From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2B61C021AA for ; Fri, 21 Feb 2025 06:52:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 13DE16B0083; Fri, 21 Feb 2025 01:52:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0C7876B00A3; Fri, 21 Feb 2025 01:52:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id ED0476B00A4; Fri, 21 Feb 2025 01:52:35 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id CFA136B00A2 for ; Fri, 21 Feb 2025 01:52:35 -0500 (EST) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 519B41609BC for ; Fri, 21 Feb 2025 06:52:35 +0000 (UTC) X-FDA: 83143033470.07.EDAF9A6 Received: from out30-130.freemail.mail.aliyun.com (out30-130.freemail.mail.aliyun.com [115.124.30.130]) by imf28.hostedemail.com (Postfix) with ESMTP id C49CDC0003 for ; Fri, 21 Feb 2025 06:52:31 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=linux.alibaba.com header.s=default header.b=KR6NbsZo; spf=pass (imf28.hostedemail.com: domain of xueshuai@linux.alibaba.com designates 115.124.30.130 as permitted sender) smtp.mailfrom=xueshuai@linux.alibaba.com; dmarc=pass (policy=none) header.from=linux.alibaba.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740120753; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=oZUpS/ivXDgL9A5kntB0JwVQqbeL7smqaFnK4yBbM34=; b=AE5ibPwNgrU2OXUXWU1gxXTDKkUpD6xzgFu9kGIJGRBeMVLMZ/Jlmj4qRoQrJwQocqwRon Bq1YzAsoIJMTHHDtVhBXQ12h7b5XMX65lHe7ghiVkTCnS/WDQAvfRprP3hPkiS4Ymclq1y A0E6IkDRNk5N0AAO4z1sn0iMVo/cRs4= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=linux.alibaba.com header.s=default header.b=KR6NbsZo; spf=pass (imf28.hostedemail.com: domain of xueshuai@linux.alibaba.com designates 115.124.30.130 as permitted sender) smtp.mailfrom=xueshuai@linux.alibaba.com; dmarc=pass (policy=none) header.from=linux.alibaba.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740120753; a=rsa-sha256; cv=none; b=nbm6pyFYbBbxWgegZZ7knPebSPccX76dDzxApLuJXT46HCaaaSH4zg/rMvpsPTLAN5Rthm uWcDdyizSVtviYKPhwa+NMuCV6l7/UQcz2pI/z+EtA3UH4NdYLyLfjHfyh9SAsi2gE7W9C Dof6mGSYaZIWJ2X0Dwo2LL0pWYRU9+Q= DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.alibaba.com; s=default; t=1740120748; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type; bh=oZUpS/ivXDgL9A5kntB0JwVQqbeL7smqaFnK4yBbM34=; b=KR6NbsZodesxkyvr9RHg9ZhB9BxhZd1OHTZr+DIQfWKqZ6xZSmEpP8DkHG770n7XHzL3Ity16q6ZDS5BXxzqJW596b2/99w66X1qr6VpR6gOpFFZdcumzW9ltzu+S5FDc8T8ieS4pDs0WgB2MpKUrJjWL1mMByp/BwM11ZuLE6g= Received: from 30.246.161.128(mailfrom:xueshuai@linux.alibaba.com fp:SMTPD_---0WPvN845_1740120745 cluster:ay36) by smtp.aliyun-inc.com; Fri, 21 Feb 2025 14:52:26 +0800 Message-ID: <5ff00e53-957b-4a4e-a893-f83c4995c1ed@linux.alibaba.com> Date: Fri, 21 Feb 2025 14:52:24 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v2 3/5] x86/mce: add EX_TYPE_EFAULT_REG as in-kernel recovery context to fix copy-from-user operations regression To: Peter Zijlstra , Borislav Petkov , "Luck, Tony" Cc: