From: Tong Tiangen <tongtiangen@huawei.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Robin Murphy <robin.murphy@arm.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>, <x86@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>,
<linuxppc-dev@lists.ozlabs.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Xie XiuQi <xiexiuqi@huawei.com>, Guohanjun <guohanjun@huawei.com>
Subject: Re: [PATCH -next v4 3/7] arm64: add support for machine check error safe
Date: Thu, 19 May 2022 14:29:54 +0800 [thread overview]
Message-ID: <46e5954c-a9a8-f4a8-07cc-de42e2753051@huawei.com> (raw)
In-Reply-To: <Yn54mA7KnlAs1dER@lakrids>
在 2022/5/13 23:26, Mark Rutland 写道:
> On Wed, Apr 20, 2022 at 03:04:14AM +0000, Tong Tiangen wrote:
>> During the processing of arm64 kernel hardware memory errors(do_sea()), if
>> the errors is consumed in the kernel, the current processing is panic.
>> However, it is not optimal.
>>
>> Take uaccess for example, if the uaccess operation fails due to memory
>> error, only the user process will be affected, kill the user process
>> and isolate the user page with hardware memory errors is a better choice.
>
> Conceptually, I'm fine with the idea of constraining what we do for a
> true uaccess, but I don't like the implementation of this at all, and I
> think we first need to clean up the arm64 extable usage to clearly
> distinguish a uaccess from another access.
OK,using EX_TYPE_UACCESS and this extable type could be recover, this is
more reasonable.
For EX_TYPE_UACCESS_ERR_ZERO, today we use it for kernel accesses in a
couple of cases, such as
get_user/futex/__user_cache_maint()/__user_swpX_asm(), your suggestion is:
get_user continues to use EX_TYPE_UACCESS_ERR_ZERO and the other cases
use new type EX_TYPE_FIXUP_ERR_ZERO?
Thanks,
Tong.
>
>> This patch only enable machine error check framework, it add exception
>> fixup before kernel panic in do_sea() and only limit the consumption of
>> hardware memory errors in kernel mode triggered by user mode processes.
>> If fixup successful, panic can be avoided.
>>
>> Consistent with PPC/x86, it is implemented by CONFIG_ARCH_HAS_COPY_MC.
>>
>> Also add copy_mc_to_user() in include/linux/uaccess.h, this helper is
>> called when CONFIG_ARCH_HAS_COPOY_MC is open.
>>
>> Signed-off-by: Tong Tiangen <tongtiangen@huawei.com>
>> ---
>> arch/arm64/Kconfig | 1 +
>> arch/arm64/include/asm/extable.h | 1 +
>> arch/arm64/mm/extable.c | 17 +++++++++++++++++
>> arch/arm64/mm/fault.c | 27 ++++++++++++++++++++++++++-
>> include/linux/uaccess.h | 9 +++++++++
>> 5 files changed, 54 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index d9325dd95eba..012e38309955 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -19,6 +19,7 @@ config ARM64
>> select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2
>> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
>> select ARCH_HAS_CACHE_LINE_SIZE
>> + select ARCH_HAS_COPY_MC if ACPI_APEI_GHES
>> select ARCH_HAS_CURRENT_STACK_POINTER
>> select ARCH_HAS_DEBUG_VIRTUAL
>> select ARCH_HAS_DEBUG_VM_PGTABLE
>> diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h
>> index 72b0e71cc3de..f80ebd0addfd 100644
>> --- a/arch/arm64/include/asm/extable.h
>> +++ b/arch/arm64/include/asm/extable.h
>> @@ -46,4 +46,5 @@ bool ex_handler_bpf(const struct exception_table_entry *ex,
>> #endif /* !CONFIG_BPF_JIT */
>>
>> bool fixup_exception(struct pt_regs *regs);
>> +bool fixup_exception_mc(struct pt_regs *regs);
>> #endif
>> diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c
>> index 489455309695..4f0083a550d4 100644
>> --- a/arch/arm64/mm/extable.c
>> +++ b/arch/arm64/mm/extable.c
>> @@ -9,6 +9,7 @@
>>
>> #include <asm/asm-extable.h>
>> #include <asm/ptrace.h>
>> +#include <asm/esr.h>
>>
>> static inline unsigned long
>> get_ex_fixup(const struct exception_table_entry *ex)
>> @@ -84,3 +85,19 @@ bool fixup_exception(struct pt_regs *regs)
>>
>> BUG();
>> }
>> +
>> +bool fixup_exception_mc(struct pt_regs *regs)
>> +{
>> + const struct exception_table_entry *ex;
>> +
>> + ex = search_exception_tables(instruction_pointer(regs));
>> + if (!ex)
>> + return false;
>> +
>> + /*
>> + * This is not complete, More Machine check safe extable type can
>> + * be processed here.
