From: "Luck, Tony" <tony.luck@intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Ingo Molnar <mingo@kernel.org>,
Xiongfeng Wang <wangxiongfeng2@huawei.com>,
x86@kernel.org, linux-edac@vger.kernel.org, wanghai38@huawei.com,
bobo.shaobowang@huawei.com
Subject: Re: [RFC PATCH] x86/mce/inject: Add sanity check in inject_mce()
Date: Sat, 31 May 2025 15:00:14 -0700 [thread overview]
Message-ID: <aDt77p9GYCIRIOMa@agluck-desk3> (raw)
In-Reply-To: <20250531190724.GCaDtTbBgz3dFE-BDJ@fat_crate.local>
On Sat, May 31, 2025 at 09:07:24PM +0200, Borislav Petkov wrote:
> On Sat, May 31, 2025 at 08:04:58PM +0200, Ingo Molnar wrote:
> > What tool?
>
> mce-inject. The module.
>
> > Or if you mean the MCE-injection interface, that's not supposed to
> > trigger avoidable crashes either, it's an injection facility for
> > testing purposes:
>
> That's an injection facility to TEST THE MCE PANIC PATHS too. YES, IT VERY MUCH
> SHOULD TRIGGER CRASHES! That is actually a feature!
>
> I have fixed bugs in the MCE handler exactly because an MCE signature gets
> injected unfettered.
>
> > It's really simple really:
> >
> > - If the kernel unnecessarily locks up on the receipt of a
> > hardware-generated MCE then that's a kernel bug that
> > should be fixed.
>
> This is not a hw generated MCE - this is a user-generated MCE signature.
> I think you're confusing things here.
>
> > - If the kernel unnecessarily locks up on the receipt of a
> > software-generated MCE then that's a kernel bug that
> > should be fixed.
>
> No, it isn't. I can inject a MCE which will lock up the whole machine. And
> that's a valid MCE which can also be raised by hw.
>
> > TL;DR, this is not an acceptable kernel response:
>
> It is very much a valid kernel response. The MCE injection module allows for
> testing the MCE panic path with all that is involved in it, including the
> machine dying.
>
> Yes, because MCE is special and it can and *should* cause panics.
>
> So for patches like this one which is masssaging the MCE - and which is also
> wrong for other reasons - not every Intel uarch supports local MCEs:
>
> NAK!
I'm solidly with Boris on this one. I don't want mce-inject to sanity
check, or second guess and "fix" the signature that I requested. I want
it to do what I asked it to do.
1) Sometimes I want to force a crash from a particular signature because
I want to check that Linux accurately logs the signature of the error
that I injected.
2) Sometimes I want to inject "impossible" signatures that can't happen
on any CPU today, but I know will be a recoverable error on a future
processor. That's how much of the early machine check recovery code was
developed and tested.
-Tony
next prev parent reply other threads:[~2025-05-31 22:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-29 3:32 [RFC PATCH] x86/mce/inject: Add sanity check in inject_mce() Xiongfeng Wang
2025-05-29 9:45 ` Borislav Petkov
2025-05-31 8:14 ` Ingo Molnar
2025-05-31 9:17 ` Borislav Petkov
2025-05-31 18:04 ` Ingo Molnar
2025-05-31 19:07 ` Borislav Petkov
2025-05-31 22:00 ` Luck, Tony [this message]
2025-06-11 17:41 ` Yazen Ghannam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aDt77p9GYCIRIOMa@agluck-desk3 \
--to=tony.luck@intel.com \
--cc=bobo.shaobowang@huawei.com \
--cc=bp@alien8.de \
--cc=linux-edac@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=wanghai38@huawei.com \
--cc=wangxiongfeng2@huawei.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox