Re: [PATCH v3 1/3] mm: handle poisoning of pfn without struct pages

From: Miaohe Lin
Date: Fri Oct 24 2025 - 02:34:34 EST

Next message: Adrian Hunter: "Re: [PATCH v5 2/2] mmc: sdhci-of-dwcmshc: Add support for Eswin EIC7700"
Previous message: Ranganath V N: "Re: [syzbot] [sctp?] KMSAN: uninit-value in sctp_inq_pop (3)"
Next in thread: Shuai Xue: "Re: [PATCH v3 1/3] mm: handle poisoning of pfn without struct pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2025/10/21 18:23, ankita@xxxxxxxxxx wrote:
> From: Ankit Agrawal <ankita@xxxxxxxxxx>
>
> The kernel MM currently does not handle ECC errors / poison on a memory
> region that is not backed by struct pages. If a memory region mapped
> using remap_pfn_range() for example, but not added to the kernel, MM
> will not have associated struct pages. Add a new mechanism to handle
> memory failure on such memory.
>
> Make kernel MM expose a function to allow modules managing the device
> memory to register the device memory SPA and the address space associated
> it. MM maintains this information as an interval tree. On poison, MM can
> search for the range that the poisoned PFN belong and use the address_space
> to determine the mapping VMA.
>
> In this implementation, kernel MM follows the following sequence that is
> largely similar to the memory_failure() handler for struct page backed
> memory:
> 1. memory_failure() is triggered on reception of a poison error. An
> absence of struct page is detected and consequently memory_failure_pfn()
> is executed.
> 2. memory_failure_pfn() collects the processes mapped to the PFN.
> 3. memory_failure_pfn() sends SIGBUS to all the processes mapping the
> poisoned PFN using kill_procs().
>
> Note that there is one primary difference versus the handling of the
> poison on struct pages, which is to skip unmapping to the faulty PFN.
> This is done to handle the huge PFNMAP support added recently [1] that
> enables VM_PFNMAP vmas to map in either PMD level. Otherwise, a poison
> to a PFN would need breaking the PMD mapping into PTEs to unmap only
> the poisoned PFN. This will have a major performance impact.
>
> Link: https://lore.kernel.org/all/20240826204353.2228736-1-peterx@xxxxxxxxxx/ [1]
>
> Signed-off-by: Ankit Agrawal <ankita@xxxxxxxxxx>

Thanks for your patch. Some comments below.

> ---
> MAINTAINERS | 1 +
> include/linux/memory-failure.h | 17 +++++
> include/linux/mm.h | 1 +
> include/ras/ras_event.h | 1 +
> mm/Kconfig | 1 +
> mm/memory-failure.c | 128 ++++++++++++++++++++++++++++++++-
> 6 files changed, 148 insertions(+), 1 deletion(-)
> create mode 100644 include/linux/memory-failure.h
>
> diff --git a/MAINTAINERS b/MAINTAINERS
> index 520fb4e379a3..463d062d0386 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -11359,6 +11359,7 @@ M: Miaohe Lin <linmiaohe@xxxxxxxxxx>
> R: Naoya Horiguchi <nao.horiguchi@xxxxxxxxx>
> L: linux-mm@xxxxxxxxx
> S: Maintained
> +F: include/linux/memory-failure.h
> F: mm/hwpoison-inject.c
> F: mm/memory-failure.c
>
> diff --git a/include/linux/memory-failure.h b/include/linux/memory-failure.h
> new file mode 100644
> index 000000000000..bc326503d2d2
> --- /dev/null
> +++ b/include/linux/memory-failure.h
> @@ -0,0 +1,17 @@
> +/* SPDX-License-Identifier: GPL-2.0 */
> +#ifndef _LINUX_MEMORY_FAILURE_H
> +#define _LINUX_MEMORY_FAILURE_H
> +
> +#include <linux/interval_tree.h>
> +
> +struct pfn_address_space;

Do we need this declaration?

> +
> +struct pfn_address_space {
> + struct interval_tree_node node;
> + struct address_space *mapping;
> +};
> +

<snip>

> +static int memory_failure_pfn(unsigned long pfn, int flags)
> +{
> + struct interval_tree_node *node;
> + LIST_HEAD(tokill);
> +
> + mutex_lock(&pfn_space_lock);
> + /*
> + * Modules registers with MM the address space mapping to the device memory they
> + * manage. Iterate to identify exactly which address space has mapped to this
> + * failing PFN.
> + */
> + for (node = interval_tree_iter_first(&pfn_space_itree, pfn, pfn); node;
> + node = interval_tree_iter_next(node, pfn, pfn)) {
> + struct pfn_address_space *pfn_space =
> + container_of(node, struct pfn_address_space, node);
> +
> + collect_procs_pfn(pfn_space->mapping, pfn, &tokill);
> + }
> + mutex_unlock(&pfn_space_lock);
> +
> + /*
> + * Unlike System-RAM there is no possibility to swap in a different
> + * physical page at a given virtual address, so all userspace
> + * consumption of direct PFN memory necessitates SIGBUS (i.e.
> + * MF_MUST_KILL)
> + */
> + flags |= MF_ACTION_REQUIRED | MF_MUST_KILL;
> +
> + kill_procs(&tokill, true, pfn, flags);
> +

If pfn doesn't belong to any address space mapping, it's still counted as MF_RECOVERED?

> + return action_result(pfn, MF_MSG_PFN_MAP, MF_RECOVERED);
> +}
> +
> /**
> * memory_failure - Handle memory failure of a page.
> * @pfn: Page Number of the corrupted page
> @@ -2259,6 +2380,11 @@ int memory_failure(unsigned long pfn, int flags)
> if (!(flags & MF_SW_SIMULATED))
> hw_memory_failure = true;
>
> + if (!pfn_valid(pfn) && !arch_is_platform_page(PFN_PHYS(pfn))) {

It's better to have some comments for this case.

> + res = memory_failure_pfn(pfn, flags);
> + goto unlock_mutex;
> + }
> +
> p = pfn_to_online_page(pfn);
> if (!p) {
> res = arch_memory_failure(pfn, flags);

Can we move above memory_failure_pfn block here? I'm worried that too many scenario branches might
lead to confusion.

Thanks.
.

Next message: Adrian Hunter: "Re: [PATCH v5 2/2] mmc: sdhci-of-dwcmshc: Add support for Eswin EIC7700"
Previous message: Ranganath V N: "Re: [syzbot] [sctp?] KMSAN: uninit-value in sctp_inq_pop (3)"
Next in thread: Shuai Xue: "Re: [PATCH v3 1/3] mm: handle poisoning of pfn without struct pages"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]