>> + */
>> +
>> + return false;
>> +}
>
> This is at best misnamed; It doesn't actually apply the fixup, it just
> searches for one.
Yeah, you're right about the current logic, so i added notes to explain
the scenarios that will be added later.
>
>> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>> index 77341b160aca..a9e6fb1999d1 100644
>> --- a/arch/arm64/mm/fault.c
>> +++ b/arch/arm64/mm/fault.c
>> @@ -695,6 +695,29 @@ static int do_bad(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> return 1; /* "fault" */
>> }
>>
>> +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr,
>> + struct pt_regs *regs, int sig, int code)
>> +{
>> + if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC))
>> + return false;
>> +
>> + if (user_mode(regs) || !current->mm)
>> + return false;
>> +
>> + if (apei_claim_sea(regs) < 0)
>> + return false;
>> +
>> + if (!fixup_exception_mc(regs))
>> + return false;
>> +
>> + set_thread_esr(0, esr);
>> +
>> + arm64_force_sig_fault(sig, code, addr,
>> + "Uncorrected hardware memory error in kernel-access\n");
>> +
>> + return true;
>> +}
>> +
>> static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> {
>> const struct fault_info *inf;
>> @@ -720,7 +743,9 @@ static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> */
>> siaddr = untagged_addr(far);
>> }
>> - arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>> +
>> + if (!arm64_do_kernel_sea(siaddr, esr, regs, inf->sig, inf->code))
>> + arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>>
>> return 0;
>> }
>> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
>> index 546179418ffa..884661b29c17 100644
>> --- a/include/linux/uaccess.h
>> +++ b/include/linux/uaccess.h
>> @@ -174,6 +174,15 @@ copy_mc_to_kernel(void *dst, const void *src, size_t cnt)
>> }
>> #endif
>>
>> +#ifndef copy_mc_to_user
>> +static inline unsigned long __must_check
>> +copy_mc_to_user(void *dst, const void *src, size_t cnt)
>> +{
>> + check_object_size(src, cnt, true);
>> + return raw_copy_to_user(dst, src, cnt);
>> +}
>> +#endif
>
> Why do we need a special copy_mc_to_user() ?
>
> Why are we not making *every* true uaccess recoverable? That way the
> regular copy_to_user() would just work.
Agreed, will fixed next version.
Thanks,
Tong.
>
> Thanks,
> Mark.
> .
WARNING: multiple messages have this Message-ID (diff)
From: Tong Tiangen <tongtiangen@huawei.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Robin Murphy <robin.murphy@arm.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
"Alexander Viro" <viro@zeniv.linux.org.uk>,
Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>, <x86@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>,
<linuxppc-dev@lists.ozlabs.org>,
<linux-arm-kernel@lists.infradead.org>,
<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
Kefeng Wang <wangkefeng.wang@huawei.com>,
Xie XiuQi <xiexiuqi@huawei.com>, Guohanjun <guohanjun@huawei.com>
Subject: Re: [PATCH -next v4 3/7] arm64: add support for machine check error safe
Date: Thu, 19 May 2022 14:29:54 +0800 [thread overview]
Message-ID: <46e5954c-a9a8-f4a8-07cc-de42e2753051@huawei.com> (raw)
In-Reply-To: <Yn54mA7KnlAs1dER@lakrids>
在 2022/5/13 23:26, Mark Rutland 写道:
> On Wed, Apr 20, 2022 at 03:04:14AM +0000, Tong Tiangen wrote:
>> During the processing of arm64 kernel hardware memory errors(do_sea()), if
>> the errors is consumed in the kernel, the current processing is panic.
>> However, it is not optimal.
>>
>> Take uaccess for example, if the uaccess operation fails due to memory
>> error, only the user process will be affected, kill the user process
>> and isolate the user page with hardware memory errors is a better choice.
>
> Conceptually, I'm fine with the idea of constraining what we do for a
> true uaccess, but I don't like the implementation of this at all, and I
> think we first need to clean up the arm64 extable usage to clearly
> distinguish a uaccess from another access.
