Re: [RFC PATCH 0/3] Machine check recovery when kernel accesses poison

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Luck, Tony" <tony.luck@intel.com>
To: Borislav Petkov <bp@alien8.de>
Cc: linux-kernel@vger.kernel.org, linux-edac@vger.kernel.org, x86@kernel.org
Subject: Re: [RFC PATCH 0/3] Machine check recovery when kernel accesses poison
Date: Tue, 10 Nov 2015 13:55:46 -0800	[thread overview]
Message-ID: <20151110215546.GA28172@agluck-desk.sc.intel.com> (raw)
In-Reply-To: <20151110112101.GB19187@pd.tnic>

On Tue, Nov 10, 2015 at 12:21:01PM +0100, Borislav Petkov wrote:
> Just a general, why-do-we-do-this, question: on big systems, the memory
> occupied by the kernel is a very small percentage compared to whole RAM,
> right? And yet we want to recover from there too? Not, say, kexec...

I need to add more to the motivation part of this. The people who want
this are playing with NVDIMMs as storage. So think of many GBytes of
non-volatile memory on the source end of the memcpy(). People are used
to disk errors just giving them a -EIO error. They'll be unhappy if an
NVDIMM error crashes the machine.

> > Note that I also fudge the return value.  I'd like in the future
> > to be able to write a "mcsafe_copy_from_user()" function that
> > would be annotated both for page faults, to return a count of
> > bytes uncopied, or an indication that there was a machine check.
> > Hence the BIT(63) bit.  Internal feedback suggested we'd need
> > some IS_ERR() like macros to help users decode what happened
> > to take the right action.  But this is "RFC" to see if people
> > have better ideas on how to handle this.
> 
> Hmm, shouldn't this be using MF_ACTION_REQUIRED or even maybe a new MF_
> flag which is converted into a BUS_MCEERR_AR si_code and thus current
> gets a signal?
> 
> Only setting bit 63 looks a bit flaky to me...

It will be up to the caller to figure out what action to take. In
the NVDIMM filessytem scenario outlined above the result may be -EIO
for a data block ... something more drastic if we were reading metadata.

When I get around to writing mcsafe_copy_from_user() the code might
end up like:

some_syscall_e_g_write(void __user *buf, size_t cnt)
{
	u64 ret;

	ret = mcsafe_copy_from_user(kbuf, buf, cnt);

	if (ret & BIT(63)) {
		do some machine check thing ... e.g.
		send a SIGBUS to this process and return -EINTR
		This is where we use the address (after converting
		back to a user virtual address).
	} else if (ret) {
		user gave us a bad buffer: return -EFAULT
	} else {
		success!!!
	}
}

Which all looks quite ugly in long-hand ... I'm hoping that with
some pretty macros we can make it pretty.

-Tony

next prev parent reply	other threads:[~2015-11-10 21:55 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-09 18:26 [RFC PATCH 0/3] Machine check recovery when kernel accesses poison Tony Luck
2015-11-06 20:57 ` [PATCH 1/3] x86, ras: Add new infrastructure for machine check fixup tables Tony Luck
2015-11-10 11:21   ` Borislav Petkov
2015-11-10 22:05     ` Luck, Tony
2015-11-12  4:14   ` Andy Lutomirski
2015-11-12 19:44     ` Luck, Tony
2015-11-12 20:04       ` Andy Lutomirski
2015-11-12 21:17         ` Luck, Tony
2015-11-06 21:01 ` [PATCH 2/3] x86, ras: Extend machine check recovery code to annotated ring0 areas Tony Luck
2015-11-10 11:21   ` Borislav Petkov
2015-11-10 22:11     ` Luck, Tony
2015-11-11 11:01       ` Borislav Petkov
2015-11-12  4:19   ` Andy Lutomirski
2015-11-12 19:55     ` Luck, Tony
2015-11-06 21:08 ` [PATCH 3/3] x86, ras: Add mcsafe_memcpy() function to recover from machine checks Tony Luck
2015-11-12  7:53   ` Ingo Molnar
2015-11-12 20:01     ` Luck, Tony
2015-11-27 10:16       ` Ingo Molnar
2015-12-08 21:30         ` Dan Williams
2015-12-08 22:08           ` Luck, Tony
2015-12-14  9:55           ` Ingo Molnar
2015-11-09 18:48 ` [RFC PATCH 0/3] Machine check recovery when kernel accesses poison Tony Luck
2015-11-10 11:21 ` Borislav Petkov
2015-11-10 21:55   ` Luck, Tony [this message]
2015-11-11 20:41     ` Borislav Petkov
2015-11-11 21:48       ` Luck, Tony
2015-11-11 22:28         ` Borislav Petkov
2015-11-11 22:32           ` Luck, Tony

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151110215546.GA28172@agluck-desk.sc.intel.com \
    --to=tony.luck@intel.com \
    --cc=bp@alien8.de \
    --cc=linux-edac@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox