Re: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling

From: Borislav Petkov
Date: Tue Feb 18 2025 - 07:25:02 EST

Next message: Diogo Ivo: "Re: [PATCH net-next v2 1/3] net: ti: icssg-prueth: Use page_pool API for RX buffer allocation"
Previous message: Tommaso Merciai: "Re: [PATCH 8/8] media: rzg2l-cru: rzg2l-core: Use devm_pm_runtime_enable()"
In reply to: Shuai Xue: "Re: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling"
Next in thread: Shuai Xue: "Re: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 18, 2025 at 07:31:34PM +0800, Shuai Xue wrote:
> Kernel can recover from poison found while copying from user space.

Where was that poison found? On user pages? So reading them consumes the
poison?

So you're not really seeing real issues on real hw - you're using ras tools to
trigger those, correct?

If so, what guarantees ras tools are doing the right thing?

> MCE check the fixup handler type to decide whether an in kernel #MC can be
> recovered. When EX_TYPE_UACCESS is found,

Sounds like poison on user memory...

> the PC jumps to recovery code specified in _ASM_EXTABLE_FAULT() and return
> a -EFAULT to user space.

> For instr case:
>
> If a poison found while instruction fetching in user space, full recovery is
> possible. User process takes #PF, Linux allocates a new page and fills by
> reading from storage.
>
> > 3. What actually happens and why
>
> For copyin case: kernel panic since v5.17
>
> Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new extable
> fixup type, EX_TYPE_EFAULT_REG, and later patches updated the extable fixup
> type for copy-from-user operations, changing it from EX_TYPE_UACCESS to
> EX_TYPE_EFAULT_REG.

What do futexes have to do with copying user memory?

> For instr case: user process is killed by a SIGBUS signal
>
> Commit 046545a661af ("mm/hwpoison: fix error page recovered but reported "not
> recovered"") introduced a bug that kill_accessing_process() return -EHWPOISON
> for instr case, as result, kill_me_maybe() send a SIGBUS to user process.

This makes my head hurt... a race between the CMCI reporting an uncorrected
error... why does the CMCI report uncorrected errors? This sounds like some
nasty confusion.

And you've basically reused the format and wording of 046545a661af for your
commit message and makes staring at those a PITA.

Tony, what's going on with that CMCI and SRAR race?

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Diogo Ivo: "Re: [PATCH net-next v2 1/3] net: ti: icssg-prueth: Use page_pool API for RX buffer allocation"
Previous message: Tommaso Merciai: "Re: [PATCH 8/8] media: rzg2l-cru: rzg2l-core: Use devm_pm_runtime_enable()"
In reply to: Shuai Xue: "Re: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling"
Next in thread: Shuai Xue: "Re: [PATCH v2 0/5] mm/hwpoison: Fix regressions in memory failure handling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]