From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 363B0C4345F
	for <linux-mm@archiver.kernel.org>; Wed,  1 May 2024 18:52:50 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 776FF6B0088; Wed,  1 May 2024 14:52:49 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7262C6B0089; Wed,  1 May 2024 14:52:49 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5C6F96B008A; Wed,  1 May 2024 14:52:49 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 3EFB76B0088
	for <linux-mm@kvack.org>; Wed,  1 May 2024 14:52:49 -0400 (EDT)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id BF0B51A0CF0
	for <linux-mm@kvack.org>; Wed,  1 May 2024 18:52:48 +0000 (UTC)
X-FDA: 82070723616.14.A97842B
Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45])
	by imf19.hostedemail.com (Postfix) with ESMTP id C89191A000B
	for <linux-mm@kvack.org>; Wed,  1 May 2024 18:52:46 +0000 (UTC)
Authentication-Results: imf19.hostedemail.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=intel.com (policy=none);
	spf=pass (imf19.hostedemail.com: domain of balrogg@gmail.com designates 209.85.167.45 as permitted sender) smtp.mailfrom=balrogg@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1714589567;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Ek57wG0+U+e3z9e6S4gM9prC7Z6Q2eW6sLnLC+rZ7BM=;
	b=Y9IhaHyDOhC1ZBNpAiwl5cia7E1FHApqodSWAt610WixcE3oxgqOQGxZDI/0Q5E2cDlzGF
	ipyYMvNU9UmzcUoEk6p41dw3iPKmfXqhh2P3GAI4TQkxQmKMVvxKbd4vmyq24dFPbmFRA8
	qjPt8JYrUXeLAoFwbs1dtt0tRwe4dZU=
ARC-Authentication-Results: i=1;
	imf19.hostedemail.com;
	dkim=none;
	dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=intel.com (policy=none);
	spf=pass (imf19.hostedemail.com: domain of balrogg@gmail.com designates 209.85.167.45 as permitted sender) smtp.mailfrom=balrogg@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1714589567; a=rsa-sha256;
	cv=none;
	b=wjCklRkQ2H2sbVlDxTSOavy2xLE9St1fhwOiEuMlxSJsCp9Y9ZkqDWFjuCAx1kTBzwJZ7+
	7bWLLE/DMpxGM3I21rPcmGu3Bo38KZNf8P9Nmd79Qat9AgAWC1Csi/7HKW9hNxFXIgdhSX
	SbuV0NUv9bLNV7YvwXrOQjn8CJIVAh8=
Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-516d68d7a8bso1021034e87.1
        for <linux-mm@kvack.org>; Wed, 01 May 2024 11:52:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1714589565; x=1715194365;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Ek57wG0+U+e3z9e6S4gM9prC7Z6Q2eW6sLnLC+rZ7BM=;
        b=aLtXqNnP5Q0LKk9AN2bOjkSvz1atEONTGcEuhFbG0JH08+MD/vQPqXjB+Vivnv+HxA
         ujgz7x+u3/IXoqBFxGcv31IXVO29G/gPiJzCWSc4azms3TTBJIR4iAQSyhULBxTo9bZF
         /S/ZHSrRspCvh5Pc1ShPwhQ1Vqqc15hpTZ5k6glteWBQA6qe01WKNyrFtwENSWhehVhi
         uED51llxSqk4zviv36bdT6Tv4DYDWWronAeuu3eCV9m1OtFURAnSaQnL8hxG9W8wjDxG
         VTdJb0PEq+U6fTjd5hUrmrip4t9y8EA27lVGRRKMq5ovJSynP4IX/q73m9/MgUf9bsf5
         HB7w==
X-Forwarded-Encrypted: i=1; AJvYcCV2ElI1JbLhTpaAdrgrXHjB09NqJDFlGMDIVykQsuwVykbghwo4/JHcpfPCXsJVoBZCfGBTa84EM/t1fx4WkVgNMrk=
X-Gm-Message-State: AOJu0YzRMUktigsIX6E9okpKNUD3q9iK0DHH3yermF6VJ4ws2o0wxLWu
	thJjI2Z02uZcr4rkclZ8DL3N7B5gv2MKVRcPHUw32iSNBbXZjtIjoxfjYpa3QaM=
X-Google-Smtp-Source: AGHT+IGmETyogLe0gDFkgMq2oIk199CqvcHyARjW8oBdjGmqud+rone2MOB40oVi0jQsyxd0+aHraw==
X-Received: by 2002:ac2:4e87:0:b0:51d:3ee8:a8e3 with SMTP id o7-20020ac24e87000000b0051d3ee8a8e3mr112339lfr.20.1714589564515;
        Wed, 01 May 2024 11:52:44 -0700 (PDT)
