From patchwork Mon Dec 9 02:42:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tong Tiangen X-Patchwork-Id: 13898747 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD2BFE7717F for ; Mon, 9 Dec 2024 02:43:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 472836B03A0; Sun, 8 Dec 2024 21:43:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 422996B03A1; Sun, 8 Dec 2024 21:43:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2EA916B03A2; Sun, 8 Dec 2024 21:43:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1173F6B03A0 for ; Sun, 8 Dec 2024 21:43:28 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 49D1F42DC9 for ; Mon, 9 Dec 2024 02:43:27 +0000 (UTC) X-FDA: 82873873656.13.ABEF66B Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [45.249.212.190]) by imf10.hostedemail.com (Postfix) with ESMTP id 801C6C0002 for ; Mon, 9 Dec 2024 02:43:15 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733712184; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references; bh=20OY5Wca9v29+l5BtvCY5fuiV4sFMquFAGouScos9WA=; b=Br+/bYzHsHEFLKXn1M+7XWZEG0SG8rkMo9H/AZD1L1lFYs8W0qdhq7ata/z0Y+WLVykgMq kSpeAk6e1504yPx/gs0hPg4yONx727Z5yfd6h4uz7pUZzcHvfnrdl//YWl0X0eHjZL90tY dIHf8Emgt4qQsxmL8i8TAw8hk0sJtfw= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=none; spf=pass (imf10.hostedemail.com: domain of tongtiangen@huawei.com designates 45.249.212.190 as permitted sender) smtp.mailfrom=tongtiangen@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733712184; a=rsa-sha256; cv=none; b=aS2xorCgBHIVJzZApZBciB7yrOtUYbfiGA5+79oEmRBrrimno/iW2RLT7uY4yeAbp98tlV K04h1VmfN8rZxCMhmClWNR8GAOVTqTLag1LbQCbYQTEy+SIVyqJ01DblYaAawOuDdTW4iG vNelvXn26zhIdvjnF1m8XQF604r/3zM= Received: from mail.maildlp.com (unknown [172.19.88.214]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4Y65hS4kNBz2DhQD; Mon, 9 Dec 2024 10:40:56 +0800 (CST) Received: from kwepemk500005.china.huawei.com (unknown [7.202.194.90]) by mail.maildlp.com (Postfix) with ESMTPS id 732081A016C; Mon, 9 Dec 2024 10:43:19 +0800 (CST) Received: from localhost.localdomain (10.175.112.125) by kwepemk500005.china.huawei.com (7.202.194.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Mon, 9 Dec 2024 10:43:17 +0800 From: Tong Tiangen To: Mark Rutland , Jonathan Cameron , Mauro Carvalho Chehab , Catalin Marinas , Will Deacon , Andrew Morton , James Morse , Robin Murphy , Andrey Konovalov , Dmitry Vyukov , Vincenzo Frascino , Michael Ellerman , Nicholas Piggin , Andrey Ryabinin , Alexander Potapenko , Christophe Leroy , Aneesh Kumar K.V , "Naveen N. Rao" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , , "H. Peter Anvin" , Madhavan Srinivasan CC: , , , , , Tong Tiangen , , Guohanjun Subject: [PATCH v13 0/5]arm64: add ARCH_HAS_COPY_MC support Date: Mon, 9 Dec 2024 10:42:52 +0800 Message-ID: <20241209024257.3618492-1-tongtiangen@huawei.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Originating-IP: [10.175.112.125] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To kwepemk500005.china.huawei.com (7.202.194.90) X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 801C6C0002 X-Rspam-User: X-Stat-Signature: rpcyxjjzwegukzm8thf46zn11o69hj1d X-HE-Tag: 1733712195-581145 X-HE-Meta: U2FsdGVkX1/Dai9j2h0JiYpFXWXV/2+ojhSLgO+N+X6C4ve6IIzhv6Bx0chGDJDq8Qoq2B0kujYM5OL95fjiPlMSqJFJBuNEksMXHSJTfL8dL00FWvYXKv3g00fnCz/pSqAWm0wQMJ8I/7zCfw2cEIguk/L9AKyDODxAcs2jqdo8H1D8CfVVI1TzvG9vYahbBzumK4nKgs7LAc2nicNv/Pb36fPTVervgjEXEsyMkzlywbDI4OsW+Dh6mAAWKBjgkxHYSQEYEXdfah/x0B3iV2QyXj5c2d29XHihUTw+BKC+N0A7exu+cTlgjnGzLDN1nOsllHsORyJTRIns3M8G5QgmcyPa2ITv8NEPWAuTd8Q1RmzU/wUC4CI8D/3X9Qo+4jj/Ftv4fw3eS3wdrv03ndqTwYT+EeAPEK5C6+NPYKruCReGqRxse2kYF+t6e2AdPJWMXCR7Kt16jhzczeCB4wW6a7+vuz2tOen53c3JiqqKANPenaeSsZLInKcGyTcwxqkQXsCJdpt470JiRjU7NfRZIENpGdY2607TXIijAqAtW7yQVZ+mnpML6y8CAYp3wvzkfltELpbYQl1+DXIRkRQ4LlDG++tByPiqe71r2aM7t4gCFlpytw+W2jeiCAB9BSWI14WOLTVCKLt0be4PHjIxZJIyKbeB94mEfXPnx++S/feR3WpiwEYTT3CS3CybSNxmh23JdIszycpTgoIN/UNaSyfix3CF6/gjKHymQk8ssOVWvgW0qsxBCELZFBZDr0RZUcI9GXfQ5eOwEkcqOXGC4T7MiyKaFkYCPSNb74oHdDJifrqw75Fx5sKcKxJCF11PF+nBpeWVEHAZ6BS+uPrspgAyJYLg0+ZkUWiar/9ZI2IB8Aro77ou8c8WOH9R5uZKxrQkaDl5AcmrMRYFV9yntMNFqys6UyMHQeqiyqOwVsk1bHQYiQp/6/kwwBTRX4hamIzIIeS+XcjQtQO haxOU1RC 4ZH5Vg7owjGV5j3pw8/q0ZQj7DCuWQ7l3srJYRdaWzRJSiIK4vzBtqoYWVw8GOfEqmV9s1MZ6UD4Ylw4FJA97ciO6RDAT0Mu7EE57zmK05UVMms4+z2cGjoWn8g48UVNBQ3qo8z9gK1kCHC1HNvBxIlkLL1DQwwUToOEqiZ9XjtINpTIbzxCNyWIalvs50b08YryJThKf4+eLH9DytD1uSwEZfG99Dlf+Vrk18qQQjk4NXkvLifNMRlBrBHfuozTszbmEgjxbQMARysu8OLZpZ4r9jKCWn2mdag0RJd8lCjEQQ6LIiNRltQle4dxVEiRir2mqdF2kc9rGpibtRApOGLJIzPwmxzOGBlEr237gsjU2ZIQ= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Problem ========= With the increase of memory capacity and density, the probability of memory error also increases. The increasing size and density of server RAM in data centers and clouds have shown increased uncorrectable memory errors. Currently, more and more scenarios that can tolerate memory errors,such as COW[1,2], KSM copy[3], coredump copy[4], khugepaged[5,6], uaccess copy[7], etc. Solution ========= This patchset introduces a new processing framework on ARM64, which enables ARM64 to support error recovery in the above scenarios, and more scenarios can be expanded based on this in the future. In arm64, memory error handling in do_sea(), which is divided into two cases: 1. If the user state consumed the memory errors, the solution is to kill the user process and isolate the error page. 2. If the kernel state consumed the memory errors, the solution is to panic. For case 2, Undifferentiated panic may not be the optimal choice, as it can be handled better. In some scenarios, we can avoid panic, such as uaccess, if the uaccess fails due to memory error, only the user process will be affected, killing the user process and isolating the user page with hardware memory errors is a better choice. [1] commit d302c2398ba2 ("mm, hwpoison: when copy-on-write hits poison, take page offline") [2] commit 1cb9dc4b475c ("mm: hwpoison: support recovery from HugePage copy-on-write faults") [3] commit 6b970599e807 ("mm: hwpoison: support recovery from ksm_might_need_to_copy()") [4] commit 245f09226893 ("mm: hwpoison: coredump: support recovery from dump_user_range()") [5] commit 98c76c9f1ef7 ("mm/khugepaged: recover from poisoned anonymous memory") [6] commit 12904d953364 ("mm/khugepaged: recover from poisoned file-backed memory") [7] commit 278b917f8cb9 ("x86/mce: Add _ASM_EXTABLE_CPY for copy user access") ------------------ Test result: 1. copy_page(), copy_mc_page() basic function test pass, and the disassembly contents remains the same before and after refactor. 2. copy_to/from_user() access kernel NULL pointer raise translation fault and dump error message then die(), test pass. 3. Test following scenarios: copy_from_user(), get_user(), COW. Before patched: trigger a hardware memory error then panic. After patched: trigger a hardware memory error without panic. Testing step: step1. start an user-process. step2. poison(einj) the user-process's page. step3: user-process access the poison page in kernel mode, then trigger SEA. step4: the kernel will not panic, only the user process is killed, the poison page is isolated. (before patched, the kernel will panic in do_sea()) ------------------ Benefits ========= According to the statistics of our storage product, the memory errors triggered in kernel-mode by COW and page cache read (uaccess) scenarios account for more than 50%, with this patchset deployed, all the kernel panic caused by COW and page cache memory errors are eliminated, in addition, other scenarios that account for a small proportion will also benefit. Since v12: Thanks to the suggestions of Jonathan, Mark, and Mauro, the following modifications are made: 1. Rebase to latest kernel version. 2. Patch1, add Jonathan's and Mauro's review-by. 3. Patch2, modified do_apei_claim_sea() according to Mark's and Jonathan's suggestions, and optimized the commit message according to Mark's suggestions(Added description of the impact on regular copy_to_user()). 4. Patch3, optimized the commit message according to Mauro's suggestions and add Jonathan's review-by. 5. Patch4, modified copy_mc_user_highpage() and Optimized the commit message according to Jonathan's suggestions(no functional changes). 6. Patch5, optimized the commit message according to Mauro's suggestions. 7. Patch4/5, FEAT_MOPS is added to the code logic. Currently, the fixup is not performed on the MOPS instruction. 8. Remove patch6 in v12 according to Jonathan's suggestions. Since v11: 1. Rebase to latest kernel version 6.9-rc1. 2. Add patch 5, Since the problem described in "Since V10 Besides 3" has been solved in a50026bdb867 ('iov_iter: get rid of 'copy_mc' flag'). 3. Add the benefit of applying the patch set to our company to the description of patch0. Since V10: Accroding Mark's suggestion: 1. Merge V10's patch2 and patch3 to V11's patch2. 2. Patch2(V11): use new fixup_type for ld* in copy_to_user(), fix fatal issues (NULL kernel pointeraccess) been fixup incorrectly. 3. Patch2(V11): refactoring the logic of do_sea(). 4. Patch4(V11): Remove duplicate assembly logic and remove do_mte(). Besides: 1. Patch2(V11): remove st* insn's fixup, st* generally not trigger memory error. 2. Split a part of the logic of patch2(V11) to patch5(V11), for detail, see patch5(V11)'s commit msg. 3. Remove patch6(v10) “arm64: introduce copy_mc_to_kernel() implementation”. During modification, some problems that cannot be solved in a short period are found. The patch will be released after the problems are solved. 4. Add test result in this patch. 5. Modify patchset title, do not use machine check and remove "-next". Since V9: 1. Rebase to latest kernel version 6.8-rc2. 2. Add patch 6/6 to support copy_mc_to_kernel(). Since V8: 1. Rebase to latest kernel version and fix topo in some of the patches. 2. According to the suggestion of Catalin, I attempted to modify the return value of function copy_mc_[user]_highpage() to bytes not copied. During the modification process, I found that it would be more reasonable to return -EFAULT when copy error occurs (referring to the newly added patch 4). For ARM64, the implementation of copy_mc_[user]_highpage() needs to consider MTE. Considering the scenario where data copying is successful but the MTE tag copying fails, it is also not reasonable to return bytes not copied. 3. Considering the recent addition of machine check safe support for multiple scenarios, modify commit message for patch 5 (patch 4 for V8). Since V7: Currently, there are patches supporting recover from poison consumption for the cow scenario[1]. Therefore, Supporting cow scenario under the arm64 architecture only needs to modify the relevant code under the arch/. [1]https://lore.kernel.org/lkml/20221031201029.102123-1-tony.luck@intel.com/ Since V6: Resend patches that are not merged into the mainline in V6. Since V5: 1. Add patch2/3 to add uaccess assembly helpers. 2. Optimize the implementation logic of arm64_do_kernel_sea() in patch8. 3. Remove kernel access fixup in patch9. All suggestion are from Mark. Since V4: 1. According Michael's suggestion, add patch5. 2. According Mark's suggestiog, do some restructuring to arm64 extable, then a new adaptation of machine check safe support is made based on this. 3. According Mark's suggestion, support machine check safe in do_mte() in cow scene. 4. In V4, two patches have been merged into -next, so V5 not send these two patches. Since V3: 1. According to Robin's suggestion, direct modify user_ldst and user_ldp in asm-uaccess.h and modify mte.S. 2. Add new macro USER_MC in asm-uaccess.h, used in copy_from_user.S and copy_to_user.S. 3. According to Robin's suggestion, using micro in copy_page_mc.S to simplify code. 4. According to KeFeng's suggestion, modify powerpc code in patch1. 5. According to KeFeng's suggestion, modify mm/extable.c and some code optimization. Since V2: 1. According to Mark's suggestion, all uaccess can be recovered due to memory error. 2. Scenario pagecache reading is also supported as part of uaccess (copy_to_user()) and duplication code problem is also solved. Thanks for Robin's suggestion. 3. According Mark's suggestion, update commit message of patch 2/5. 4. According Borisllav's suggestion, update commit message of patch 1/5. Since V1: 1.Consistent with PPC/x86, Using CONFIG_ARCH_HAS_COPY_MC instead of ARM64_UCE_KERNEL_RECOVERY. 2.Add two new scenes, cow and pagecache reading. 3.Fix two small bug(the first two patch). V1 in here: https://lore.kernel.org/lkml/20220323033705.3966643-1-tongtiangen@huawei.com/ Tong Tiangen (5): uaccess: add generic fallback version of copy_mc_to_user() arm64: add support for ARCH_HAS_COPY_MC mm/hwpoison: return -EFAULT when copy fail in copy_mc_[user]_highpage() arm64: support copy_mc_[user]_highpage() arm64: introduce copy_mc_to_kernel() implementation arch/arm64/Kconfig | 1 + arch/arm64/include/asm/asm-extable.h | 31 +++++++-- arch/arm64/include/asm/asm-uaccess.h | 4 ++ arch/arm64/include/asm/extable.h | 1 + arch/arm64/include/asm/mte.h | 9 +++ arch/arm64/include/asm/page.h | 10 +++ arch/arm64/include/asm/string.h | 5 ++ arch/arm64/include/asm/uaccess.h | 18 +++++ arch/arm64/lib/Makefile | 2 + arch/arm64/lib/copy_mc_page.S | 37 +++++++++++ arch/arm64/lib/copy_page.S | 62 ++---------------- arch/arm64/lib/copy_page_template.S | 70 ++++++++++++++++++++ arch/arm64/lib/copy_to_user.S | 10 +-- arch/arm64/lib/memcpy_mc.S | 98 ++++++++++++++++++++++++++++ arch/arm64/lib/mte.S | 29 ++++++++ arch/arm64/mm/copypage.c | 75 +++++++++++++++++++++ arch/arm64/mm/extable.c | 19 ++++++ arch/arm64/mm/fault.c | 30 ++++++--- arch/powerpc/include/asm/uaccess.h | 1 + arch/x86/include/asm/uaccess.h | 1 + include/linux/highmem.h | 16 +++-- include/linux/uaccess.h | 8 +++ mm/kasan/shadow.c | 12 ++++ mm/khugepaged.c | 4 +- 24 files changed, 472 insertions(+), 81 deletions(-) create mode 100644 arch/arm64/lib/copy_mc_page.S create mode 100644 arch/arm64/lib/copy_page_template.S create mode 100644 arch/arm64/lib/memcpy_mc.S