From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9A60CCD11DD
	for <linux-mm@archiver.kernel.org>; Wed, 27 Mar 2024 00:48:19 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 083806B007B; Tue, 26 Mar 2024 20:48:19 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 034606B0082; Tue, 26 Mar 2024 20:48:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E3DB76B0083; Tue, 26 Mar 2024 20:48:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id CE8A36B007B
	for <linux-mm@kvack.org>; Tue, 26 Mar 2024 20:48:18 -0400 (EDT)
Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 7275C1C0DB0
	for <linux-mm@kvack.org>; Wed, 27 Mar 2024 00:48:18 +0000 (UTC)
X-FDA: 81940982676.08.97FE389
Received: from szxga05-in.huawei.com (szxga05-in.huawei.com [45.249.212.191])
	by imf29.hostedemail.com (Postfix) with ESMTP id 4CC7912000C
	for <linux-mm@kvack.org>; Wed, 27 Mar 2024 00:48:14 +0000 (UTC)
Authentication-Results: imf29.hostedemail.com;
	dkim=none;
	spf=pass (imf29.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1711500496; a=rsa-sha256;
	cv=none;
	b=xkL2Kjr1yJfLm6dFaGmx51jmTJ8ucwQrr8VFCww2HlRdwbRYBkj7pw+UC2cZhC/ki7jZxn
	L7wB/Via3vQAc67Qr3brrP7O3zgyh4zkMG8tzRj5G2f9IrmbBV1jo6y3gqP0CwkKFcwil7
	+jDifznN7F95Cg/I/jgeLApOhKxD0BA=
ARC-Authentication-Results: i=1;
	imf29.hostedemail.com;
	dkim=none;
	spf=pass (imf29.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.191 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1711500496;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=v2xgFrm49uRZXpFqybeDAy5zxsOtQDmYtJCIZymzJ8c=;
	b=TmHX2QFs9f2M0+aIVI/rnjiDVAivG7hnVw0JYK6CZ9ote11ZEC96lCM4qHlpe+Tyd4UBYR
	yIDM5iYZB384Molvaw7USmX8zbhL4VEpE0FcuEARiueqlZMvXjEhbTcsIGtPSVvZ5e/q62
	GnHYlXHKxpwLab8HC+uLd43LX5K1AOM=
Received: from mail.maildlp.com (unknown [172.19.163.17])
	by szxga05-in.huawei.com (SkyGuard) with ESMTP id 4V47LN0cv7z1GDJm;
	Wed, 27 Mar 2024 08:47:40 +0800 (CST)
Received: from kwepemm600017.china.huawei.com (unknown [7.193.23.234])
	by mail.maildlp.com (Postfix) with ESMTPS id 795961A0172;
	Wed, 27 Mar 2024 08:48:10 +0800 (CST)
Received: from [10.174.179.234] (10.174.179.234) by
 kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.35; Wed, 27 Mar 2024 08:48:09 +0800
Message-ID: <cf82a480-568e-7ce0-5394-bd6c511c067e@huawei.com>
Date: Wed, 27 Mar 2024 08:48:08 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.0
Subject: Re: [PATCH -next v5 2/3] x86/mce: set MCE_IN_KERNEL_COPYIN for
 DEFAULT_MCE_SAFE exception