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com. [209.85.208.171])
        by smtp.gmail.com with ESMTPSA id fb10-20020a056512124a00b0051da6a65805sm1262068lfb.279.2024.05.01.11.52.44
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 01 May 2024 11:52:44 -0700 (PDT)
Received: by mail-lj1-f171.google.com with SMTP id 38308e7fff4ca-2e1c09eff95so861191fa.1
        for <linux-mm@kvack.org>; Wed, 01 May 2024 11:52:44 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCW+n84AerID+O0j4ZD6WZTBY2EnVqjlFYwRjcZfO+4kPz3L835og9K039cOqotP51OXucUf+4Z93bgwtPdyD7EE8MM=
X-Received: by 2002:a05:651c:2229:b0:2dd:44b:d63d with SMTP id
 y41-20020a05651c222900b002dd044bd63dmr141281ljq.12.1714589564025; Wed, 01 May
 2024 11:52:44 -0700 (PDT)
MIME-Version: 1.0
References: <20240501015340.3014724-1-andrew.zaborowski@intel.com>
 <202405010915.465AF19@keescook> <SA1PR11MB69929DBECFE6D8503D214359E7192@SA1PR11MB6992.namprd11.prod.outlook.com>
In-Reply-To: <SA1PR11MB69929DBECFE6D8503D214359E7192@SA1PR11MB6992.namprd11.prod.outlook.com>
From: Andrew Zaborowski <andrew.zaborowski@intel.com>
Date: Wed, 1 May 2024 20:52:32 +0200
X-Gmail-Original-Message-ID: <CAOq732JjKpeqQze6VpMDTJSvhzjvZCM+HPfdqEp68PSzeW8L3Q@mail.gmail.com>
Message-ID: <CAOq732JjKpeqQze6VpMDTJSvhzjvZCM+HPfdqEp68PSzeW8L3Q@mail.gmail.com>
Subject: Re: [PATCH][RFC] exec: x86: Ensure SIGBUS delivered on MCE
To: "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>, "linux-mm@kvack.org" <linux-mm@kvack.org>, 
	Kees Cook <keescook@chromium.org>
Cc: Tony Luck <tony.luck@intel.com>, Eric Biederman <ebiederm@xmission.com>, 
	Borislav Petkov <bp@alien8.de>
Content-Type: text/plain; charset="UTF-8"
X-Stat-Signature: 1yza4nrc7iimnyf6dbdtcpyg3j94fxko
X-Rspamd-Queue-Id: C89191A000B
X-Rspam-User: 
X-Rspamd-Server: rspam12
X-HE-Tag: 1714589566-442171
X-HE-Meta: U2FsdGVkX1+bxTrZNWvvwmS6SS6GfpeegQc60T9lxIXhPxc4ZNxLQAOJsDgUvfX0PcFNDExFFUqB1LQVSeLLWCTLhpMqjXx/qil15bYEef1O7ESsM7b4bdXI6cBii3kfg3b0P5VfQ4MSflCJyfuaNX74Exg+eQwWCLWpqyXuJ9KiNVAzINpxnEwcy4nFsIwaCvEXg9mBCumv2mMpdxAWPGb/2Shg8JLEvd04WSc6yNf6HaR/yrTmScXgIy+68uvdyLFHM+/7duvLiKfHvEXn97nr2z/uTAQ93c13SjwaZ0X0rA/S9OtOVpBvbEEMXzgX9myueRegww7ziMwMUXiWA6YkI0+qOoh2jUtd6H74xO2pXra19LTB7iGChU9/NKsHiqO41F7e4G/qoj363pS5Ukg/qJRYG/HikdrP0s/m1BkFxmFeo5cRno5VwGZMa1jVAXGeUq8o/iElDYHZ1qzYaJN4VOLfjTeVJkYDmn6cytcfN3XJyODH9TfmswVrXWG/c+hZ2OXDPTZjqg+VasRfPjRfpx9jHvdbB+rOsup6lOk8cpJTuqLDc26B+f/fCI1uZUDl9LrX9nsZqLuHasHUOmRCyIrEaDbpGOrmFJGosgDQbj9tjlcJDydBF6Zt/1U8BY0mNxcDVueJV+nqFUYBptj9iGfLID0bs9FqjPYD3JXjykeRpY4MabAObY19WKjUKhCbg1Fke7JRnFvAVXxpdIXf9HYKl2Amh09+nv69ir90DVV+pHT20Yc8ofOtSTbsIBHqrd53AWtamiuRNpbTQ2kmTARANcm5Cy2d+jvW4fDirBvZNzxWICudCzuKHj3ePfv2TlBWgsA+Yd6Oa09684L3BX/SXi72wu0824kkuz8xVbdluHiqV9Pw4+N0D9SEbsbm2K3jHnpQWkdiU/Fqu4vViPcyREzjsmiJEq/Fl3IfQUrc89Iwi016dEuXVcYwzJ+yMj2vXJsCvCKiQTC
 47XdOaVF
 o/Oij9jv04dlCECiwpFjHNi807HP4aksE3kLJ/kqNxF4d9cEVWr2OyZ6pvnNfjBwO5XUR1r8k79StqlPCbmXma+dp1auShl0O+x+sIVPvY3aSkBoMtdMEIwKUeNYLBBlpZsvgmveiMx62mnA6uuG5PlDAgVgSTJJNxHgB9pJ1E/5g9qbUGzd9LqTTCUy56fYOiaAvMgJcpPnTe1DtSzrIhBmy12nBTsip9izFBwvEVfXZBmHRlvM4NnPhdw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, 1 May 2024 at 18:19, Kees Cook <keescook@chromium.org> wrote:
> Why is it needed to have a distinction between SIGBUS and SIGSEGV in
> this case?

