From patchwork Thu Aug 27 16:32:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Luck, Tony" X-Patchwork-Id: 11741027 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5AE2A722 for ; Thu, 27 Aug 2020 16:32:11 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 261A92087C for ; Thu, 27 Aug 2020 16:32:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 261A92087C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1BF036B0002; Thu, 27 Aug 2020 12:32:10 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 16F6E6B0003; Thu, 27 Aug 2020 12:32:10 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0AE9C6B0006; Thu, 27 Aug 2020 12:32:10 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0169.hostedemail.com [216.40.44.169]) by kanga.kvack.org (Postfix) with ESMTP id E7FB26B0002 for ; Thu, 27 Aug 2020 12:32:09 -0400 (EDT) Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 9AF1D3ABB for ; Thu, 27 Aug 2020 16:32:09 +0000 (UTC) X-FDA: 77196890778.14.order21_08148a32706e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin14.hostedemail.com (Postfix) with ESMTP id 692B018229835 for ; Thu, 27 Aug 2020 16:32:09 +0000 (UTC) X-Spam-Summary: 1,0,0,,d41d8cd98f00b204,tony.luck@intel.com,,RULES_HIT:30003:30007:30012:30029:30051:30054:30064:30070:30083:30090,0,RBL:192.55.52.120:@intel.com:.lbl8.mailshell.net-62.50.0.100 64.95.201.95;04yg6yhr9pafeymrh15m3yua9kmr5ycbxw8y7uydchn46rkym7imi1kt3ezpak9.9ghpyqsertfurfwqypenwri4ie5xj5abwkpz3sq1tq3zdue6jm57m7g7obnpjbr.h-lbl8.mailshell.net-223.238.255.100,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:ft,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:24,LUA_SUMMARY:none X-HE-Tag: order21_08148a32706e X-Filterd-Recvd-Size: 5302 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by imf05.hostedemail.com (Postfix) with ESMTP for ; Thu, 27 Aug 2020 16:32:07 +0000 (UTC) IronPort-SDR: VrO7SCqD35W53P847akMentzxt3qLkFK4hWW0bKwBX1lCkIcKxtoYD9S6ksC4vhgZaeh5MxzPf om2c1oP71wXg== X-IronPort-AV: E=McAfee;i="6000,8403,9726"; a="153937772" X-IronPort-AV: E=Sophos;i="5.76,360,1592895600"; d="scan'208";a="153937772" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Aug 2020 09:32:06 -0700 IronPort-SDR: JaJtwHwfoRlhD9oee9kQXytAxOSTYBgdDbi4tlP7xPM/0YWghmC88IKX/0kZoae7ObIr2hAh/y 2yIB1G20MmCw== X-IronPort-AV: E=Sophos;i="5.76,360,1592895600"; d="scan'208";a="444504866" Received: from agluck-desk2.sc.intel.com ([10.3.52.68]) by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Aug 2020 09:32:05 -0700 From: Tony Luck To: Naoya Horiguchi Cc: Tony Luck , Andrew Morton , Borislav Petkov , Youquan Song , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFD PATCH] x86/mce: Make sure to send SIGBUS even after losing the race to poison a page Date: Thu, 27 Aug 2020 09:32:05 -0700 Message-Id: <20200827163205.23096-1-tony.luck@intel.com> X-Mailer: git-send-email 2.21.1 MIME-Version: 1.0 X-Rspamd-Queue-Id: 692B018229835 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam05 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: For discussion ... I'm 100% sure the patch below is the wrong way to fix this ... for one thing it doesn't provide the virtual address of the error to the user signal handler. For another it just looks like a hack. I'm just not sure whether to delve deep into the memory_failure() path to make sure the signal is sent to the current process in the SRAR case. Or just to do a better job at an error return value and make the X86 specific code send the signal with the address. I've also got a feeling that this issue has been discussed before, but can't remember how that turned out. First few paragraphs describe the problem (and I think are OK). Things go off the rails with the fix. -Tony X86 hardware may provide two indications that a page has poison. First the memory controller that detects the failed ECC check may log a UCNA (uncorrected no action) signature in one machine check bank and signal the OS with a CMCI (corrected machine check interrupt ... historical name did not get updated for this case). Next the processor core may log a SRAR (software recoverable action required) signature in another bank and signal with #MC. The #MC used to win that race and the page was taken offline and SIGBUS sent to the task. Changes to how Linux processes machine checks now mean that: a) Linux will offline the page based on the UCNA siganture in the CMCI handler. b) The machine check handler defers processing using task_work_add() which can happen after the CMCI is processed. memory_failure() avoids races with multiple callers reporting the same page with an atomic test and set operation to mark the page as poisoned. The net result of all of the above is that when a task consumes poison the page is taken offline by the UCNA/CMCI path, and the SRAR/#MC path takes an early return without sending a SIGBUS. Fix by changing memory_failure() to return -EEXIST in the case where the page is already poisoned and make the machine check code path check for this error and force a SIGBUS. Note that -EBUSY might have been a more logical error code, but that is already used for many other error cases from memory_failure(). Signed-off-by: Tony Luck --- arch/x86/kernel/cpu/mce/core.c | 7 +++++-- mm/memory-failure.c | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c index fb6b5f64f7e6..8515809e0472 100644 --- a/arch/x86/kernel/cpu/mce/core.c +++ b/arch/x86/kernel/cpu/mce/core.c @@ -1182,18 +1182,21 @@ static void kill_me_maybe(struct callback_head *cb) { struct task_struct *p = container_of(cb, struct task_struct, mce_kill_me); int flags = MF_ACTION_REQUIRED; + int ret; pr_err("Uncorrected hardware memory error in user-access at %llx", p->mce_addr); if (!p->mce_ripv) flags |= MF_MUST_KILL; - if (!memory_failure(p->mce_addr >> PAGE_SHIFT, flags)) { + ret = memory_failure(p->mce_addr >> PAGE_SHIFT, flags); + if (!ret) { set_mce_nospec(p->mce_addr >> PAGE_SHIFT, p->mce_whole_page); return; } - pr_err("Memory error not recovered"); + if (ret != -EEXIST) + pr_err("Memory error not recovered"); kill_me_now(cb); } diff --git a/mm/memory-failure.c b/mm/memory-failure.c index f1aa6433f404..e0486c4e0130 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1298,7 +1298,7 @@ int memory_failure(unsigned long pfn, int flags) if (TestSetPageHWPoison(p)) { pr_err("Memory failure: %#lx: already hardware poisoned\n", pfn); - return 0; + return -EEXIST; } orig_head = hpage = compound_head(p);