From patchwork Wed Oct 19 17:08:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tony Luck X-Patchwork-Id: 13012188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1510CC433FE for ; Wed, 19 Oct 2022 17:08:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 36DB26B0072; Wed, 19 Oct 2022 13:08:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 31E266B0073; Wed, 19 Oct 2022 13:08:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 20CA56B0074; Wed, 19 Oct 2022 13:08:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 123BA6B0072 for ; Wed, 19 Oct 2022 13:08:47 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id C271780DC7 for ; Wed, 19 Oct 2022 17:08:46 +0000 (UTC) X-FDA: 80038333452.29.F631639 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by imf26.hostedemail.com (Postfix) with ESMTP id 52547140038 for ; Wed, 19 Oct 2022 17:08:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666199325; x=1697735325; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Zm5MM+MQE2zvO00SCaUTpTsivTJ9TberyUbpMfFKGfw=; b=TeqvmlnsXfpJ2l1A87RloE1GETZGUGq+2JFxU9wbh4Avd8yfrgNq9Qr9 qS9k2mWnvtC9hMVDLwQrKil2GXHeMx6hO4O5ZHbDrrDANPb7CtLLIalr2 no1U0wRJl4ow7FcV5Ef2jdx+kteFVnGFHfoDmoTFin7KHHrXCCod2OOht eKcfbauiHIxQ8aIQEeOiNDurjUj52/5Dj3MJGXW7wrE+k5wUIBTMW69PP Lbe/gB+Q5VDVcwVoMbZe5sLyK+BWL7wqhJyJjSLeidVwDYaMIvz+yYlsI tTIbEdiisuAV+ZHDb46RGpvxIRt6xcFRxxrABNkKQrvipkzxOdMDQNAKs Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10505"; a="307581305" X-IronPort-AV: E=Sophos;i="5.95,196,1661842800"; d="scan'208";a="307581305" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Oct 2022 10:08:43 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10505"; a="692489392" X-IronPort-AV: E=Sophos;i="5.95,196,1661842800"; d="scan'208";a="692489392" Received: from agluck-desk3.sc.intel.com ([172.25.222.78]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Oct 2022 10:08:43 -0700 From: Tony Luck To: Naoya Horiguchi , Andrew Morton Cc: Miaohe Lin , Matthew Wilcox , Shuai Xue , Dan Williams , Michael Ellerman , Nicholas Piggin , Christophe Leroy , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, Tony Luck Subject: [PATCH v2] mm, hwpoison: Try to recover from copy-on write faults Date: Wed, 19 Oct 2022 10:08:35 -0700 Message-Id: <20221019170835.155381-1-tony.luck@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: References: MIME-Version: 1.0 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666199326; a=rsa-sha256; cv=none; b=bpEq3/mrb0veIJX/hLeslx8wulClUoDaVDLqWGT1XclJpnJHdBoDbbCsQLpAtnV9mgyPLB athaKt3C+DW7yXH0QG/33uSaLmoz7fnwThOoAsYHtmESUV//hI0dYl5uHJeaQMDHN9xo9F NsspL1emjN713wKJlQTVd9FXA1BBWFk= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=Teqvmlns; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf26.hostedemail.com: domain of tony.luck@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=tony.luck@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666199326; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mg17RKhj2cyO0hsFRQbb2CKKXVOghmd5CwXAEz25N/Q=; b=X2+a5T0zmELvpLIMs7TREtmxSXQxgR3QGTvO0eYtVnBzptb3HtyWrx2eKWYmXXITXRHiNp kxInOwLIGW9Hqy/2OcJA7luaINGfHfSAqfqyai1Bb0w2H4Bzdmni6eQ4btQ/bWqsLoKKGh NjNY6PtxQqLtPHjJNe21ZbBE9z0l3go= X-Rspamd-Queue-Id: 52547140038 Authentication-Results: imf26.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=Teqvmlns; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf26.hostedemail.com: domain of tony.luck@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=tony.luck@intel.com X-Rspam-User: X-Rspamd-Server: rspam08 X-Stat-Signature: e4d8w7ohhtniwnmh9nxu5gdsxm3pfge3 X-HE-Tag: 1666199324-649508 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: If the kernel is copying a page as the result of a copy-on-write fault and runs into an uncorrectable error, Linux will crash because it does not have recovery code for this case where poison is consumed by the kernel. It is easy to set up a test case. Just inject an error into a private page, fork(2), and have the child process write to the page. I wrapped that neatly into a test at: git://git.kernel.org/pub/scm/linux/kernel/git/aegl/ras-tools.git just enable ACPI error injection and run: # ./einj_mem-uc -f copy-on-write Add a new copy_user_highpage_mc() function that uses copy_mc_to_kernel() on architectures where that is available (currently x86 and powerpc). When an error is detected during the page copy, return VM_FAULT_HWPOISON to caller of wp_page_copy(). This propagates up the call stack. Both x86 and powerpc have code in their fault handler to deal with this code by sending a SIGBUS to the application. Note that this patch avoids a system crash and signals the process that triggered the copy-on-write action. It does not take any action for the memory error that is still in the shared page. To handle that a call to memory_failure() is needed. But this cannot be done from wp_page_copy() because it holds mmap_lock(). Perhaps the architecture fault handlers can deal with this loose end in a subsequent patch? On Intel/x86 this loose end will often be handled automatically because the memory controller provides an additional notification of the h/w poison in memory, the handler for this will call memory_failure(). This isn't a 100% solution. If there are multiple errors, not all may be logged in this way. Signed-off-by: Tony Luck Reviewed-by: Dan Williams Signed-off-by: Tony Luck --- Changes in V2: Naoya Horiguchi: 1) Use -EHWPOISON error code instead of minus one. 2) Poison path needs also to deal with old_page Tony Luck: Rewrote commit message Added some powerpc folks to Cc: list --- include/linux/highmem.h | 19 +++++++++++++++++++ mm/memory.c | 28 +++++++++++++++++++--------- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/include/linux/highmem.h b/include/linux/highmem.h index e9912da5441b..5967541fbf0e 100644 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -319,6 +319,25 @@ static inline void copy_user_highpage(struct page *to, struct page *from, #endif +static inline int copy_user_highpage_mc(struct page *to, struct page *from, + unsigned long vaddr, struct vm_area_struct *vma) +{ + unsigned long ret = 0; +#ifdef copy_mc_to_kernel + char *vfrom, *vto; + + vfrom = kmap_local_page(from); + vto = kmap_local_page(to); + ret = copy_mc_to_kernel(vto, vfrom, PAGE_SIZE); + kunmap_local(vto); + kunmap_local(vfrom); +#else + copy_user_highpage(to, from, vaddr, vma); +#endif + + return ret; +} + #ifndef __HAVE_ARCH_COPY_HIGHPAGE static inline void copy_highpage(struct page *to, struct page *from) diff --git a/mm/memory.c b/mm/memory.c index f88c351aecd4..a32556c9b689 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2848,8 +2848,14 @@ static inline int pte_unmap_same(struct vm_fault *vmf) return same; } -static inline bool __wp_page_copy_user(struct page *dst, struct page *src, - struct vm_fault *vmf) +/* + * Return: + * -EHWPOISON: copy failed due to hwpoison in source page + * 0: copied failed (some other reason) + * 1: copied succeeded + */ +static inline int __wp_page_copy_user(struct page *dst, struct page *src, + struct vm_fault *vmf) { bool ret; void *kaddr; @@ -2860,8 +2866,9 @@ static inline bool __wp_page_copy_user(struct page *dst, struct page *src, unsigned long addr = vmf->address; if (likely(src)) { - copy_user_highpage(dst, src, addr, vma); - return true; + if (copy_user_highpage_mc(dst, src, addr, vma)) + return -EHWPOISON; + return 1; } /* @@ -2888,7 +2895,7 @@ static inline bool __wp_page_copy_user(struct page *dst, struct page *src, * and update local tlb only */ update_mmu_tlb(vma, addr, vmf->pte); - ret = false; + ret = 0; goto pte_unlock; } @@ -2913,7 +2920,7 @@ static inline bool __wp_page_copy_user(struct page *dst, struct page *src, if (!likely(pte_same(*vmf->pte, vmf->orig_pte))) { /* The PTE changed under us, update local tlb */ update_mmu_tlb(vma, addr, vmf->pte); - ret = false; + ret = 0; goto pte_unlock; } @@ -2932,7 +2939,7 @@ static inline bool __wp_page_copy_user(struct page *dst, struct page *src, } } - ret = true; + ret = 1; pte_unlock: if (locked) @@ -3104,6 +3111,7 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf) pte_t entry; int page_copied = 0; struct mmu_notifier_range range; + int ret; delayacct_wpcopy_start(); @@ -3121,19 +3129,21 @@ static vm_fault_t wp_page_copy(struct vm_fault *vmf) if (!new_page) goto oom; - if (!__wp_page_copy_user(new_page, old_page, vmf)) { + ret = __wp_page_copy_user(new_page, old_page, vmf); + if (ret <= 0) { /* * COW failed, if the fault was solved by other, * it's fine. If not, userspace would re-fault on * the same address and we will handle the fault * from the second attempt. + * The -EHWPOISON case will not be retried. */ put_page(new_page); if (old_page) put_page(old_page); delayacct_wpcopy_end(); - return 0; + return ret == -EHWPOISON ? VM_FAULT_HWPOISON : 0; } kmsan_copy_page_meta(new_page, old_page); }