From: Lance Yang <lance.yang@linux.dev>
To: David Hildenbrand <david@redhat.com>
Cc: Longlong Xia <xialonglong2025@163.com>,
nao.horiguchi@gmail.com, akpm@linux-foundation.org,
wangkefeng.wang@huawei.com, xu.xin16@zte.com.cn,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Longlong Xia <xialonglong@kylinos.cn>,
lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com,
vbabka@suse.cz, rppt@kernel.org, surenb@google.com,
mhocko@suse.com, Miaohe Lin <linmiaohe@huawei.com>,
qiuxu.zhuo@intel.com
Subject: Re: [PATCH RFC 1/1] mm/ksm: Add recovery mechanism for memory failures
Date: Mon, 13 Oct 2025 19:00:35 +0800 [thread overview]
Message-ID: <c129e522-853e-45c7-a064-34c25e63e610@linux.dev> (raw)
In-Reply-To: <3e6500dc-723f-4682-9e37-b28bc78a2bdb@redhat.com>
On 2025/10/13 17:25, David Hildenbrand wrote:
> On 13.10.25 11:15, Lance Yang wrote:
>> @David
>>
>> Cc: MM CORE folks
>>
>> On 2025/10/13 12:42, Lance Yang wrote:
>> [...]
>>
>> Cool. Hardware error injection with EINJ was the way to go!
>>
>> I just ran some tests on the shared zero page (both regular and huge),
>> and
>> found a tricky behavior:
>>
>> 1) When a hardware error is injected into the zeropage, the process that
>> attempts to read from a mapping backed by it is correctly killed with a
>> SIGBUS.
>>
>> 2) However, even after the error is detected, the kernel continues to
>> install
>> the known-poisoned zeropage for new anonymous mappings ...
>>
>>
>> For the shared zeropage:
>> ```
>> [Mon Oct 13 16:29:02 2025] mce: Uncorrected hardware memory error in
>> user-access at 29b8cf5000
>> [Mon Oct 13 16:29:02 2025] Memory failure: 0x29b8cf5: Sending SIGBUS to
>> read_zeropage:13767 due to hardware memory corruption
>> [Mon Oct 13 16:29:02 2025] Memory failure: 0x29b8cf5: recovery action
>> for already poisoned page: Failed
>> ```
>> And for the shared huge zeropage:
>> ```
>> [Mon Oct 13 16:35:34 2025] mce: Uncorrected hardware memory error in
>> user-access at 1e1e00000
>> [Mon Oct 13 16:35:34 2025] Memory failure: 0x1e1e00: Sending SIGBUS to
>> read_huge_zerop:13891 due to hardware memory corruption
>> [Mon Oct 13 16:35:34 2025] Memory failure: 0x1e1e00: recovery action for
>> already poisoned page: Failed
>> ```
>>
>> Since we've identified an uncorrectable hardware error on such a
>> critical,
>> singleton page, should we be doing something more?
>
> I mean, regarding the shared zeropage, we could try walking all page
> tables of all processes and replace it be a fresh shared zeropage.
>
> But then, the page might also be used for other things (I/O etc), the
> shared zeropage is allocated by the architecture, we'd have to make
> is_zero_pfn() succeed on the old+new page etc ...
>
> So a lot of work for little benefit I guess? The question is how often
> we would see that in practice. I'd assume we'd see it happen on random
> kernel memory more frequently where we can really just bring down the
> whole machine.
Thanks for your thoughts!
I agree, fixing the regular zeropage is a really mess ...
But for the huge zeropage, what if we just stop installing it once it's
poisoned? We could just disable it globally. Something like this:
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index f698df156bf8..8543f4385ffe 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -2193,6 +2193,10 @@ int memory_failure(unsigned long pfn, int flags)
if (!(flags & MF_SW_SIMULATED))
hw_memory_failure = true;
+ if (is_huge_zero_pfn(pfn))
+ clear_bit(TRANSPARENT_HUGEPAGE_USE_ZERO_PAGE_FLAG,
+ &transparent_hugepage_flags);
+
p = pfn_to_online_page(pfn);
if (!p) {
res = arch_memory_failure(pfn, flags);
Seems easy enough ...
next prev parent reply other threads:[~2025-10-13 11:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-09 7:00 [PATCH RFC 0/1] " Longlong Xia
2025-10-09 7:00 ` [PATCH RFC 1/1] " Longlong Xia
2025-10-09 12:13 ` Lance Yang
2025-10-11 7:52 ` Lance Yang
2025-10-11 9:23 ` Miaohe Lin
2025-10-11 9:38 ` Lance Yang
2025-10-11 12:57 ` Lance Yang
2025-10-13 3:39 ` Miaohe Lin
2025-10-13 4:42 ` Lance Yang
2025-10-13 9:15 ` Lance Yang
2025-10-13 9:25 ` David Hildenbrand
2025-10-13 9:46 ` Balbir Singh
2025-10-13 11:00 ` Lance Yang [this message]
2025-10-13 11:13 ` David Hildenbrand
2025-10-13 11:18 ` Lance Yang
2025-10-11 3:25 ` Miaohe Lin
2025-10-13 20:10 ` [PATCH RFC] " Markus Elfring
2025-10-09 18:57 ` [PATCH RFC 0/1] " David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c129e522-853e-45c7-a064-34c25e63e610@linux.dev \
--to=lance.yang@linux.dev \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=linmiaohe@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@suse.com \
--cc=nao.horiguchi@gmail.com \
--cc=qiuxu.zhuo@intel.com \
--cc=rppt@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=wangkefeng.wang@huawei.com \
--cc=xialonglong2025@163.com \
--cc=xialonglong@kylinos.cn \
--cc=xu.xin16@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox