mbox series

[RFC,-next,V2,0/7] arm64: add machine check safe support

Message ID 20220406091311.3354723-1-tongtiangen@huawei.com (mailing list archive)
Headers show
Series arm64: add machine check safe support | expand

Message

Tong Tiangen April 6, 2022, 9:13 a.m. UTC
This patchset is based on[1].

With the increase of memory capacity and density, the probability of
memory error increases. The increasing size and density of server RAM
in the data center and cloud have shown increased uncorrectable memory
errors.

Currently, the kernel has a mechanism to recover from hardware memory
errors. This patchset provides an new recovery mechanism.

For ARM64, the hardware error handling is do_sea() which divided into
two cases:
1. The user state consumed the memory errors, the solution is kill th
     user process and isolate the error page.
2. The kernel state consumed the memory errors, the solution is panic.

For kernelspace, Undifferentiated panic maybe not the optimal choice,
it can be handled better.

This patchset deals with four sscenarios of hardware memory error consumed
in kernelspace:
1. copy_from_user.
2. get_user.
3. cow(copy on write).
4. pagecache reading.

These four scenarios have similarities. Although the error is consumed in
the kernel state, but the consumed data belongs to the user state.

The processing scheme is based on CONFIG_ARCH_HAS_COPY_MC and uses the
process killing plus isolate error page to replace kernel panic.

[1]https://lore.kernel.org/lkml/20220323033705.3966643-1-tongtiangen@huawei.com/

Since V2:
 1.Consistent with PPC/x86, Using CONFIG_ARCH_HAS_COPY_MC instead of
   ARM64_UCE_KERNEL_RECOVERY.
 2.Add two new scenarios, cow and pagecache reading.
 3.Fix two small bug(the first two patch).

Tong Tiangen (7):
  x86: fix copy_mc_to_user compile error
  arm64: fix page_address return value in copy_highpage
  arm64: add support for machine check error safe
  arm64: add copy_from_user to machine check safe
  arm64: add get_user to machine check safe
  arm64: add cow to machine check safe
  arm64: add pagecache reading to machine check safe

 arch/arm64/Kconfig                   |  1 +
 arch/arm64/include/asm/asm-extable.h | 25 +++++++
 arch/arm64/include/asm/asm-uaccess.h | 16 +++++
 arch/arm64/include/asm/esr.h         |  5 ++
 arch/arm64/include/asm/extable.h     |  2 +-
 arch/arm64/include/asm/page.h        | 10 +++
 arch/arm64/include/asm/uaccess.h     | 17 ++++-
 arch/arm64/kernel/probes/kprobes.c   |  2 +-
 arch/arm64/lib/Makefile              |  2 +
 arch/arm64/lib/copy_from_user.S      | 11 ++--
 arch/arm64/lib/copy_page_mc.S        | 98 ++++++++++++++++++++++++++++
 arch/arm64/lib/copy_to_user_mc.S     | 78 ++++++++++++++++++++++
 arch/arm64/mm/copypage.c             | 36 ++++++++--
 arch/arm64/mm/extable.c              | 21 +++++-
 arch/arm64/mm/fault.c                | 30 ++++++++-
 arch/x86/include/asm/uaccess.h       |  1 +
 include/linux/highmem.h              |  8 +++
 include/linux/uaccess.h              |  8 +++
 include/linux/uio.h                  |  9 ++-
 lib/iov_iter.c                       | 85 +++++++++++++++++++-----
 mm/memory.c                          |  2 +-
 21 files changed, 432 insertions(+), 35 deletions(-)
 create mode 100644 arch/arm64/lib/copy_page_mc.S
 create mode 100644 arch/arm64/lib/copy_to_user_mc.S

Comments

Mark Rutland April 6, 2022, 10:04 a.m. UTC | #1
Hi,

In future, for the arm64 uaccess stuff, could you please CC me, and for the
arm64 RAS bits (e.g. the SEA handling), could you please CC James Morse?

On Wed, Apr 06, 2022 at 09:13:04AM +0000, Tong Tiangen wrote:
> This patchset is based on[1].

That link below appears to be a single patch. Sending that separately makes
this harder to review, so in future could you please send this as a combined
series?

> With the increase of memory capacity and density, the probability of
> memory error increases. The increasing size and density of server RAM
> in the data center and cloud have shown increased uncorrectable memory
> errors.
> 
> Currently, the kernel has a mechanism to recover from hardware memory
> errors. This patchset provides an new recovery mechanism.
> 
> For ARM64, the hardware error handling is do_sea() which divided into
> two cases:
> 1. The user state consumed the memory errors, the solution is kill th
>      user process and isolate the error page.
> 2. The kernel state consumed the memory errors, the solution is panic.
> 
> For kernelspace, Undifferentiated panic maybe not the optimal choice,
> it can be handled better.
> 
> This patchset deals with four sscenarios of hardware memory error consumed
> in kernelspace:
> 1. copy_from_user.
> 2. get_user.

What about atomics to user memory? e.g. futexes, or the armv8_deprecated
emulations?

It seems the assumption is that writing to user memory (e.g. copy_to_user() and
put_user()) don't matter? Could you please mention why? e.g. do we never take
an exception for writes to memory with errors?

> 3. cow(copy on write).
> 4. pagecache reading.

There are a bunch of other places where we'll access user memory via the linear
map, so I assume this is just a best-effort "try not to die" rather than "never
die" ?

Are there other places we might need/want to expand this to in future?

Thanks,
Mark.

> These four scenarios have similarities. Although the error is consumed in
> the kernel state, but the consumed data belongs to the user state.
> 
> The processing scheme is based on CONFIG_ARCH_HAS_COPY_MC and uses the
> process killing plus isolate error page to replace kernel panic.
> 
> [1]https://lore.kernel.org/lkml/20220323033705.3966643-1-tongtiangen@huawei.com/
> 
> Since V2:
>  1.Consistent with PPC/x86, Using CONFIG_ARCH_HAS_COPY_MC instead of
>    ARM64_UCE_KERNEL_RECOVERY.
>  2.Add two new scenarios, cow and pagecache reading.
>  3.Fix two small bug(the first two patch).
> 
> Tong Tiangen (7):
>   x86: fix copy_mc_to_user compile error
>   arm64: fix page_address return value in copy_highpage
>   arm64: add support for machine check error safe
>   arm64: add copy_from_user to machine check safe
>   arm64: add get_user to machine check safe
>   arm64: add cow to machine check safe
>   arm64: add pagecache reading to machine check safe
> 
>  arch/arm64/Kconfig                   |  1 +
>  arch/arm64/include/asm/asm-extable.h | 25 +++++++
>  arch/arm64/include/asm/asm-uaccess.h | 16 +++++
>  arch/arm64/include/asm/esr.h         |  5 ++
>  arch/arm64/include/asm/extable.h     |  2 +-
>  arch/arm64/include/asm/page.h        | 10 +++
>  arch/arm64/include/asm/uaccess.h     | 17 ++++-
>  arch/arm64/kernel/probes/kprobes.c   |  2 +-
>  arch/arm64/lib/Makefile              |  2 +
>  arch/arm64/lib/copy_from_user.S      | 11 ++--
>  arch/arm64/lib/copy_page_mc.S        | 98 ++++++++++++++++++++++++++++
>  arch/arm64/lib/copy_to_user_mc.S     | 78 ++++++++++++++++++++++
>  arch/arm64/mm/copypage.c             | 36 ++++++++--
>  arch/arm64/mm/extable.c              | 21 +++++-
>  arch/arm64/mm/fault.c                | 30 ++++++++-
>  arch/x86/include/asm/uaccess.h       |  1 +
>  include/linux/highmem.h              |  8 +++
>  include/linux/uaccess.h              |  8 +++
>  include/linux/uio.h                  |  9 ++-
>  lib/iov_iter.c                       | 85 +++++++++++++++++++-----
>  mm/memory.c                          |  2 +-
>  21 files changed, 432 insertions(+), 35 deletions(-)
>  create mode 100644 arch/arm64/lib/copy_page_mc.S
>  create mode 100644 arch/arm64/lib/copy_to_user_mc.S
> 
> -- 
> 2.18.0.huawei.25
> 
> 
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Tong Tiangen April 7, 2022, 4:21 a.m. UTC | #2
在 2022/4/6 18:04, Mark Rutland 写道:
> Hi,
> 
> In future, for the arm64 uaccess stuff, could you please CC me, and for the
> arm64 RAS bits (e.g. the SEA handling), could you please CC James Morse?

ok :)

> 
> On Wed, Apr 06, 2022 at 09:13:04AM +0000, Tong Tiangen wrote:
>> This patchset is based on[1].
> 
> That link below appears to be a single patch. Sending that separately makes
> this harder to review, so in future could you please send this as a combined
> series?
> 
>> With the increase of memory capacity and density, the probability of
>> memory error increases. The increasing size and density of server RAM
>> in the data center and cloud have shown increased uncorrectable memory
>> errors.
>>
>> Currently, the kernel has a mechanism to recover from hardware memory
>> errors. This patchset provides an new recovery mechanism.
>>
>> For ARM64, the hardware error handling is do_sea() which divided into
>> two cases:
>> 1. The user state consumed the memory errors, the solution is kill th
>>       user process and isolate the error page.
>> 2. The kernel state consumed the memory errors, the solution is panic.
>>
>> For kernelspace, Undifferentiated panic maybe not the optimal choice,
>> it can be handled better.
>>
>> This patchset deals with four sscenarios of hardware memory error consumed
>> in kernelspace:
>> 1. copy_from_user.
>> 2. get_user.
> 
> What about atomics to user memory? e.g. futexes, or the armv8_deprecated
> emulations?
> 
> It seems the assumption is that writing to user memory (e.g. copy_to_user() and
> put_user()) don't matter? Could you please mention why? e.g. do we never take
> an exception for writes to memory with errors?

First, explain why only pay attention to the errors that occur when 
reading memory and not when writing memory:

1. For Linux reading page, the Linux is consumer[*], the DDR controller 
is producer. if page with memory error, Linux consumes the error will 
receive an error signal than process the signal.

2. For Linux writing page, the Linux is producer, the DDR controller is 
consumer, the DDR controller will process the memory error.

3. From the perspective of Linux, here we only focus on his situation as 
a consumer. Focus on how Linux responds to errors when reading pages.

[*]For definitions of producers and consumers, refer to the documentation:
Reliability, Availability, and Serviceability (RAS) Architecture Extension

Second, explain why writing to user memory don't matter.

Don't matter means that we will not deal with it in this patchset, but 
follow the current strategy of the kernel(kernel panic). Take 
copy_from[to]_user/get[put]_user as an example:

1. In copy_to_user()/put_user(), it read the kernel page and write to 
user page, We cannot judge the importance of this kernel page that holds 
kernel data, if a memory error is encountered while reading, the normal 
operation of the system after recovery cannot be guaranteed,so the 
current processing strategy of the kernel is panic,we will not change this.

2. In copy_from_user()/get_user(), it read the user page and write to 
kernel page in user process context, this user data is only critical to 
this user process and does not affect the operation of the whole system. 
Therefore, if a memory error is encountered while reading, we can 
recover by killing this process and isolating the error user page 
without going to kernel panic, This patchset is aimed at this situation.
> 
>> 3. cow(copy on write).
>> 4. pagecache reading.
> 
> There are a bunch of other places where we'll access user memory via the linear
> map, so I assume this is just a best-effort "try not to die" rather than "never
> die" ?
> 
> Are there other places we might need/want to expand this to in future?
> 
> Thanks,
> Mark.

Yes.

The strategy is "try not to die" in some specific scene.

In both cases(cow and pagecache reading), when the page with memory 
error is read in user process context, the result is not fatal, because 
the data of the error page is only critical to the user process. Killing 
the process and isolating the error page will not affect the normal 
operation of the system.


I hope I can explain this clearly.

Great thanks to mark and I hope James can help take a look at this idea.

Thanks.
Tong.
> 
>> These four scenarios have similarities. Although the error is consumed in
>> the kernel state, but the consumed data belongs to the user state.
>>
>> The processing scheme is based on CONFIG_ARCH_HAS_COPY_MC and uses the
>> process killing plus isolate error page to replace kernel panic.
>>
>> [1]https://lore.kernel.org/lkml/20220323033705.3966643-1-tongtiangen@huawei.com/
>>
>> Since V2:
>>   1.Consistent with PPC/x86, Using CONFIG_ARCH_HAS_COPY_MC instead of
>>     ARM64_UCE_KERNEL_RECOVERY.
>>   2.Add two new scenarios, cow and pagecache reading.
>>   3.Fix two small bug(the first two patch).
>>
>> Tong Tiangen (7):
>>    x86: fix copy_mc_to_user compile error
>>    arm64: fix page_address return value in copy_highpage
>>    arm64: add support for machine check error safe
>>    arm64: add copy_from_user to machine check safe
>>    arm64: add get_user to machine check safe
>>    arm64: add cow to machine check safe
>>    arm64: add pagecache reading to machine check safe
>>
>>   arch/arm64/Kconfig                   |  1 +
>>   arch/arm64/include/asm/asm-extable.h | 25 +++++++
>>   arch/arm64/include/asm/asm-uaccess.h | 16 +++++
>>   arch/arm64/include/asm/esr.h         |  5 ++
>>   arch/arm64/include/asm/extable.h     |  2 +-
>>   arch/arm64/include/asm/page.h        | 10 +++
>>   arch/arm64/include/asm/uaccess.h     | 17 ++++-
>>   arch/arm64/kernel/probes/kprobes.c   |  2 +-
>>   arch/arm64/lib/Makefile              |  2 +
>>   arch/arm64/lib/copy_from_user.S      | 11 ++--
>>   arch/arm64/lib/copy_page_mc.S        | 98 ++++++++++++++++++++++++++++
>>   arch/arm64/lib/copy_to_user_mc.S     | 78 ++++++++++++++++++++++
>>   arch/arm64/mm/copypage.c             | 36 ++++++++--
>>   arch/arm64/mm/extable.c              | 21 +++++-
>>   arch/arm64/mm/fault.c                | 30 ++++++++-
>>   arch/x86/include/asm/uaccess.h       |  1 +
>>   include/linux/highmem.h              |  8 +++
>>   include/linux/uaccess.h              |  8 +++
>>   include/linux/uio.h                  |  9 ++-
>>   lib/iov_iter.c                       | 85 +++++++++++++++++++-----
>>   mm/memory.c                          |  2 +-
>>   21 files changed, 432 insertions(+), 35 deletions(-)
>>   create mode 100644 arch/arm64/lib/copy_page_mc.S
>>   create mode 100644 arch/arm64/lib/copy_to_user_mc.S
>>
>> -- 
>> 2.18.0.huawei.25
>>
>>
>> _______________________________________________
>> linux-arm-kernel mailing list
>> linux-arm-kernel@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
> .