From: Tong Tiangen <tongtiangen@huawei.com>
To: Borislav Petkov <bp@alien8.de>
CC: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
	<wangkefeng.wang@huawei.com>, Dave Hansen <dave.hansen@linux.intel.com>,
	<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Tony Luck
	<tony.luck@intel.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra
	<peterz@infradead.org>, Andrew Morton <akpm@linux-foundation.org>, Naoya
 Horiguchi <naoya.horiguchi@nec.com>, <linux-kernel@vger.kernel.org>,
	<linux-edac@vger.kernel.org>, <linux-mm@kvack.org>, Guohanjun
	<guohanjun@huawei.com>
References: <20240204082627.3892816-1-tongtiangen@huawei.com>
 <20240204082627.3892816-3-tongtiangen@huawei.com>
 <20240207122942.GRZcN3tqWkV-WE-pak@fat_crate.local>
 <100198dd-320f-68e6-9c09-210620940a74@huawei.com>
In-Reply-To: <100198dd-320f-68e6-9c09-210620940a74@huawei.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.174.179.234]
X-ClientProxiedBy: dggems702-chm.china.huawei.com (10.3.19.179) To
 kwepemm600017.china.huawei.com (7.193.23.234)
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: 4CC7912000C
X-Stat-Signature: pyk9bf8enp65duba9k8zp8ye7kkq4td1
X-HE-Tag: 1711500494-890360
X-HE-Meta: U2FsdGVkX1+dqwyOHON1r4fDCLfTZNp7x+ZRTDiB9zIuY9iWgjIF70sG9TuL64uoHxzw5fe2RpbeByEMx4nZDegLY4t1H5SZJvVsZoBSA+lqph2Nmxf1pvnWOPql2naCmVdu/so66xiZXh7PhICV4vy6HfUj+Q6UX9t2eHxLUYNsPB5sQV48pl1c+0j9Jq8E+7ODVu9OZve1ugtK7Mm1G4+L2rcV4O1fb4IlQeSmOOkLirIxO/DUw1Q5YLu7V49l+QjAh56mM0EnIC2e4hD18A629E8VxJD+0qTCFWuFSD4KXnMMu3gh+eO0TiVNY76ds0lPaJG6qay06+f/Mh/Py+Zvt39jaKsKrACqvHhXgA4d3bNM5UyZV2fiyyy7qoTq31f9dNqa3zK4mygNRaa3fZtZGhYnEPTsTe3UrtsD5nztmvAqjdWFW4tijJ1VMU63WaeYgAgR4y1W3yDb5W0oFDBWBSB3mZVKnpir5Z5OwWuk+KDZp5h6VkNvfGA5E697gLho8AgAVRSeEmDxCC0XJIF0sET4B5fdEUOc/ZHJHrtWVCwnoWxF4YUd9XiDjizGRPscNhtMfymoiOlIzL1mZdCz1pGZm+QZLC6VGksCtZ/F9ZCwgtTcBKGei1iFzvlVcUyxztjV7hTV7QyO9M3jpHr4pScScQl+lYh9hr8d4uxGUkIs1W2xy25gQnbwZPgWrXLISWFzMdjtP3mJ90VivYAwcWmIllasTgBvMRwjTN/ebe/ZOXH289R0OzEQxU5o1TVhCSE4qHw1UfT9OB2v6sah12A8AAJpIfdsBg4MGbZBBNmy994ae7SSZg619r4dtKeP8FBxOPrH0bUhQucuBgxlqVoJo1vkm+tqebXTVggwJJ52HNslJTFK8hQ5vLbuls/E+xw3V3qrqMAjosS3qX35bjgDDPQ67ybp0zSaBCfbR7oNZtqHPPjuhWf8PoPAHTfpz2FNBs//2CC+0DK
 MkwkCjB1
 zPXLb6+c9vfh8XTwrvJwwPXT3oKpysvohpWlQvsYZ2PKeR1S8FhREL/Qg0QFwbVOjOkZyjaS0K7QwSTbCrXsBjaKYuzGb8QIEEk46RfvU7RUbyJx9yTUAUPY2tMBZFRQEz5U5WfHO17ZtGyt9gvo3kylGwan+NZwC4bAQT0BuEkUNKyErsRBAalw0l14iEK2QpMO0VNzp5zPNFho=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Petkov：

	Kindly ping...

Thanks,
Tong.

