Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp217341iog; Fri, 17 Jun 2022 02:11:17 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uGQX9WdfJjGIMnloT3+Dye+zdwlAVLsxVRGduVetsVBJ3eA1AtQtZ+mFY4DkOMhpgWMVqH X-Received: by 2002:a17:907:2b06:b0:711:e8cc:363e with SMTP id gc6-20020a1709072b0600b00711e8cc363emr8272844ejc.393.1655457077151; Fri, 17 Jun 2022 02:11:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655457077; cv=none; d=google.com; s=arc-20160816; b=r8GqlyJedNSlFSUfUO3LLapUpfoVUN4WBiJYDxhyI9abJQrYjanvh0tlEC3TbbRLvY 5AQvy9zr7yPqNk/qJe4JGp31b177vZtI8jRdKAn9ZOjFoRYG4oX8vZ+XsHQr6/RFRCGF uHmZH/IAj5foG4hDbRxRiI6bKWy6pbEwWFrWmLMjBMEfa4iDA5/yS+fyOkMpgwZry2HW SrVu9IWONeG+VXAO+mW5T10ME1Y7vm9RUyehqb/eYFqv6pnKhqYyk6LKwudmgDpfHDpR vY3AgtdyST+y6IEGRyrCHd6wCKQ0+DvDmZtbd8MfIterLrzWPigA2yxMtzlYW4zrhWtX 1D9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=tKWWEewl5P/Ivh0wuOm71uPCSApDPyoHuC3s9fVM4z4=; b=FwVgdFnr2I923VXAPsDAXo5J2GyRl5+r4Uuy/2HFztAMrVEeKOIO+VTxB1rLu+0DnH F02x2DyQWNlhqQo8OKmKvLnWZoukcq7bG+5oURYRw/Lm1+1cNwRjcOeRxNtK319vmMXz c1tNI8ffF7rDPppGeEmRaPK4v+K7GaprgbAMoTDPmWdEVagVj2mWWMLpyoPk/WYv9flW Iseuj8q2vofSpYTqgkYc7SJnDKxmYmJaQbpp697wlPkiggX6rMvaIFL14qx7JScDksWk pjOF0pH3dFzWUOBKkwj2NldfVMGxyGxNDL27QlAg+kjTl4WE1n6QUmAyje9eHILabtdB zMkw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e12-20020a056402088c00b00434efd8da0fsi1383374edy.615.2022.06.17.02.10.49; Fri, 17 Jun 2022 02:11:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381406AbiFQIzf (ORCPT + 99 others); Fri, 17 Jun 2022 04:55:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42854 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381396AbiFQIz2 (ORCPT ); Fri, 17 Jun 2022 04:55:28 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3165948E64 for ; Fri, 17 Jun 2022 01:55:27 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0375212FC; Fri, 17 Jun 2022 01:55:27 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [10.57.39.168]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 882573F792; Fri, 17 Jun 2022 01:55:23 -0700 (PDT) Date: Fri, 17 Jun 2022 09:55:19 +0100 From: Mark Rutland To: Tong Tiangen Cc: James Morse , Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Robin Murphy , Dave Hansen , Catalin Marinas , Will Deacon , Alexander Viro , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , x86@kernel.org, "H . Peter Anvin" , linuxppc-dev@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Kefeng Wang , Xie XiuQi , Guohanjun Subject: Re: [PATCH -next v5 6/8] arm64: add support for machine check error safe Message-ID: References: <20220528065056.1034168-1-tongtiangen@huawei.com> <20220528065056.1034168-7-tongtiangen@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220528065056.1034168-7-tongtiangen@huawei.com> X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 28, 2022 at 06:50:54AM +0000, Tong Tiangen wrote: > During the processing of arm64 kernel hardware memory errors(do_sea()), if > the errors is consumed in the kernel, the current processing is panic. > However, it is not optimal. > > Take uaccess for example, if the uaccess operation fails due to memory > error, only the user process will be affected, kill the user process > and isolate the user page with hardware memory errors is a better choice. > > This patch only enable machine error check framework, it add exception > fixup before kernel panic in do_sea() and only limit the consumption of > hardware memory errors in kernel mode triggered by user mode processes. > If fixup successful, panic can be avoided. > > Signed-off-by: Tong Tiangen > --- > arch/arm64/Kconfig | 1 + > arch/arm64/include/asm/extable.h | 1 + > arch/arm64/mm/extable.c | 17 +++++++++++++++++ > arch/arm64/mm/fault.c | 27 ++++++++++++++++++++++++++- > 4 files changed, 45 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index aaeb70358979..a3b12ff0cd7f 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -19,6 +19,7 @@ config ARM64 > select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2 > select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE > select ARCH_HAS_CACHE_LINE_SIZE > + select ARCH_HAS_COPY_MC if ACPI_APEI_GHES > select ARCH_HAS_CURRENT_STACK_POINTER > select ARCH_HAS_DEBUG_VIRTUAL > select ARCH_HAS_DEBUG_VM_PGTABLE > diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h > index 72b0e71cc3de..f80ebd0addfd 100644 > --- a/arch/arm64/include/asm/extable.h > +++ b/arch/arm64/include/asm/extable.h > @@ -46,4 +46,5 @@ bool ex_handler_bpf(const struct exception_table_entry *ex, > #endif /* !CONFIG_BPF_JIT */ > > bool fixup_exception(struct pt_regs *regs); > +bool fixup_exception_mc(struct pt_regs *regs); > #endif > diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c > index 228d681a8715..c301dcf6335f 100644 > --- a/arch/arm64/mm/extable.c > +++ b/arch/arm64/mm/extable.c > @@ -9,6 +9,7 @@ > > #include > #include > +#include > > static inline unsigned long > get_ex_fixup(const struct exception_table_entry *ex) > @@ -76,3 +77,19 @@ bool fixup_exception(struct pt_regs *regs) > > BUG(); > } > + > +bool fixup_exception_mc(struct pt_regs *regs) > +{ > + const struct exception_table_entry *ex; > + > + ex = search_exception_tables(instruction_pointer(regs)); > + if (!ex) > + return false; > + > + /* > + * This is not complete, More Machine check safe extable type can > + * be processed here. > + */ > + > + return false; > +} > diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c > index c5e11768e5c1..b262bd282a89 100644 > --- a/arch/arm64/mm/fault.c > +++ b/arch/arm64/mm/fault.c > @@ -696,6 +696,29 @@ static int do_bad(unsigned long far, unsigned long esr, struct pt_regs *regs) > return 1; /* "fault" */ > } > > +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr, > + struct pt_regs *regs, int sig, int code) > +{ > + if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC)) > + return false; > + > + if (user_mode(regs) || !current->mm) > + return false; What's the `!current->mm` check for? > + > + if (apei_claim_sea(regs) < 0) > + return false; > + > + if (!fixup_exception_mc(regs)) > + return false; I thought we still wanted to signal the task in this case? Or do you expect to add that into `fixup_exception_mc()` ? > + > + set_thread_esr(0, esr); Why are we not setting the address? Is that deliberate, or an oversight? > + > + arm64_force_sig_fault(sig, code, addr, > + "Uncorrected hardware memory error in kernel-access\n"); I think the wording here is misleading since we don't expect to recover from accesses to kernel memory, and would be better as something like: "Uncorrected memory error on access to user memory\n" Thanks, Mark. > + > + return true; > +} > + > static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs) > { > const struct fault_info *inf; > @@ -721,7 +744,9 @@ static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs) > */ > siaddr = untagged_addr(far); > } > - arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr); > + > + if (!arm64_do_kernel_sea(siaddr, esr, regs, inf->sig, inf->code)) > + arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr); > > return 0; > } > -- > 2.25.1 >