUTfhHglQg/7+duYDr5Ww
         nVyEbp6N7510LnUUMeF990xwyLXzcUvJuvtlPJwuqMQ+ZjdBAWnXNvfeC6vv1dNexMzb
         6tjWvgEcpuLFNP8g3USdFRXi62IkNAeDamfYXgN7gdgOIkrt4CX7q39Em42pN6c2+khp
         HRPg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id f21-20020a056a00229500b0050d41686489si13806004pfe.180.2022.05.08.22.02.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 08 May 2022 22:02:24 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4648113C1DF;
	Sun,  8 May 2022 21:57:42 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1377884AbiEENph (ORCPT <rfc822;anthony.2lannoy@gmail.com>
        + 99 others); Thu, 5 May 2022 09:45:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57260 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235092AbiEENpg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 5 May 2022 09:45:36 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1026F3B037
        for <linux-kernel@vger.kernel.org>; Thu,  5 May 2022 06:41:56 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 659786144D
        for <linux-kernel@vger.kernel.org>; Thu,  5 May 2022 13:41:56 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D7D69C385A8;
        Thu,  5 May 2022 13:41:51 +0000 (UTC)
Date:   Thu, 5 May 2022 14:41:48 +0100
From:   Catalin Marinas <catalin.marinas@arm.com>
To:     Tong Tiangen <tongtiangen@huawei.com>
Cc:     Mark Rutland <mark.rutland@arm.com>,
        James Morse <james.morse@arm.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Robin Murphy <robin.murphy@arm.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Will Deacon <will@kernel.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>, x86@kernel.org,
        "H . Peter Anvin" <hpa@zytor.com>, linuxppc-dev@lists.ozlabs.org,
        linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org,
        linux-mm@kvack.org, Kefeng Wang <wangkefeng.wang@huawei.com>,
        Xie XiuQi <xiexiuqi@huawei.com>,
        Guohanjun <guohanjun@huawei.com>
Subject: Re: [PATCH -next v4 4/7] arm64: add copy_{to, from}_user to machine
 check safe
Message-ID: <YnPUHC3GlZs6XHU4@arm.com>
References: <20220420030418.3189040-1-tongtiangen@huawei.com>
 <20220420030418.3189040-5-tongtiangen@huawei.com>
 <YnJU4NIrJmHLawgk@arm.com>
 <7da54d72-e5fa-41b5-67ea-a0b084e4c94a@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <7da54d72-e5fa-41b5-67ea-a0b084e4c94a@huawei.com>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, May 05, 2022 at 02:39:43PM +0800, Tong Tiangen wrote:
> 在 2022/5/4 18:26, Catalin Marinas 写道:
> > On Wed, Apr 20, 2022 at 03:04:15AM +0000, Tong Tiangen wrote:
> > > Add copy_{to, from}_user() to machine check safe.
> > > 
> > > If copy fail due to hardware memory error, only the relevant processes are
> > > affected, so killing the user process and isolate the user page with
> > > hardware memory errors is a more reasonable choice than kernel panic.
> > 
> > Just to make sure I understand - we can only recover if the fault is in
> > a user page. That is, for a copy_from_user(), we can only handle the
> > faults in the source address, not the destination.
> 
> At the beginning, I also thought we can only recover if the fault is in a
> user page.
> After discussion with a Mark[1], I think no matter user page or kernel page,
> as long as it is triggered by the user process, only related processes will
> be affected. According to this
> understanding, it seems that all uaccess can be recovered.
> 
> [1]https://patchwork.kernel.org/project/linux-arm-kernel/patch/20220406091311.3354723-6-tongtiangen@huawei.com/

We can indeed safely skip this copy and return an error just like
pretending there was a user page fault. However, my point was more
around the "isolate the user page with hardware memory errors". If the
fault is on a kernel address, there's not much you can do about. You'll
likely trigger it later when you try to access that address (maybe it
was freed and re-allocated). Do we hope we won't get the same error
again on that kernel address?

-- 
Catalin