From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 006A0C433F5 for ; Sat, 9 Apr 2022 09:24:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 21DD26B0071; Sat, 9 Apr 2022 05:24:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 1CCFB6B0073; Sat, 9 Apr 2022 05:24:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 094F86B0074; Sat, 9 Apr 2022 05:24:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.a.hostedemail.com [64.99.140.24]) by kanga.kvack.org (Postfix) with ESMTP id EBEEF6B0071 for ; Sat, 9 Apr 2022 05:24:37 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id ACD9547A for ; Sat, 9 Apr 2022 09:24:37 +0000 (UTC) X-FDA: 79336805394.01.35C9CD0 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf25.hostedemail.com (Postfix) with ESMTP id 87815A0004 for ; Sat, 9 Apr 2022 09:24:36 +0000 (UTC) Received: from kwepemi100006.china.huawei.com (unknown [172.30.72.55]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Kb8lz6ZmhzgY8S; Sat, 9 Apr 2022 17:22:39 +0800 (CST) Received: from kwepemm600017.china.huawei.com (7.193.23.234) by kwepemi100006.china.huawei.com (7.221.188.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Sat, 9 Apr 2022 17:24:26 +0800 Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.21; Sat, 9 Apr 2022 17:24:25 +0800 Message-ID: Date: Sat, 9 Apr 2022 17:24:24 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [RFC PATCH -next V2 7/7] arm64: add pagecache reading to machine check safe To: Robin Murphy , Mark Rutland , CC: Andrew Morton , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Catalin Marinas , Will Deacon , Alexander Viro , , "H. Peter Anvin" , , , , Kefeng Wang , References: <20220406091311.3354723-1-tongtiangen@huawei.com> <20220406091311.3354723-8-tongtiangen@huawei.com> From: Tong Tiangen In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To kwepemm600017.china.huawei.com (7.193.23.234) X-CFilter-Loop: Reflected X-Rspam-User: Authentication-Results: imf25.hostedemail.com; dkim=none; spf=pass (imf25.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 87815A0004 X-Stat-Signature: cahopztwzi5cfo13cwoe81cq1t45myhz X-HE-Tag: 1649496276-448031 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: 在 2022/4/8 19:11, Robin Murphy 写道: > On 2022-04-08 03:43, Tong Tiangen wrote: >> >> >> 在 2022/4/7 23:53, Robin Murphy 写道: >>> On 2022-04-07 15:56, Tong Tiangen wrote: >>>> >>>> >>>> 在 2022/4/6 19:27, Mark Rutland 写道: >>>>> On Wed, Apr 06, 2022 at 09:13:11AM +0000, Tong Tiangen wrote: >>>>>> When user process reading file, the data is cached in pagecache and >>>>>> the data belongs to the user process, When machine check error is >>>>>> encountered during pagecache reading, killing the user process and >>>>>> isolate the user page with hardware memory errors is a more >>>>>> reasonable >>>>>> choice than kernel panic. >>>>>> >>>>>> The __arch_copy_mc_to_user() in copy_to_user_mc.S is largely borrows >>>>>> from __arch_copy_to_user() in copy_to_user.S and the main difference >>>>>> is __arch_copy_mc_to_user() add the extable entry to support machine >>>>>> check safe. >>>>> >>>>> As with prior patches, *why* is the distinction necessary? >>>>> >>>>> This patch adds a bunch of conditional logic, but *structurally* it >>>>> doesn't >>>>> alter the handling to be substantially different for the MC and >>>>> non-MC cases. >>>>> >>>>> This seems like pointless duplication that just makes it harder to >>>>> maintain >>>>> this code. >>>>> >>>>> Thanks, >>>>> Mark. >>>> >>>> Agreed, The implementation here looks a little ugly and harder to >>>> maintain. >>>> >>>> The purpose of my doing this is not all copy_to_user can be recovered. >>>> >>>> A memory error is consumed when reading pagecache using copy_to_user. >>>> I think in this scenario, only the process is affected because it >>>> can't read >>>> pagecache data correctly. Just kill the process and don't need the >>>> whole >>>> kernel panic. >>>> >>>> So I need two different copy_to_user implementation, one is existing >>>> __arch_copy_to_user, >>>> this function will panic when consuming memory errors. The other one >>>> is this new helper >>>> __arch_copy_mc_to_user, this interface is used when reading >>>> pagecache. It can recover from >>>> consume memory error. >>> >>> OK, but do we really need two almost-identical implementations of >>> every function where the only difference is how the exception table >>> entries are annotated? Could the exception handler itself just figure >>> out who owns the page where the fault occurred and decide what action >>> to take as appropriate? >>> >>> Robin. >>> >> >> Thank you, Robin. >> >> I added this call path in this patchset: do_sea() -> >> fixup_exception(), the purpose is to provide a chance for sea fault to >> fixup (refer patch 3/7). >> >> If fixup successful, panic can be avoided. Otherwise, panic can be >> eliminated according to the original logic. >> >> fixup_exception() will set regs->pc and jump to regs->pc when the >> context recovery of an exception occurs. >> >> If mc-safe-fixup added to  __arch_copy_to_user(),  in *non pagecache >> reading* scenario encount memory error when call __arch_copy_to_user() >> , do_sea() -> fixup_exception() will not return fail and will miss the >> panic logic in do_sea(). >> >> So I add new helper __arch_copy_mc_to_user()  and add mc-safe-fixup to >> this helper, which can be used in the required scenarios. At present, >> there is only one pagecache reading scenario, other scenarios need to >> be developed. >> >> This is my current confusion. Of course, I will think about the >> solution to  solve the duplicate code problem. > > Right, but if the point is that faults in pagecahe pages are special, > surely __do_kernel_fault() could ultimately figure out from the address > whether that's the case or not? > > In general, if the principle is that whether a fault is recoverable or > not depends on what was being accessed, then to me it seems > fundamentally more robust to base that decision on details of the fault > that actually occurred, rather than what the caller thought it was > supposed to be doing at the time. > > Thanks, > Robin. > . According to Mark's suggestion, all uaccess can be recovered, including copy_to_user(), so there is no need to add new helper __arch_mc_copy_to_user()。 Thanks, Tong.