From: Breno Leitao <leitao@debian.org>
To: Miaohe Lin <linmiaohe@huawei.com>,
Naoya Horiguchi <nao.horiguchi@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Jonathan Corbet <corbet@lwn.net>,
Shuah Khan <skhan@linuxfoundation.org>,
David Hildenbrand <david@kernel.org>,
Lorenzo Stoakes <ljs@kernel.org>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@kernel.org>,
Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
linux-doc@vger.kernel.org, Breno Leitao <leitao@debian.org>,
kernel-team@meta.com
Subject: [PATCH v3 2/3] mm/memory-failure: add CONFIG_BOOTPARAM_MEMORY_FAILURE_PANIC option
Date: Mon, 13 Apr 2026 06:26:34 -0700 [thread overview]
Message-ID: <20260413-ecc_panic-v3-2-1dcbb2f12bc4@debian.org> (raw)
In-Reply-To: <20260413-ecc_panic-v3-0-1dcbb2f12bc4@debian.org>
Add a kernel configuration option to enable panic on unrecoverable
memory failures at boot time, similar to CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC
and CONFIG_BOOTPARAM_HARDLOCKUP_PANIC.
This allows systems that prioritize availability over recovery to
automatically panic when encountering unrecoverable kernel memory
failures. The behavior can still be controlled at runtime via the
panic_on_unrecoverable_memory_failure sysctl.
When enabled, the kernel will panic if:
* A memory failure affects kernel pages that cannot be recovered
* A memory failure affects high-order kernel pages
* A memory failure affects unknown page types that cannot be recovered
Examples of BOOTPARAM configuration usage:
1. Building with the panic option enabled by default:
CONFIG_BOOTPARAM_MEMORY_FAILURE_PANIC=y
2. Disabling at runtime even when compiled in:
echo 0 > /proc/sys/vm/panic_on_unrecoverable_memory_failure
3. Enabling at runtime when not compiled in by default:
echo 1 > /proc/sys/vm/panic_on_unrecoverable_memory_failure
Similar to other BOOTPARAM options, this provides a balance between:
- Safe defaults (disabled by default without CONFIG option)
- Production flexibility (can be enabled at build time)
- Runtime control (can be toggled via sysctl)
This is consistent with the kernel's approach to other panic-on-error
options that allow systems to choose between attempting recovery or
failing fast when critical errors are detected.
Signed-off-by: Breno Leitao <leitao@debian.org>
---
mm/Kconfig | 9 +++++++++
mm/memory-failure.c | 3 ++-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/mm/Kconfig b/mm/Kconfig
index ebd8ea353687e..596f24a872ff6 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -733,6 +733,15 @@ config MEMORY_FAILURE
even when some of its memory has uncorrected errors. This requires
special hardware support and typically ECC memory.
+config BOOTPARAM_MEMORY_FAILURE_PANIC
+ bool "Panic on unrecoverable memory failure"
+ depends on MEMORY_FAILURE
+ help
+ Say Y here to panic when an unrecoverable memory failure is
+ detected. This covers kernel pages, high-order kernel pages,
+ and unknown page types that cannot be recovered. Can be disabled
+ at runtime via the panic_on_unrecoverable_memory_failure sysctl.
+
config HWPOISON_INJECT
tristate "HWPoison pages injector"
depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 852c595aff108..cf06960b4d069 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -74,7 +74,8 @@ static int sysctl_memory_failure_recovery __read_mostly = 1;
static int sysctl_enable_soft_offline __read_mostly = 1;
-static int sysctl_panic_on_unrecoverable_mf __read_mostly;
+static int sysctl_panic_on_unrecoverable_mf __read_mostly =
+ IS_ENABLED(CONFIG_BOOTPARAM_MEMORY_FAILURE_PANIC);
atomic_long_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0);
--
2.52.0
next prev parent reply other threads:[~2026-04-13 13:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 13:26 [PATCH v3 0/3] mm/memory-failure: add panic option for unrecoverable pages Breno Leitao
2026-04-13 13:26 ` [PATCH v3 1/3] mm/memory-failure: report MF_MSG_KERNEL for reserved pages Breno Leitao
2026-04-13 13:26 ` Breno Leitao [this message]
2026-04-14 10:29 ` [PATCH v3 2/3] mm/memory-failure: add CONFIG_BOOTPARAM_MEMORY_FAILURE_PANIC option Breno Leitao
2026-04-13 13:26 ` [PATCH v3 3/3] Documentation: document panic_on_unrecoverable_memory_failure sysctl Breno Leitao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260413-ecc_panic-v3-2-1dcbb2f12bc4@debian.org \
--to=leitao@debian.org \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=david@kernel.org \
--cc=kernel-team@meta.com \
--cc=linmiaohe@huawei.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ljs@kernel.org \
--cc=mhocko@suse.com \
--cc=nao.horiguchi@gmail.com \
--cc=rppt@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=surenb@google.com \
--cc=vbabka@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.