OK,using EX_TYPE_UACCESS and this extable type could be recover, this is
more reasonable.
For EX_TYPE_UACCESS_ERR_ZERO, today we use it for kernel accesses in a
couple of cases, such as
get_user/futex/__user_cache_maint()/__user_swpX_asm(), your suggestion is:
get_user continues to use EX_TYPE_UACCESS_ERR_ZERO and the other cases
use new type EX_TYPE_FIXUP_ERR_ZERO?
Thanks,
Tong.
>
>> This patch only enable machine error check framework, it add exception
>> fixup before kernel panic in do_sea() and only limit the consumption of
>> hardware memory errors in kernel mode triggered by user mode processes.
>> If fixup successful, panic can be avoided.
>>
>> Consistent with PPC/x86, it is implemented by CONFIG_ARCH_HAS_COPY_MC.
>>
>> Also add copy_mc_to_user() in include/linux/uaccess.h, this helper is
>> called when CONFIG_ARCH_HAS_COPOY_MC is open.
>>
>> Signed-off-by: Tong Tiangen <tongtiangen@huawei.com>
>> ---
>> arch/arm64/Kconfig | 1 +
>> arch/arm64/include/asm/extable.h | 1 +
>> arch/arm64/mm/extable.c | 17 +++++++++++++++++
>> arch/arm64/mm/fault.c | 27 ++++++++++++++++++++++++++-
>> include/linux/uaccess.h | 9 +++++++++
>> 5 files changed, 54 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index d9325dd95eba..012e38309955 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -19,6 +19,7 @@ config ARM64
>> select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2
>> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
>> select ARCH_HAS_CACHE_LINE_SIZE
>> + select ARCH_HAS_COPY_MC if ACPI_APEI_GHES
>> select ARCH_HAS_CURRENT_STACK_POINTER
>> select ARCH_HAS_DEBUG_VIRTUAL
>> select ARCH_HAS_DEBUG_VM_PGTABLE
>> diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h
>> index 72b0e71cc3de..f80ebd0addfd 100644
>> --- a/arch/arm64/include/asm/extable.h
>> +++ b/arch/arm64/include/asm/extable.h
>> @@ -46,4 +46,5 @@ bool ex_handler_bpf(const struct exception_table_entry *ex,
>> #endif /* !CONFIG_BPF_JIT */
>>
>> bool fixup_exception(struct pt_regs *regs);
>> +bool fixup_exception_mc(struct pt_regs *regs);
>> #endif
>> diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c
>> index 489455309695..4f0083a550d4 100644
>> --- a/arch/arm64/mm/extable.c
>> +++ b/arch/arm64/mm/extable.c
>> @@ -9,6 +9,7 @@
>>
>> #include <asm/asm-extable.h>
>> #include <asm/ptrace.h>
>> +#include <asm/esr.h>
>>
>> static inline unsigned long
>> get_ex_fixup(const struct exception_table_entry *ex)
>> @@ -84,3 +85,19 @@ bool fixup_exception(struct pt_regs *regs)
>>
>> BUG();
>> }
>> +
>> +bool fixup_exception_mc(struct pt_regs *regs)
>> +{
>> + const struct exception_table_entry *ex;
>> +
>> + ex = search_exception_tables(instruction_pointer(regs));
>> + if (!ex)
>> + return false;
>> +
>> + /*
>> + * This is not complete, More Machine check safe extable type can
>> + * be processed here.
>> + */
>> +
>> + return false;
>> +}
>
> This is at best misnamed; It doesn't actually apply the fixup, it just
> searches for one.
Yeah, you're right about the current logic, so i added notes to explain
the scenarios that will be added later.
>
>> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>> index 77341b160aca..a9e6fb1999d1 100644
>> --- a/arch/arm64/mm/fault.c
>> +++ b/arch/arm64/mm/fault.c
>> @@ -695,6 +695,29 @@ static int do_bad(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> return 1; /* "fault" */
>> }
>>
>> +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr,
>> + struct pt_regs *regs, int sig, int code)
>> +{
>> + if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC))
>> + return false;
>> +
>> + if (user_mode(regs) || !current->mm)
>> + return false;
>> +
>> + if (apei_claim_sea(regs) < 0)
>> + return false;
>> +
>> + if (!fixup_exception_mc(regs))
>> + return false;
>> +
>> + set_thread_esr(0, esr);
>> +
>> + arm64_force_sig_fault(sig, code, addr,
>> + "Uncorrected hardware memory error in kernel-access\n");
>> +
>> + return true;
>> +}
>> +
>> static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> {
>> const struct fault_info *inf;
>> @@ -720,7 +743,9 @@ static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> */
>> siaddr = untagged_addr(far);
>> }
>> - arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>> +
>> + if (!arm64_do_kernel_sea(siaddr, esr, regs, inf->sig, inf->code))
>> + arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>>
>> return 0;
>> }
>> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
>> index 546179418ffa..884661b29c17 100644
>> --- a/include/linux/uaccess.h
>> +++ b/include/linux/uaccess.h
>> @@ -174,6 +174,15 @@ copy_mc_to_kernel(void *dst, const void *src, size_t cnt)
>> }
>> #endif
>>
>> +#ifndef copy_mc_to_user
>> +static inline unsigned long __must_check
>> +copy_mc_to_user(void *dst, const void *src, size_t cnt)
>> +{
>> + check_object_size(src, cnt, true);
>> + return raw_copy_to_user(dst, src, cnt);
>> +}
>> +#endif
>
> Why do we need a special copy_mc_to_user() ?
>
> Why are we not making *every* true uaccess recoverable? That way the
> regular copy_to_user() would just work.
Agreed, will fixed next version.
Thanks,
Tong.
>
> Thanks,
> Mark.
> .
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Tong Tiangen <tongtiangen@huawei.com>
To: Mark Rutland <mark.rutland@arm.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-mm@kvack.org, Paul Mackerras <paulus@samba.org>,
Guohanjun <guohanjun@huawei.com>, Will Deacon <will@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Ingo Molnar <mingo@redhat.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Xie XiuQi <xiexiuqi@huawei.com>, Borislav Petkov <bp@alien8.de>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Thomas Gleixner <tglx@linutronix.de>,
linux-arm-kernel@lists.infradead.org,
Robin Murphy <robin.murphy@arm.com>,
linux-kernel@vger.kernel.org, James Morse <james.morse@arm.com>,
Andrew Morton <akpm@linux-foundation.org>,
linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH -next v4 3/7] arm64: add support for machine check error safe
Date: Thu, 19 May 2022 14:29:54 +0800 [thread overview]
Message-ID: <46e5954c-a9a8-f4a8-07cc-de42e2753051@huawei.com> (raw)
In-Reply-To: <Yn54mA7KnlAs1dER@lakrids>
在 2022/5/13 23:26, Mark Rutland 写道:
> On Wed, Apr 20, 2022 at 03:04:14AM +0000, Tong Tiangen wrote:
>> During the processing of arm64 kernel hardware memory errors(do_sea()), if
>> the errors is consumed in the kernel, the current processing is panic.
>> However, it is not optimal.
>>
>> Take uaccess for example, if the uaccess operation fails due to memory
>> error, only the user process will be affected, kill the user process
>> and isolate the user page with hardware memory errors is a better choice.
>
> Conceptually, I'm fine with the idea of constraining what we do for a
> true uaccess, but I don't like the implementation of this at all, and I
> think we first need to clean up the arm64 extable usage to clearly
> distinguish a uaccess from another access.
OK,using EX_TYPE_UACCESS and this extable type could be recover, this is
more reasonable.
For EX_TYPE_UACCESS_ERR_ZERO, today we use it for kernel accesses in a
couple of cases, such as
get_user/futex/__user_cache_maint()/__user_swpX_asm(), your suggestion is:
get_user continues to use EX_TYPE_UACCESS_ERR_ZERO and the other cases
use new type EX_TYPE_FIXUP_ERR_ZERO?
Thanks,
Tong.
>
>> This patch only enable machine error check framework, it add exception
>> fixup before kernel panic in do_sea() and only limit the consumption of
>> hardware memory errors in kernel mode triggered by user mode processes.
>> If fixup successful, panic can be avoided.
>>
>> Consistent with PPC/x86, it is implemented by CONFIG_ARCH_HAS_COPY_MC.
>>
>> Also add copy_mc_to_user() in include/linux/uaccess.h, this helper is
>> called when CONFIG_ARCH_HAS_COPOY_MC is open.
