From: Ingo Molnar <mingo@kernel.org>
To: Borislav Petkov <bp@suse.de>
Cc: Tony Luck <tony.luck@intel.com>, X86-ML <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
ashok.raj@intel.com, gong.chen@linux.intel.com,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH 1/7] x86/mce: Provide a lockless memory pool to save error records
Date: Tue, 21 Jul 2015 10:29:49 +0200 [thread overview]
Message-ID: <20150721082949.GA2367@gmail.com> (raw)
In-Reply-To: <1437032661-15521-1-git-send-email-bp@suse.de>
* Borislav Petkov <bp@suse.de> wrote:
> From: "Chen, Gong" <gong.chen@linux.intel.com>
> diff --git a/arch/x86/include/uapi/asm/mce.h b/arch/x86/include/uapi/asm/mce.h
> index a0eab85ce7b8..76880ede9a35 100644
> --- a/arch/x86/include/uapi/asm/mce.h
> +++ b/arch/x86/include/uapi/asm/mce.h
> @@ -15,7 +15,8 @@ struct mce {
> __u64 time; /* wall time_t when error was detected */
> __u8 cpuvendor; /* cpu vendor as encoded in system.h */
> __u8 inject_flags; /* software inject flags */
> - __u16 pad;
> + __u8 severity;
> + __u8 usable_addr;
> __u32 cpuid; /* CPUID 1 EAX */
> __u8 cs; /* code segment */
> __u8 bank; /* machine check bank */
So this change appears to be completely unrelated to the stated purpose of this
patch?
> +/*
> + * printk() is not safe in MCE context. This is a lock-less memory allocator
> + * used to save error information organized in a lock-less list.
> + *
> + * This memory pool is only to be used to save MCE records in MCE context.
> + * MCE events are rare so a fixed size memory pool should be enough. Use
Missing comma.
> + * 2 pages to save MCE events for now (~80 MCE records at most).
> + */
> +#define MCE_POOLSZ (2 * PAGE_SIZE)
> +bool mce_genpool_add(struct mce *mce)
> +{
> + struct mce_evt_llist *node;
> +
> + if (!mce_evt_pool)
> + return false;
> +
> + node = (void *)gen_pool_alloc(mce_evt_pool, sizeof(*node));
> + if (!node) {
> + pr_warn_ratelimited("MCE records pool full!\n");
> + return false;
> + }
> +
> + memcpy(&node->mce, mce, sizeof(*mce));
> + llist_add(&node->llnode, &mce_event_llist);
> +
> + return true;
> +}
So I think the standard pattern for allocation failures with integer types is to
return -ENOMEM, not bool. This really matters, because:
> +
> +static int mce_genpool_create(void)
> +{
> + struct gen_pool *tmpp;
> + int ret = -ENOMEM;
> +
> + tmpp = gen_pool_create(ilog2(sizeof(struct mce_evt_llist)), -1);
> + if (!tmpp)
> + goto out;
> +
> + ret = gen_pool_add(tmpp, (unsigned long)genpool_buf, MCE_POOLSZ, -1);
> + if (ret) {
> + gen_pool_destroy(tmpp);
> + goto out;
here gen_pool_add() has an inverted logic, and they looks confusing.
Furthermore, why do we spell it 'mce_genpool' if the generic facility is spelling
it gen_pool?
Also, I'm questioning the whole premise of the patches:
> +/*
> + * printk() is not safe in MCE context. This is a lock-less memory allocator
> + * used to save error information organized in a lock-less list.
> + *
> + * This memory pool is only to be used to save MCE records in MCE context.
> + * MCE events are rare so a fixed size memory pool should be enough. Use
So how are we going to report uncorrectable errors that forcibly crash/panic the
system if we cannot use printk? How will the admin learn what was amiss?
Thanks,
Ingo
next prev parent reply other threads:[~2015-07-21 8:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-10 21:57 [GIT PULL] x86/ras material for 4.3 queue Luck, Tony
2015-07-15 11:30 ` Ingo Molnar
2015-07-16 7:39 ` Borislav Petkov
2015-07-16 7:44 ` [PATCH 1/7] x86/mce: Provide a lockless memory pool to save error records Borislav Petkov
2015-07-16 7:44 ` [PATCH 2/7] x86/mce: Don't use percpu workqueues Borislav Petkov
2015-07-16 7:44 ` [PATCH 3/7] x86/mce: Remove the MCE ring for Action Optional errors Borislav Petkov
2015-07-16 7:44 ` [PATCH 4/7] x86/mce: Avoid potential deadlock due to printk() in MCE context Borislav Petkov
2015-07-16 7:44 ` [PATCH 5/7] x86/mce: Kill drain_mcelog_buffer() Borislav Petkov
2015-07-16 7:44 ` [PATCH 6/7] x86/mce: Remove unused function declarations Borislav Petkov
2015-07-16 7:44 ` [PATCH 7/7] x86/mce: Clear Local MCE opt-in before kexec Borislav Petkov
2015-07-17 1:16 ` Andy Lutomirski
2015-07-17 4:52 ` Raj, Ashok
2015-07-21 8:29 ` Ingo Molnar [this message]
2015-07-21 10:03 ` [PATCH 1/7] x86/mce: Provide a lockless memory pool to save error records Borislav Petkov
2015-07-21 10:08 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150721082949.GA2367@gmail.com \
--to=mingo@kernel.org \
--cc=a.p.zijlstra@chello.nl \
--cc=ashok.raj@intel.com \
--cc=bp@suse.de \
--cc=gong.chen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.