Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1265332iog; Sat, 18 Jun 2022 05:12:21 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uKnbER5bw2Kp+SxsvM+lKQ9m+AF07uhP2Rm4owCrDqx2fBvjqZyxmh9dMtCnF2aJ79A0on X-Received: by 2002:a63:7f15:0:b0:40c:834d:d8db with SMTP id a21-20020a637f15000000b0040c834dd8dbmr1614400pgd.251.1655554341132; Sat, 18 Jun 2022 05:12:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655554341; cv=none; d=google.com; s=arc-20160816; b=vIwNOOIHpalXDKF7kcPpDej4JLmG8gNkFr09OpPQarkg7hD9CFSXR79hL5HBoxDo6k tpkYhcvmy1xDOu/hWziFEESdCp3pHGi5vyqXE1cK4ZhPlvDy83efAmQ1AUlccQjSwSva F00l8XHoM7N2z2igMKSQkVQm4mpb7U7eh6KyUqKchCfo/AOZsgNdI6FYYuxSOx99PoAY JC5VWWjYrHM4VjDOWsgki3W7OarJVIkioLHv14z3Z0+cPHdJL29Ya8QWXibVZoNvRl7V oLe8aTKqHMtkvq2C3iLvQDPi3RYkt/HqtD8CyCpyWQgyDIZWf+jONOrqSHYJsTpdHKST kXyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=Kk2yQqwadyskZRkrcZju7N+T1vnhEJeDZpD1iabnjfI=; b=GfwBSPXbS3TARsHZqTuAw0TpA/lAy9rgsxVunxGlmo38nRl70wLv0uIhWHGZLOexoR nEYEbQzz2+q51NoEAuZ7FMh7vJwCRwfy3GYg4yvtx9uZQ1J1E5WtgMUe1pK8+cj1iJQF pR2y7n6d5CJw/tl5oKy8iCTvypxDQAauVmX3CycWXruZ2/JpGHfjJJ47eXws8EuG7YFv rMdHysP6dZ5GU8QQa1Cot2AEN3d/zXsZTNjwUoXoGF2YZpGal/TZNEbdF2+td+y6ppqQ 1SIWypdooVLNOA6aghpU0Ck6C9+IjTB2G7XaYLAAbWfRe3eQTPmm1LHwPw5aFRPBPi3B Af2A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g13-20020a63e60d000000b003fccd1caadesi10337182pgh.274.2022.06.18.05.12.08; Sat, 18 Jun 2022 05:12:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232239AbiFRLf4 (ORCPT + 99 others); Sat, 18 Jun 2022 07:35:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230203AbiFRLfz (ORCPT ); Sat, 18 Jun 2022 07:35:55 -0400 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 02B4D19FA8 for ; Sat, 18 Jun 2022 04:35:53 -0700 (PDT) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A0510113E; Sat, 18 Jun 2022 04:35:53 -0700 (PDT) Received: from FVFF77S0Q05N (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E864F3F7D8; Sat, 18 Jun 2022 04:35:49 -0700 (PDT) Date: Sat, 18 Jun 2022 12:35:35 +0100 From: Mark Rutland To: Tong Tiangen Cc: James Morse , Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Robin Murphy , Dave Hansen , Catalin Marinas , Will Deacon , Alexander Viro , Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , x86@kernel.org, "H . Peter Anvin" , linuxppc-dev@lists.ozlabs.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Kefeng Wang , Xie XiuQi , Guohanjun Subject: Re: [PATCH -next v5 7/8] arm64: add uaccess to machine check safe Message-ID: References: <20220528065056.1034168-1-tongtiangen@huawei.com> <20220528065056.1034168-8-tongtiangen@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 18, 2022 at 05:27:45PM +0800, Tong Tiangen wrote: > > > 在 2022/6/17 17:06, Mark Rutland 写道: > > On Sat, May 28, 2022 at 06:50:55AM +0000, Tong Tiangen wrote: > > > If user access fail due to hardware memory error, only the relevant > > > processes are affected, so killing the user process and isolate the > > > error page with hardware memory errors is a more reasonable choice > > > than kernel panic. > > > > > > Signed-off-by: Tong Tiangen > > > > > --- > > > arch/arm64/lib/copy_from_user.S | 8 ++++---- > > > arch/arm64/lib/copy_to_user.S | 8 ++++---- > > > > All of these changes are to the *kernel* accesses performed as part of copy > > to/from user, and have nothing to do with userspace, so it does not make sense > > to mark these as UACCESS. > > You have a point. so there is no need to modify copy_from/to_user.S in this > patch set. Cool, thanks. If this patch just has the extable change, that's fine by me. > > Do we *actually* need to recover from failues on these accesses? Looking at > > _copy_from_user(), the kernel will immediately follow this up with a memset() > > to the same address which will be fatal anyway, so this is only punting the > > failure for a few instructions. > > If recovery success, The task will be killed and there will be no subsequent > memset(). I don't think that's true. IIUC per the last patch, in the exception handler we'll apply the fixup then force a signal. That doesn't kill the task immediately, and we'll return from the exception handler back into the original context (with the fixup applied). The structure of copy_from_user() is copy_from_user(to, from, n) { _copy_from_user(to, from, n) { res = n; res = raw_copy_from_user(to, from, n); if (res) memset(to + (n - res), 0, res); } } So when the fixup is applied and res indicates that the copy terminated early, there is an unconditinal memset() before the fatal signal is handled in the return to userspace path. > > If we really need to recover from certain accesses to kernel memory we should > > add a new EX_TYPE_KACCESS_ERR_ZERO_MC or similar, but we need a strong > > rationale as to why that's useful. As things stand I do not beleive it makes > > sense for copy to/from user specifically. [...] > > > diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c > > > index c301dcf6335f..8ca8d9639f9f 100644 > > > --- a/arch/arm64/mm/extable.c > > > +++ b/arch/arm64/mm/extable.c > > > @@ -86,10 +86,10 @@ bool fixup_exception_mc(struct pt_regs *regs) > > > if (!ex) > > > return false; > > > - /* > > > - * This is not complete, More Machine check safe extable type can > > > - * be processed here. > > > - */ > > > + switch (ex->type) { > > > + case EX_TYPE_UACCESS_ERR_ZERO: > > > + return ex_handler_uaccess_err_zero(ex, regs); > > > + } > > > > This addition specifically makes sense to me, so can you split this into a separate patch? > > According to my understanding of the above, only the modification of > extable.c is retained. > > So what do you mean which part is made into a separate patch? As above, if you just retain the extable.c changes, that's fine by me. Thanks, Mark.