>>
>> Signed-off-by: Tong Tiangen <tongtiangen@huawei.com>
>> ---
>> arch/arm64/Kconfig | 1 +
>> arch/arm64/include/asm/extable.h | 1 +
>> arch/arm64/mm/extable.c | 17 +++++++++++++++++
>> arch/arm64/mm/fault.c | 27 ++++++++++++++++++++++++++-
>> include/linux/uaccess.h | 9 +++++++++
>> 5 files changed, 54 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
>> index d9325dd95eba..012e38309955 100644
>> --- a/arch/arm64/Kconfig
>> +++ b/arch/arm64/Kconfig
>> @@ -19,6 +19,7 @@ config ARM64
>> select ARCH_ENABLE_SPLIT_PMD_PTLOCK if PGTABLE_LEVELS > 2
>> select ARCH_ENABLE_THP_MIGRATION if TRANSPARENT_HUGEPAGE
>> select ARCH_HAS_CACHE_LINE_SIZE
>> + select ARCH_HAS_COPY_MC if ACPI_APEI_GHES
>> select ARCH_HAS_CURRENT_STACK_POINTER
>> select ARCH_HAS_DEBUG_VIRTUAL
>> select ARCH_HAS_DEBUG_VM_PGTABLE
>> diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h
>> index 72b0e71cc3de..f80ebd0addfd 100644
>> --- a/arch/arm64/include/asm/extable.h
>> +++ b/arch/arm64/include/asm/extable.h
>> @@ -46,4 +46,5 @@ bool ex_handler_bpf(const struct exception_table_entry *ex,
>> #endif /* !CONFIG_BPF_JIT */
>>
>> bool fixup_exception(struct pt_regs *regs);
>> +bool fixup_exception_mc(struct pt_regs *regs);
>> #endif
>> diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c
>> index 489455309695..4f0083a550d4 100644
>> --- a/arch/arm64/mm/extable.c
>> +++ b/arch/arm64/mm/extable.c
>> @@ -9,6 +9,7 @@
>>
>> #include <asm/asm-extable.h>
>> #include <asm/ptrace.h>
>> +#include <asm/esr.h>
>>
>> static inline unsigned long
>> get_ex_fixup(const struct exception_table_entry *ex)
>> @@ -84,3 +85,19 @@ bool fixup_exception(struct pt_regs *regs)
>>
>> BUG();
>> }
>> +
>> +bool fixup_exception_mc(struct pt_regs *regs)
>> +{
>> + const struct exception_table_entry *ex;
>> +
>> + ex = search_exception_tables(instruction_pointer(regs));
>> + if (!ex)
>> + return false;
>> +
>> + /*
>> + * This is not complete, More Machine check safe extable type can
>> + * be processed here.
>> + */
>> +
>> + return false;
>> +}
>
> This is at best misnamed; It doesn't actually apply the fixup, it just
> searches for one.
Yeah, you're right about the current logic, so i added notes to explain
the scenarios that will be added later.
>
>> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>> index 77341b160aca..a9e6fb1999d1 100644
>> --- a/arch/arm64/mm/fault.c
>> +++ b/arch/arm64/mm/fault.c
>> @@ -695,6 +695,29 @@ static int do_bad(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> return 1; /* "fault" */
>> }
>>
>> +static bool arm64_do_kernel_sea(unsigned long addr, unsigned int esr,
>> + struct pt_regs *regs, int sig, int code)
>> +{
>> + if (!IS_ENABLED(CONFIG_ARCH_HAS_COPY_MC))
>> + return false;
>> +
>> + if (user_mode(regs) || !current->mm)
>> + return false;
>> +
>> + if (apei_claim_sea(regs) < 0)
>> + return false;
>> +
>> + if (!fixup_exception_mc(regs))
>> + return false;
>> +
>> + set_thread_esr(0, esr);
>> +
>> + arm64_force_sig_fault(sig, code, addr,
>> + "Uncorrected hardware memory error in kernel-access\n");
>> +
>> + return true;
>> +}
>> +
>> static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> {
>> const struct fault_info *inf;
>> @@ -720,7 +743,9 @@ static int do_sea(unsigned long far, unsigned int esr, struct pt_regs *regs)
>> */
>> siaddr = untagged_addr(far);
>> }
>> - arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>> +
>> + if (!arm64_do_kernel_sea(siaddr, esr, regs, inf->sig, inf->code))
>> + arm64_notify_die(inf->name, regs, inf->sig, inf->code, siaddr, esr);
>>
>> return 0;
>> }
>> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
>> index 546179418ffa..884661b29c17 100644
>> --- a/include/linux/uaccess.h
>> +++ b/include/linux/uaccess.h
>> @@ -174,6 +174,15 @@ copy_mc_to_kernel(void *dst, const void *src, size_t cnt)
>> }
>> #endif
>>
>> +#ifndef copy_mc_to_user
>> +static inline unsigned long __must_check
>> +copy_mc_to_user(void *dst, const void *src, size_t cnt)
>> +{
>> + check_object_size(src, cnt, true);
>> + return raw_copy_to_user(dst, src, cnt);
>> +}
>> +#endif
>
> Why do we need a special copy_mc_to_user() ?