So this is mostly to comply with
Documentation/mm/hwpoison.rst#failure-recovery-modes.  No doc probably
mentions the execve case but users might expect consistency with the
cases where user memory is accessed from userspace.

In our case it was the parent process that was confused by the SIGSEGV
but it was a validation scenario, not a real use case.

>
> > To ensure it is terminated with a SIGBUS we 1. let pending work run in
> > the bprm_execve error case.
> >
> > And 2. ensure memory_failure() is passed MF_ACTION_REQUIRED so that the
> > SIGBUS is queued.  Normally when the MCE is in a syscall, a fixup of
> > return IP and a call to kill_me_never are enough.  But in this case
> > it's necessary to queue kill_me_maybe() which will set
> > MF_ACTION_REQUIRED.
> >
> > Reuse current->in_execve to make the decision.
>
> We're actually in the process of trying to remove[1] this flag, so I'd
> like to avoid adding new users of it.

Oh, didn't see that.

> It sounds like it's desirable here
> because a choice is needed about kill_me_never() vs kill_me_maybe()?

Ideally it should be based on bprm->point_of_no_return and
current->in_execve matches that closely enough.

Instead bprm_execve could directly send the SIGBUS based on the return
value from the binary loader (which would have to be changed) or a
flag set by the MCE handler but I couldn't see a good way to do that.

Best regards

[I can't set the In-reply-to header correctly for this message, sorry]