From: "Luck, Tony" <tony.luck@intel.com>
To: Borislav Petkov <bp@alien8.de>, Shuai Xue <xueshuai@linux.alibaba.com>
Cc: "nao.horiguchi@gmail.com" <nao.horiguchi@gmail.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"mingo@redhat.com" <mingo@redhat.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"hpa@zytor.com" <hpa@zytor.com>,
"linmiaohe@huawei.com" <linmiaohe@huawei.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"jpoimboe@kernel.org" <jpoimboe@kernel.org>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"baolin.wang@linux.alibaba.com" <baolin.wang@linux.alibaba.com>,
"tianruidong@linux.alibaba.com" <tianruidong@linux.alibaba.com>
Subject: RE: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling
Date: Tue, 18 Feb 2025 17:30:19 +0000 [thread overview]
Message-ID: <SJ1PR11MB60836781C4CE26C4B43AFF0BFCFA2@SJ1PR11MB6083.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20250218122417.GHZ7R78fPm32jKYUlx@fat_crate.local>
> > For instr case: user process is killed by a SIGBUS signal
> >
> > Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not
> > recovered"") introduced a bug that kill_accessing_process() return -EHWPOISON
> > for instr case, as result, kill_me_maybe() send a SIGBUS to user process.
>
> This makes my head hurt... a race between the CMCI reporting an uncorrected
> error... why does the CMCI report uncorrected errors? This sounds like some
> nasty confusion.
My head hurts too. The problem is the evolution and subsequent overloading of
limited signal options in Intel error reporting.
Prior to Icelake memory controllers reported patrol scrub events that detected
a previously unseen uncorrected error in memory by signaling a broadcast
machine check with an SRAO (Software Recoverable Action Optional) signature
in the machine check bank.
This was overkill. It's not an urgent problem. No core is on the verge of consuming
that bad data.
But the fix causes the confusion. The machine check bank signature was changed
to UCNA (Uncorrected, No Action required), and signal changed to #CMCI (since
that was the only option available in the toolbox :-(
That's how we ended up with *UN*corrected errors tied to *C*MCI.
Just to add to the confusion, Linux does take an action (in uc_decode_notifier())
to try to offline the page despite the UC*NA* signature name.
> And you've basically reused the format and wording of 046545a661af for your
> commit message and makes staring at those a PITA.
>
> Tony, what's going on with that CMCI and SRAR race?
Now the race ... having decided that CMCI/UCNA is the best action for patrol
scrub errors, the memory controller uses it for reads too. But the memory controller
is executing asynchronously from the core, and can't tell the difference between a
"real" read and a speculative read. So it will do CMCI/UCNA if an error is found in
any read.
Thus:
1) Core is clever and thinks address A is needed soon, issues a speculative read.
2) Core finds it is going to use address A soon after sending the read request
3) The CMCI from the memory controller is in a race with the core that will soon try to retire the load from address A.
Quite often (because speculation has got better) the CMCI from the memory controller
is delivered before the core is committed to the instruction reading address A, so the
interrupt is taken, and Linux offlines the page (marking it as poison).
When the interrupt returns, the core gets to the load instruction, and gets a #PF because
the offline process marked the page not-present and flushed the TLB.
Finally the #PF handler tries to fix the page fault, sees that page is marked as poison
so sends SIGBUS to the process.
Note, AMD might have a similar race with the MCE_DEFERRED_SEVERITY signal?
(but with less confusing naming).
-Tony
next prev parent reply other threads:[~2025-02-18 17:30 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-17 6:33 Shuai Xue
2025-02-17 6:33 ` [PATCH v2 1/5] x86/mce: Collect error message for severities below MCE_PANIC_SEVERITY Shuai Xue
2025-02-18 7:58 ` Borislav Petkov
2025-02-18 9:39 ` Shuai Xue
2025-02-18 9:50 ` Borislav Petkov
2025-02-17 6:33 ` [PATCH v2 2/5] x86/mce: dump error msg from severities Shuai Xue
2025-02-28 12:37 ` Borislav Petkov
2025-03-01 6:16 ` Shuai Xue
2025-03-01 11:10 ` Borislav Petkov
2025-03-01 14:03 ` Shuai Xue
2025-03-01 18:47 ` Borislav Petkov
2025-03-02 7:14 ` Shuai Xue
2025-03-02 7:37 ` Borislav Petkov
2025-03-02 9:13 ` Shuai Xue
2025-03-03 16:49 ` Luck, Tony
2025-03-03 18:08 ` Yazen Ghannam
2025-03-05 1:50 ` Shuai Xue
2025-03-05 16:16 ` Luck, Tony
2025-03-05 22:33 ` Luck, Tony
2025-03-06 15:58 ` Yazen Ghannam
2025-02-17 6:33 ` [PATCH v2 3/5] x86/mce: add EX_TYPE_EFAULT_REG as in-kernel recovery context to fix copy-from-user operations regression Shuai Xue
2025-02-18 12:54 ` Peter Zijlstra
2025-02-18 13:02 ` Peter Zijlstra
2025-02-18 14:03 ` Shuai Xue
2025-02-18 13:28 ` Shuai Xue
2025-02-18 14:15 ` Peter Zijlstra
2025-02-18 16:48 ` Borislav Petkov
2025-02-19 10:40 ` Peter Zijlstra
2025-02-21 6:52 ` Shuai Xue
2025-02-17 6:33 ` [PATCH v2 4/5] mm/hwpoison: Fix incorrect "not recovered" report for recovered clean pages Shuai Xue
2025-02-19 6:34 ` Miaohe Lin
2025-02-19 8:54 ` Shuai Xue
2025-02-19 17:15 ` Luck, Tony
2025-02-20 1:16 ` Miaohe Lin
2025-02-17 6:33 ` [PATCH v2 5/5] mm: memory-failure: move return value documentation to function declaration Shuai Xue
2025-02-19 6:31 ` Miaohe Lin
2025-02-18 3:29 ` [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling Andrew Morton
2025-02-18 8:03 ` Borislav Petkov
2025-02-18 8:27 ` Borislav Petkov
2025-02-18 11:31 ` Shuai Xue
2025-02-18 12:24 ` Borislav Petkov
2025-02-18 13:08 ` Shuai Xue
2025-02-18 13:17 ` Borislav Petkov
2025-02-18 13:53 ` Shuai Xue
2025-02-18 15:31 ` Borislav Petkov
2025-02-19 7:13 ` Shuai Xue
2025-02-18 17:59 ` Luck, Tony
2025-02-19 6:04 ` Shuai Xue
2025-02-18 17:30 ` Luck, Tony [this message]
2025-02-19 8:10 ` Borislav Petkov
2025-02-19 17:11 ` Luck, Tony
2025-02-20 11:19 ` Borislav Petkov
2025-02-20 17:50 ` Luck, Tony
2025-02-21 6:05 ` Shuai Xue
2025-02-24 22:01 ` Borislav Petkov
2025-02-25 1:51 ` Shuai Xue
2025-02-28 12:35 ` Borislav Petkov
2025-03-01 5:54 ` Shuai Xue
2025-02-24 21:50 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SJ1PR11MB60836781C4CE26C4B43AFF0BFCFA2@SJ1PR11MB6083.namprd11.prod.outlook.com \
--to=tony.luck@intel.com \
--cc=akpm@linux-foundation.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linmiaohe@huawei.com \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=nao.horiguchi@gmail.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tianruidong@linux.alibaba.com \
--cc=x86@kernel.org \
--cc=xueshuai@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox