From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1230CC47DDF
	for <linux-mm@archiver.kernel.org>; Tue, 30 Jan 2024 13:23:12 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 749EE6B008A; Tue, 30 Jan 2024 08:23:11 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6FA596B008C; Tue, 30 Jan 2024 08:23:11 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5C1E46B0092; Tue, 30 Jan 2024 08:23:11 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 4A8B06B008A
	for <linux-mm@kvack.org>; Tue, 30 Jan 2024 08:23:11 -0500 (EST)
Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id 0CC3B140852
	for <linux-mm@kvack.org>; Tue, 30 Jan 2024 13:23:11 +0000 (UTC)
X-FDA: 81736043382.26.49547D8
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190])
	by imf11.hostedemail.com (Postfix) with ESMTP id 7FFDF40013
	for <linux-mm@kvack.org>; Tue, 30 Jan 2024 13:23:07 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=none;
	spf=pass (imf11.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1706620989;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=aTwYhJSbGAYcPyErFmbNrPBq4uVa0blYqv4qIpWzJb4=;
	b=l4+API4eL9NH2wOZjxffz4vAuNfMGXngqVl6BmPk0eOw8pxhXtGpRROCYrEYYorRkJ6ooG
	ih6+3oaTWhYuOFyr4CKOM+C+fMYAc7fVlgcIXI8Ziw+r+GI9jg5aCzxMcYrzV8E2t40fAH
	aHwEtamsvJ0owZ67rSiVJHx4Bjxt6Bg=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706620989; a=rsa-sha256;
	cv=none;
	b=1H3ZEYUCIr/eDFXDv/yLrYORkcbO5Bz+YcSezK/lQnzCBDTINiNQO3v148sBOHT+VbalBy
	2yfQ4W5FG7c9C2sy96QMevR/8hFGvWqfZ2aUB5AWMxn4CcDxxB3uZrOOX6H8UnJkXZwzZ7
	GvyZCQ2gC+EEn1MoV2VlHAlcGjksHAM=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=none;
	spf=pass (imf11.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com;
	dmarc=pass (policy=quarantine) header.from=huawei.com
Received: from mail.maildlp.com (unknown [172.19.88.214])
	by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4TPQm8519Qz29knY;
	Tue, 30 Jan 2024 21:21:12 +0800 (CST)
Received: from kwepemm600017.china.huawei.com (unknown [7.193.23.234])
	by mail.maildlp.com (Postfix) with ESMTPS id 574B81A016B;
	Tue, 30 Jan 2024 21:23:02 +0800 (CST)
Received: from [10.174.179.234] (10.174.179.234) by
 kwepemm600017.china.huawei.com (7.193.23.234) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.35; Tue, 30 Jan 2024 21:23:00 +0800
Message-ID: <f10848f1-36d5-c954-2b55-d9cdaf5262bf@huawei.com>
Date: Tue, 30 Jan 2024 21:22:59 +0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.8.0
Subject: Re: [PATCH v10 2/6] arm64: add support for machine check error safe
To: Mark Rutland <mark.rutland@arm.com>
CC: Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>,
	James Morse <james.morse@arm.com>, Robin Murphy <robin.murphy@arm.com>,
	Andrey Ryabinin <ryabinin.a.a@gmail.com>, Alexander Potapenko
	<glider@google.com>, Alexander Viro <viro@zeniv.linux.org.uk>, Andrey
 Konovalov <andreyknvl@gmail.com>, Dmitry Vyukov <dvyukov@google.com>,
	Vincenzo Frascino <vincenzo.frascino@arm.com>, Andrew Morton
	<akpm@linux-foundation.org>, Michael Ellerman <mpe@ellerman.id.au>, Nicholas
 Piggin <npiggin@gmail.com>, Christophe Leroy <christophe.leroy@csgroup.eu>,
	Aneesh Kumar K.V <aneesh.kumar@kernel.org>, "Naveen N. Rao"
	<naveen.n.rao@linux.ibm.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo
 Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen
	<dave.hansen@linux.intel.com>, <x86@kernel.org>, "H. Peter Anvin"
	<hpa@zytor.com>, <linux-arm-kernel@lists.infradead.org>,
	<linux-mm@kvack.org>, <linuxppc-dev@lists.ozlabs.org>,
	<linux-kernel@vger.kernel.org>, <kasan-dev@googlegroups.com>,
	<wangkefeng.wang@huawei.com>, Guohanjun <guohanjun@huawei.com>
References: <20240129134652.4004931-1-tongtiangen@huawei.com>
 <20240129134652.4004931-3-tongtiangen@huawei.com>
 <ZbflpQV7aVry0qPz@FVFF77S0Q05N>
 <eb78caf9-ac03-1030-4e32-b614e73c0f62@huawei.com>
 <Zbj0heg7eFukm_5Z@FVFF77S0Q05N>
From: Tong Tiangen <tongtiangen@huawei.com>
In-Reply-To: <Zbj0heg7eFukm_5Z@FVFF77S0Q05N>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.174.179.234]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
 kwepemm600017.china.huawei.com (7.193.23.234)
X-Rspamd-Queue-Id: 7FFDF40013
X-Rspam-User: 
X-Rspamd-Server: rspam11
X-Stat-Signature: ipem1stkd13t4shgg96yn93e58sydsn5
X-HE-Tag: 1706620987-359901
X-HE-Meta: U2FsdGVkX18qVpecMmSkH11+fpQ/dxk6hAuiWFLG0XgtzHzhWENc7Uz1kFVnRj4FK6FqjV3XUNsuAbxaML272eVu1ZpA7euPJEhJ/Mau0GzPbmJQLqX1hNKCCrB2qAqhWUlcRxOYYjQCplWIO7vIgFlQvLhSdGwXOfd0gdmEWSKDbrjvQZfyCR5PRTlQMmjb+riEVkq9xRe70TfjddPKC/VaAv43cMyFbRfhDbaV09Kf6WdbmV2J0UUcSQFnzPrbSmO99XQDgvq3L7vup7iSSLTlkUNmBdzETxI9PsAg9V4eJLrSqLJGrDrPLqYorS0vi2G6HXIqq63DauakZtsiaImAMowIDfXwuM954m4et0y5+rr0HnXXIFVY9nKNQqe4zRkvjImCoA+0dfXfUZS4tDIepnvZ1gnKYjp2Vi6ftrUFZHQ5VmyiPGmQocoOKYB3tc5xMGNmRBN89MJMQyxQBycy1NSW0hXEtTJAODkoqkwFqrEdozRW33mAjRa4PnnRASLn457ZyS86eVhLDwnQ20HCcWPiUaD32OKFZc7c+rScDAnTBq81cpmhPehgXzqe46SdDOqGtIkOuuFQ1uLpkbwF966HslGI5Cpe/zokyjrFGeGu/25gEOh3+JI4O6RQ119ebEuKnNnSjxaEMe/97WV8C4k0yZTU7S1dK7QJa8+0zstpeWrB0Vm9x8n1ADO4z7jPKK0ArCij9Cpcr0wJpSfGyV+RfmtSLTQKiq1Ucl5bVpGBVdA67XxWPDaF/lhOn5LL9vI8cQo9f0x83T8JmaIx0M0hvirTLauKgtoAlLkPkS4+S2xAAgT8lMuyijwiKyspXgiFa0MB52rWxRM02dP7vRMJq+sW0nGyYwNgCGgBqONSaGGDEs0VFNwscIDDiCs4D6lD2mQM28JQvcHN9sKKNEpHq8hYN2fvXYD18/cawGQJjotwbLQidI7ySmixGsRwMQEngcMaEJVE+P4
 407ZW/8j
 QnWhdOZbWjckaaU7jjXW8UxJUI+5diGRbhDqeHuPLA5BXOajYKwo/H2NYbf04M5SoFaWc9XjHBOfr8mgx1jpuEbqAvAG+2R+g+PKKfIv0eKjU6rCEuLDxpoQnxt/eZOQVeMUPvoHEw8CgzpG/Kt9sGWQS842aXb/H9+r2KA+afW1eCRC/wHFI6kmm9lpspadbZ11duvWFKznO7JUHE+/4cFCNtiBNqHfqUM3v2rnM6nK9p3s=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>



在 2024/1/30 21:07, Mark Rutland 写道:
> On Tue, Jan 30, 2024 at 06:57:24PM +0800, Tong Tiangen wrote:
>> 在 2024/1/30 1:51, Mark Rutland 写道:
>>> On Mon, Jan 29, 2024 at 09:46:48PM +0800, Tong Tiangen wrote:
> 
>>>> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>>>> index 55f6455a8284..312932dc100b 100644
>>>> --- a/arch/arm64/mm/fault.c
>>>> +++ b/arch/arm64/mm/fault.c
>>>> @@ -730,6 +730,31 @@ static int do_bad(unsigned long far, unsigned long esr, struct pt_regs *regs)
>>>>    	return 1; /* "fault" */
>>>>    }
>>>> +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr,
>>>> +				     struct pt_regs *regs, int sig, int code)
>>>> +{
>>>> +	if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC))
>>>> +		return false;
>>>> +
>>>> +	if (user_mode(regs))
>>>> +		return false;
>>>
>>> This function is called "arm64_do_kernel_sea"; surely the caller should *never*
>>> call this for a SEA taken from user mode?
>>
>> In do_sea(), the processing logic is as follows:
>>    do_sea()
>>    {
>>      [...]
>>      if (user_mode(regs) && apei_claim_sea(regs) == 0) {
>>         return 0;
>>      }
>>      [...]
>>      //[1]
>>      if (!arm64_do_kernel_sea()) {
>>         arm64_notify_die();
>>      }
>>    }
>>
>> [1] user_mode() is still possible to go here,If user_mode() goes here,
>>   it indicates that the impact caused by the memory error cannot be
>>   processed correctly by apei_claim_sea().
>>
>>
>> In this case, only arm64_notify_die() can be used, This also maintains
>> the original logic of user_mode()'s processing.
> 
> My point is that either:
> 
> (a) The name means that this should *only* be called for SEAs from a kernel
>      context, and the caller should be responsible for ensuring that.
> 
> (b) The name is misleading, and the 'kernel' part should be removed from the
>      name.
> 
> I prefer (a), and if you head down that route it's clear that you can get rid
> of a bunch of redundant logic and remove the need for do_kernel_sea(), anyway,
> e.g.
> 
> | static int do_sea(unsigned long far, unsigned long esr, struct pt_regs *regs)
> | {
> |         const struct fault_info *inf = esr_to_fault_info(esr);
> |         bool claimed = apei_claim_sea(regs) == 0;
> |         unsigned long siaddr;
> |
> |         if (claimed) {
> |                 if (user_mode(regs)) {
> |                         /*
> |                          * APEI claimed this as a firmware-first notification.
> |                          * Some processing deferred to task_work before ret_to_user().
> |                          */
> |                         return 0;
> |                 } else {
> |                         /*
> |                          * TODO: explain why this is correct.
> |                          */
> |                         if ((current->flags & PF_KTHREAD) &&
> |                             fixup_exception_mc(regs))
> |                                 return 0;
> |                 }
> |         }

