From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB029C47DDF for ; Tue, 30 Jan 2024 10:57:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3F6DA6B0078; Tue, 30 Jan 2024 05:57:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 380006B007D; Tue, 30 Jan 2024 05:57:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2206F6B0081; Tue, 30 Jan 2024 05:57:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 0F9E16B0078 for ; Tue, 30 Jan 2024 05:57:36 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id D14BDA1FE3 for ; Tue, 30 Jan 2024 10:57:35 +0000 (UTC) X-FDA: 81735676470.06.438E47A Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) by imf17.hostedemail.com (Postfix) with ESMTP id 88B9E40009 for ; Tue, 30 Jan 2024 10:57:32 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=none; spf=pass (imf17.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706612254; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5ODNVrnxRJ55NbfSqy1yNJWkW9Y1TOLtL1d3W7l0QpM=; b=2pr/ovpGhVa87LfE8fn8navwWXfnsBYgNUMillCQuZEAe/HlkCwv0VQre/xDXhfmUim3fj +brtr7kCgpjgVSaaCxUfW5+Ml/merzbJWEMCbyYDC4Evzm55bEFpGYwefCKkvQF4RLrt7b EvF7KTRxTrcCiJ0fURolShiOeBYXuR8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706612254; a=rsa-sha256; cv=none; b=uUxf6PTyUcsMpbCbvL2usoTeCm9RKvNRzX9CgTUAtA0HiOKpUnT9As/asOzQN6OfyjY8h+ 7EBIrADbdHwsxVY3m3wLlmsZFKEW5qeDr1KgA2BD0rjG754tugHClm1QEGW6UK12DG8oX4 ra4XOc4Mmn6iq1itME6jKTJ3dkYac7A= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=none; spf=pass (imf17.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com Received: from mail.maildlp.com (unknown [172.19.162.112]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4TPMXB10ljz29krw; Tue, 30 Jan 2024 18:55:38 +0800 (CST) Received: from kwepemm600017.china.huawei.com (unknown [7.193.23.234]) by mail.maildlp.com (Postfix) with ESMTPS id AB70B1404D7; Tue, 30 Jan 2024 18:57:27 +0800 (CST) Received: from [10.174.179.234] (10.174.179.234) by kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Tue, 30 Jan 2024 18:57:25 +0800 Message-ID: Date: Tue, 30 Jan 2024 18:57:24 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH v10 2/6] arm64: add support for machine check error safe To: Mark Rutland CC: Catalin Marinas , Will Deacon , James Morse , Robin Murphy , Andrey Ryabinin , Alexander Potapenko , Alexander Viro , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Andrew Morton , Michael Ellerman , Nicholas Piggin , Christophe Leroy , Aneesh Kumar K.V , "Naveen N. Rao" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , , "H. Peter Anvin" , , , , , , , Guohanjun References: <20240129134652.4004931-1-tongtiangen@huawei.com> <20240129134652.4004931-3-tongtiangen@huawei.com> From: Tong Tiangen In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.174.179.234] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To kwepemm600017.china.huawei.com (7.193.23.234) X-Rspamd-Queue-Id: 88B9E40009 X-Rspam-User: X-Stat-Signature: gh6jxbf9ujz9pp89bwfmwcx6fhbdzifr X-Rspamd-Server: rspam03 X-HE-Tag: 1706612252-811791 X-HE-Meta: U2FsdGVkX1/7aYCGlaO9+ewKylajAD1Ntn0ZZPDHwUCsEIXA3qJOGasj6y2uQnDG9zo+EtsAxeZzyECQX9ZEdEJKvYMopAMSq0FeGsI7NxvFkXCMLcmOVdMQxgYKEkvW4NYlbm9R+/pd3MzcRmYB0jHFtfuiMKyZ4CtB/dBwakFrp1x7aSi7X+F0hfLTBolbAbQz/xPgoo+71y1WK4MvMj6B72zngFEEQbh3Ew9Knn9KjngTemkgUzO9lGOXTg5xRxqMTQCQCVE5014GxgFkpZ3J3RjQoGMyBE68w4C1E8wF4UH/5TOXEfo+g8FLfBnl5y183GbNYA56LCdWOUcciTBmXcKDQABGm863fcB4yMg/S54Cu5Adwhm9w7s+KF4QV9u4vQhPsPtrE50atw3vvbNfre5Yw5kgpfxmR2lKaocVZmA7BP9BI3U8O/eSCVOp2NwqBQO9cH/3fZmvifkn/dqXxz0rK2cejYgO/3pDDYkNJTc18vG0X2wIqt78Hbq9PjAZg4Psd8Ypex96LwetZWwb5WgoALFPQ93OI4Jg8nX3WwARwnXaRY0vcAytyWxUv7zd2VBbvykTitn11KvYVsbflLy/FBigFyz4p/bAt4YTM/plmIiqMSbcwV9cbUqEjAYg1szjd3V2AymhJPbaRlWm2cJg4jY7Qc2cgi0cAqbuI3AMrVHe0KZxIXRMD+og73fPnFXlbx8o6z8TC1/g8Ulz7X5KfixvBZtUDLqlbam3YW6zYH4TBQtQApBT6Leklqf+A0p3IcfuQYTMgD6TELptrK/PjdpThWKtHxvaT8XMtRBgubV4x1j74zuG93C0QqIy4ZmIwPAYHHnOyk1tmCIAkqCkZG1oQm0FFq1AzBdH7dI6iDKugPg7OTG/bdrfGCH45mk07sTjl7kwRk7p/MKzubW6KJUE3l1ONsklgIljpabeluxEsw3i9yBkOfY92KVRKKH4v9tTJ3w66iF qMjS537T JrCgAfjSTZi2xnTnT1PTJTpFIkG6fZTcigNSTJd/hcwBs9EjqPsOx5GXyP4uUh06Gev3N/uIabM6mXr7aplKq2CfjHmIcDWin3OVYKUp8TsUxy4lDkBVeIVp4BkOn/1j9t0mz+Y0LjK/RFFLSJCxT2ToTGvJiyHoZlRk+yf1Ner1Y8bUTniyxDkoSOrEPytxeZikTrnCmUbFw0i7oLsdAS6RiRt+666d9j43vwjyNBCjESctkYRX0yn12QP5xJXsoCCRJ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: 在 2024/1/30 1:51, Mark Rutland 写道: > On Mon, Jan 29, 2024 at 09:46:48PM +0800, Tong Tiangen wrote: >> For the arm64 kernel, when it processes hardware memory errors for >> synchronize notifications(do_sea()), if the errors is consumed within the >> kernel, the current processing is panic. However, it is not optimal. >> >> Take uaccess for example, if the uaccess operation fails due to memory >> error, only the user process will be affected. Killing the user process and >> isolating the corrupt page is a better choice. >> >> This patch only enable machine error check framework and adds an exception >> fixup before the kernel panic in do_sea(). >> >> Signed-off-by: Tong Tiangen >> --- >> arch/arm64/Kconfig | 1 + >> arch/arm64/include/asm/extable.h | 1 + >> arch/arm64/mm/extable.c | 16 ++++++++++++++++ >> arch/arm64/mm/fault.c | 29 ++++++++++++++++++++++++++++- >> 4 files changed, 46 insertions(+), 1 deletion(-) >> >> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig >> index aa7c1d435139..2cc34b5e7abb 100644 >> --- a/arch/arm64/Kconfig >> +++ b/arch/arm64/Kconfig >> @@ -20,6 +20,7 @@ config ARM64 >> select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2 >> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE >> select ARCH_HAS_CACHE_LINE_SIZE >> + select ARCH_HAS_COPY_MC if ACPI_APEI_GHES >> select ARCH_HAS_CURRENT_STACK_POINTER >> select ARCH_HAS_DEBUG_VIRTUAL >> select ARCH_HAS_DEBUG_VM_PGTABLE >> diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h >> index 72b0e71cc3de..f80ebd0addfd 100644 >> --- a/arch/arm64/include/asm/extable.h >> +++ b/arch/arm64/include/asm/extable.h >> @@ -46,4 +46,5 @@ bool ex_handler_bpf(const struct exception_table_entry *ex, >> #endif /* !CONFIG_BPF_JIT */ >> >> bool fixup_exception(struct pt_regs *regs); >> +bool fixup_exception_mc(struct pt_regs *regs); >> #endif >> diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c >> index 228d681a8715..478e639f8680 100644 >> --- a/arch/arm64/mm/extable.c >> +++ b/arch/arm64/mm/extable.c >> @@ -76,3 +76,19 @@ bool fixup_exception(struct pt_regs *regs) >> >> BUG(); >> } >> + >> +bool fixup_exception_mc(struct pt_regs *regs) > > Can we please replace 'mc' with something like 'memory_error' ? > > There's no "machine check" on arm64, and 'mc' is opaque regardless. OK, It's more appropriate to use "memory_error" on arm64. > >> +{ >> + const struct exception_table_entry *ex; >> + >> + ex = search_exception_tables(instruction_pointer(regs)); >> + if (!ex) >> + return false; >> + >> + /* >> + * This is not complete, More Machine check safe extable type can >> + * be processed here. >> + */ >> + >> + return false; >> +} > > As with my comment on the subsequenty patch, I'd much prefer that we handle > EX_TYPE_UACCESS_ERR_ZERO from the outset. OK, In the next version, the two patches will be merged. > > > >> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c >> index 55f6455a8284..312932dc100b 100644 >> --- a/arch/arm64/mm/fault.c >> +++ b/arch/arm64/mm/fault.c >> @@ -730,6 +730,31 @@ static int do_bad(unsigned long far, unsigned long esr, struct pt_regs *regs) >> return 1; /* "fault" */ >> } >> >> +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr, >> + struct pt_regs *regs, int sig, int code) >> +{ >> + if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC)) >> + return false; >> + >> + if (user_mode(regs)) >> + return false; > > This function is called "arm64_do_kernel_sea"; surely the caller should *never* > call this for a SEA taken from user mode? In do_sea(), the processing logic is as follows: do_sea() { [...] if (user_mode(regs) && apei_claim_sea(regs) == 0) { return 0; } [...] //[1] if (!arm64_do_kernel_sea()) { arm64_notify_die(); } } [1] user_mode() is still possible to go here,If user_mode() goes here, it indicates that the impact caused by the memory error cannot be processed correctly by apei_claim_sea(). In this case, only arm64_notify_die() can be used, This also maintains the original logic of user_mode()'s processing. > >> + >> + if (apei_claim_sea(regs) < 0) >> + return false; >> + >> + if (!fixup_exception_mc(regs)) >> + return false; >> + >> + if (current->flags & PF_KTHREAD) >> + return true; > > I think this needs a comment; why do we allow kthreads to go on, yet kill user > threads? What about helper threads (e.g. for io_uring)? If a memroy error occurs in the kernel thread, the problem is more serious than that of the user thread. As a result, related kernel functions, such as khugepaged, cannot run properly. kernel panic should be a better choice at this time. Therefore, the processing scope of this framework is limited to the user thread. > >> + >> + set_thread_esr(0, esr); > > Why do we set the ESR to 0? The purpose is to reuse the logic of arm64_notify_die() and set the following parameters before sending signals to users: current->thread.fault_address = 0; current->thread.fault_code = err; I looked at the git log and found that the logic was added by this commit: 9141300a5884 (“arm64: Provide read/write fault information in compat signal handlers”) According to the description of commit message, the purpose seems to be for aarch32. Many thanks. Tong. > > Mark. > >> + arm64_force_sig_fault(sig, code, addr, >> + "Uncorrected memory error on access to user memory\n"); >> + >> + return true; >> +} >> + >> static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs) >> { >> const struct fault_info *inf; >> @@ -755,7 +780,9 @@ static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs) >> */ >> siaddr = untagged_addr(far); >> } >> - arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr); >> + >> + if (!arm64_do_kernel_sea(siaddr, esr, regs, inf->sig, inf->code)) >> + arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr); >> >> return 0; >> } >> -- >> 2.25.1 >> > .