nao.horiguchi@gmail.com, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, linmiaohe@huawei.com, akpm@linux-foundation.org, jpoimboe@kernel.org, linux-edac@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, baolin.wang@linux.alibaba.com, tianruidong@linux.alibaba.com References: <20250217063335.22257-1-xueshuai@linux.alibaba.com> <20250217063335.22257-4-xueshuai@linux.alibaba.com> <20250218125408.GD40464@noisy.programming.kicks-ass.net> <1ff716d3-eb3d-477e-ae30-1abe97eee01b@linux.alibaba.com> <20250218141535.GC34567@noisy.programming.kicks-ass.net> <20250218164800.GNZ7S5wL1A4dTaySOP@fat_crate.local> <20250219104037.GG40464@noisy.programming.kicks-ass.net> From: Shuai Xue In-Reply-To: <20250219104037.GG40464@noisy.programming.kicks-ass.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspam-User: X-Stat-Signature: zs1c6ucjigt4694z9w6xhcie5jge8xxb X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: C49CDC0003 X-HE-Tag: 1740120751-842441 X-HE-Meta: U2FsdGVkX19kQF4ghocIDGTTJj/yHC+ezUzCp+8K5FdlBOE51mG5FTWzPpE9/C38KNiiS5JQFZUnjn4X76fcYxVk7vb2Ps0O2iO6BaGqrOpx+vcMDF0NbuQTlztyt9anIETmK/+FN5yv9aGjysu7kU/bEUSW9f9VXVMSAMUtqxQ1zcF2CF0PjF9ZobRWYt+yJWqpmQTo/FnHDJ3pgDiCS8gmPbFIigu+EiM+asrqtFbHtou4U8+aS2Xm74dO33xbS6JzZS2votoXuCYnHKGVWWQj7cb2DAQslaNE0RJ6gPB0P+JJ/lwA/1gdIxgVrQY+C3wbn6ltK3wIgIJvxWVx0pLdBosuw1KAeK0c9nUZQhQHxUh+xr8mw+T5GoAIPNj7BuxSA8CVzIeEmB7xos+6F49Moecf8bAGc3vkKLa3VgoHCKZvln8yWRMYlV4ghHSpeySSGxXGJ8WRIFjUOunq7tbZe9nAO2ArdaqTmxc/oraiGwGLl3CyffksdUSrlKwF6fOkz4djhRMR1jGVqN+IhwnRhZaB9CKvylY6RSuOQuTJjslcbfHlc2iMHqXD8huV6DPmOqfVDgrIf2w6BdymdKwz5akNR3cisk2VnwoA/aYMAI8dCW/ImTURSx1Ga/qLV97vnDiB7nKDinxerPFt8CDuzwAHXt/MmMjncXRnKIitf49GNEoZ8R3vl/SuPKhBZinNFNx8C3m18yvnQpuYp5grGdJsYxDPucWxMikQ1d7N4qkB6/+nfNVHGjAvrHDCDSTFgNZQqVuEKykO23NFqX22vBwigAPc47159N0XfS3x0c+8VGd3m0s7EN+np0fQTjmwGMNMlXIFDnUD3GyRIbeyto1TK4WpfCxW1C3K7CJS1a31F1+wpEyDFXjg0YJ83Nesv3HKVmwQVNRLQV5Dz5xe+ecCfYmVEGTfpnrnZG8Ssxz72oY6Ks3uIhyTmsgPtYEKSr+MZZJKeLlmi75 p02FVrD2 WePJnBEEQBJ1HY71TGoZXB4PQOGAMjZJSW5KL+BTwCeuhWcyeTw8iKa9LQ9nvcAysJB2IWOjEvBlwSy8gpefulCIqNyTQDz331p8igQbN90uiEg5Q0MOjs0t7IC2VTWjrepF/B3DqO4EYX+ffq6p1F482j5g7DGmS8AwDS9ZFt5L7mUdHzChyIoa9LfoArVHCCCN7N9mquhGbAupgM0pTZteHNrhV467hHbK2byGKNlEXPSoX0dRGHTBTjspCwxqSX+IgleflEZG2iadDRZJwOoHifYhthOZ5WiwWp2RFaOrgZ9akisV1CQ9FK4HD0a8GWC7AMTh1mLRe5YZYhf5BAkEa4CSTOHmbLeg/QWhYsyJwyK2duYCPTAhPPUTaNqhS2qLUDmErU+QqtY8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000006, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2025/2/19 18:40, Peter Zijlstra 写道: > On Tue, Feb 18, 2025 at 05:48:00PM +0100, Borislav Petkov wrote: >> On Tue, Feb 18, 2025 at 03:15:35PM +0100, Peter Zijlstra wrote: >>> diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c >>> index dac4d64dfb2a..cfdae25eacd7 100644 >>> --- a/arch/x86/kernel/cpu/mce/severity.c >>> +++ b/arch/x86/kernel/cpu/mce/severity.c >>> @@ -301,18 +301,19 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) >>> instrumentation_end(); >>> >>> switch (fixup_type) { >>> - case EX_TYPE_UACCESS: >>> - if (!copy_user) >>> - return IN_KERNEL; >>> - m->kflags |= MCE_IN_KERNEL_COPYIN; >>> - fallthrough; >>> - >>> case EX_TYPE_FAULT_MCE_SAFE: >>> case EX_TYPE_DEFAULT_MCE_SAFE: >>> m->kflags |= MCE_IN_KERNEL_RECOV; >>> return IN_KERNEL_RECOV; >>> >>> default: >>> + if (copy_user) { >> >> As said on chat, if we can make is_copy_from_user() *always* correctly detect >> user access, then sure but I'm afraid EX_TYPE_UACCESS being generated at the >> handful places where we do user memory access is there for a reason as it >> makes it pretty explicit. > > Thing is, we have copy routines that do not know if its user or not. > is_copy_from_user() must be reliable. > > Anyway, if you all really want to go all funny, try the below. > > Someone has to go and stick some EX_FLAG_USER on things, but I just > really don't believe that's doing to be useful. Because while you're > doing that, you should also audit if is_copy_from_user() will catch it > and if it does, you don't need the tag. > > See how much tags you end up with.. Agreed, I think the key point whether the error context is in a read from user memory. We do not care about the ex-type if we know its a MOV reading from userspace. is_copy_from_user() return true when both of the following two checks are true: - the current instruction is copy - source address is user memory If copy_user is true, we set m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV; Then do_machine_check will try fixup_exception first. /* * Handle an MCE which has happened in kernel space but from * which the kernel can recover: ex_has_fault_handler() has * already verified that the rIP at which the error happened is * a rIP from which the kernel can recover (by jumping to * recovery code specified in _ASM_EXTABLE_FAULT()) and the * corresponding exception handler which would do that is the * proper one. */ if (m->kflags & MCE_IN_KERNEL_RECOV) { if (!fixup_exception(regs, X86_TRAP_MC, 0, 0)) mce_panic("Failed kernel mode recovery", &err, msg); } if (m->kflags & MCE_IN_KERNEL_COPYIN) queue_task_work(&err, msg, kill_me_never); So Peter's code is fine to me. --- diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c index dac4d64dfb2a..cb021058165f 100644 --- a/arch/x86/kernel/cpu/mce/severity.c +++ b/arch/x86/kernel/cpu/mce/severity.c @@ -300,13 +300,12 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs) copy_user = is_copy_from_user(regs); instrumentation_end(); - switch (fixup_type) { - case EX_TYPE_UACCESS: - if (!copy_user) - return IN_KERNEL; - m->kflags |= MCE_IN_KERNEL_COPYIN; - fallthrough; + if (copy_user) { + m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_COPYIN; + return IN_KERNEL_RECOV + } + switch (fixup_type) { case EX_TYPE_FAULT_MCE_SAFE: case EX_TYPE_DEFAULT_MCE_SAFE: m->kflags |= MCE_IN_KERNEL_RECOV; Is that ok? Please correct me if I missed anyting. Thanks. Shuai