在 2024/2/18 18:08, Tong Tiangen 写道:
> 
> 
> 在 2024/2/7 20:29, Borislav Petkov 写道:
>> On Sun, Feb 04, 2024 at 04:26:26PM +0800, Tong Tiangen wrote:
>>> diff --git a/arch/x86/kernel/cpu/mce/severity.c 
>>> b/arch/x86/kernel/cpu/mce/severity.c
>>> index bca780fa5e57..b2cce1b6c96d 100644
>>> --- a/arch/x86/kernel/cpu/mce/severity.c
>>> +++ b/arch/x86/kernel/cpu/mce/severity.c
>>> @@ -292,11 +292,11 @@ static noinstr int error_context(struct mce *m, 
>>> struct pt_regs *regs)
>>>       case EX_TYPE_UACCESS:
>>>           if (!copy_user)
>>>               return IN_KERNEL;
>>> +        fallthrough;
>>> +    case EX_TYPE_DEFAULT_MCE_SAFE:
>>>           m->kflags |= MCE_IN_KERNEL_COPYIN;
>>>           fallthrough;
>>
>> I knew something was still bugging me here and this is still wrong.
>>
>> Let's imagine this flow:
>>
>> copy_mc_to_user() - note *src is kernel memory
>> |-> copy_mc_enhanced_fast_string or copy_mc_fragile - it's the same thing
>>    |-> -#MC, exception type EX_TYPE_DEFAULT_MCE_SAFE
>>      |-> error_context():
>>         case EX_TYPE_DEFAULT_MCE_SAFE:
>>                  m->kflags |= MCE_IN_KERNEL_COPYIN;
>>
>> MCE_IN_KERNEL_COPYIN does kill_me_never():
>>
>>     pr_err("Kernel accessed poison in user space at %llx\n", 
>> p->mce_addr);
>>
>> but that's reading from kernel memory!
> 
> Hi:
> 
> 1. The copy_mc_to_kernel() is used in the coredump, KSM, and COW
> scenarios, in these scenarios, the src mem stores the user data and the
> kernel use kernel address to access the src mem(using kmap()).
> 
> 2. the src mem of copy_mc_to_user() is currently only used by the DAX:
> 
>    dax_iomap_iter()
>      -> dax_copy_to_iter()
>        -> _copy_mc_to_iter
>          -> copy_to_user_iter_mc()
>            -> copy_mc_to_user()
> 
> DAX is also used to store user data，such as pmem，pmem uses the kernel
> address to access src mem(memremap_pages()):
> 
>    pmem_attach_disk()
>      -> devm_memremap_pages()
>        -> memremap_pages()
> 
> 3. EX_TYPE_DEFAULT_MCE_SAFE is only used in
> copy_mc_to_user()/copy_mc_to_kernel()。
> 
> 4. Therefore, for EX_TYPE_DEFAULT_MCE_SAFE, the memory page where the
> hardware error occurs stores user data, these page can be securely
> isolated. This is different from UACCESS, which can be securely isolated
> only COPYIN(the src mem is user data) is checked.
> 
> Based on the above understanding, I think the original logic should be
> fine, except for the pr_err() in kill_me_never().
> 
> Thanks.
> Tong.
> 
>>
>> IOW, I *think* that switch statement should be this:
>>
>>     switch (fixup_type) {
>>     case EX_TYPE_UACCESS:
>>     case EX_TYPE_DEFAULT_MCE_SAFE:
>>         if (!copy_user)
>>             return IN_KERNEL;
>>
>>         m->kflags |= MCE_IN_KERNEL_COPYIN;
>>         fallthrough;
>>
>>     case EX_TYPE_FAULT_MCE_SAFE:
>>         m->kflags |= MCE_IN_KERNEL_RECOV;
>>         return IN_KERNEL_RECOV;
>>
>>     default:
>>         return IN_KERNEL;
>>     }
>>
>> Provided I'm not missing a case and provided is_copy_from_user() really
>> detects all cases properly.
>>
>> And then patch 3 is wrong because we only can handle "copy in" - not
>> just any copy.
>>
>> Thx.
>>