This code seems to be a bit more concise and avoids misleading function 
names, which I'll use in the next version:）

> |
> |         if (esr & ESR_ELx_FnV) {
> |                 siaddr = 0;
> |         } else {
> |                 /*
> |                  * The architecture specifies that the tag bits of FAR_EL1 are
> |                  * UNKNOWN for synchronous external aborts. Mask them out now
> |                  * so that userspace doesn't see them.
> |                  */
> |                 siaddr  = untagged_addr(far);
> |         }
> |         arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
> |
> |         return 0;
> | }
> 
>>>> +
>>>> +	if (apei_claim_sea(regs) < 0)
>>>> +		return false;
>>>> +
>>>> +	if (!fixup_exception_mc(regs))
>>>> +		return false;
>>>> +
>>>> +	if (current->flags & PF_KTHREAD)
>>>> +		return true;
>>>
>>> I think this needs a comment; why do we allow kthreads to go on, yet kill user
>>> threads? What about helper threads (e.g. for io_uring)?
>>
>> If a memroy error occurs in the kernel thread, the problem is more
>> serious than that of the user thread. As a result, related kernel
>> functions, such as khugepaged, cannot run properly. kernel panic should
>> be a better choice at this time.
>>
>> Therefore, the processing scope of this framework is limited to the user
>> thread.
> 
> That's reasonable, but needs to be explained in a comment.
> 
> Also, as above, I think you haven't conisderd helper threads (e.g. io_uring),
> which don't have PF_KTHREAD set but do have PF_USER_WORKER set. I suspect those
> need the same treatment as kthreads.

Okay, I'm going to investigate PF_USER_WORKER.

> 
>>>> +	set_thread_esr(0, esr);
>>>
>>> Why do we set the ESR to 0?
>>
>> The purpose is to reuse the logic of arm64_notify_die() and set the
>> following parameters before sending signals to users:
>>    current->thread.fault_address = 0;
>>    current->thread.fault_code = err;
> 
> Ok, but there's no need to open-code that.
> 
> As per my above example, please continue to use the existing call to
> arm64_notify_die() rather than open-coding bits of it.

OK.

Many thanks.
Tong.
> 
> Mark.
> .