>
> Why are we not making *every* true uaccess recoverable? That way the
> regular copy_to_user() would just work.
Agreed, will fixed next version.
Thanks,
Tong.
>
> Thanks,
> Mark.
> .
next prev parent reply other threads:[~2022-05-19 6:30 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-20 3:04 [PATCH -next v4 0/7]arm64: add machine check safe support Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` [PATCH -next v4 1/7] x86, powerpc: fix function define in copy_mc_to_user Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-22 9:45 ` Michael Ellerman
2022-04-22 9:45 ` Michael Ellerman
2022-04-22 9:45 ` Michael Ellerman
2022-04-24 1:16 ` Tong Tiangen
2022-04-24 1:16 ` Tong Tiangen
2022-04-24 1:16 ` Tong Tiangen
2022-05-02 14:24 ` Christophe Leroy
2022-05-02 14:24 ` Christophe Leroy
2022-05-03 1:06 ` Tong Tiangen
2022-05-03 1:06 ` Tong Tiangen
2022-05-05 1:21 ` Kefeng Wang
2022-05-05 1:21 ` Kefeng Wang
2022-04-20 3:04 ` [PATCH -next v4 2/7] arm64: fix types in copy_highpage() Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` [PATCH -next v4 3/7] arm64: add support for machine check error safe Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-05-13 15:26 ` Mark Rutland
2022-05-13 15:26 ` Mark Rutland
2022-05-13 15:26 ` Mark Rutland
2022-05-19 6:29 ` Tong Tiangen [this message]
2022-05-19 6:29 ` Tong Tiangen
2022-05-19 6:29 ` Tong Tiangen
2022-05-25 8:30 ` Mark Rutland
2022-05-25 8:30 ` Mark Rutland
2022-05-25 8:30 ` Mark Rutland
2022-05-26 3:36 ` Tong Tiangen
2022-05-26 3:36 ` Tong Tiangen
2022-05-26 3:36 ` Tong Tiangen
2022-05-26 9:50 ` Mark Rutland
2022-05-26 9:50 ` Mark Rutland
2022-05-26 9:50 ` Mark Rutland
2022-05-27 1:40 ` Tong Tiangen
2022-05-27 1:40 ` Tong Tiangen
2022-05-27 1:40 ` Tong Tiangen
2022-04-20 3:04 ` [PATCH -next v4 4/7] arm64: add copy_{to, from}_user to machine check safe Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-05-04 10:26 ` Catalin Marinas
2022-05-04 10:26 ` Catalin Marinas
2022-05-04 10:26 ` Catalin Marinas
2022-05-05 6:39 ` Tong Tiangen
2022-05-05 6:39 ` Tong Tiangen
2022-05-05 6:39 ` Tong Tiangen
2022-05-05 13:41 ` Catalin Marinas
2022-05-05 13:41 ` Catalin Marinas
2022-05-05 13:41 ` Catalin Marinas
2022-05-05 14:33 ` Tong Tiangen
2022-05-05 14:33 ` Tong Tiangen
2022-05-05 14:33 ` Tong Tiangen
2022-05-13 15:31 ` Mark Rutland
2022-05-13 15:31 ` Mark Rutland
2022-05-13 15:31 ` Mark Rutland
2022-05-19 6:53 ` Tong Tiangen
2022-05-19 6:53 ` Tong Tiangen
2022-05-19 6:53 ` Tong Tiangen
2022-04-20 3:04 ` [PATCH -next v4 5/7] arm64: mte: Clean up user tag accessors Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-05-13 15:36 ` Mark Rutland
2022-05-13 15:36 ` Mark Rutland
2022-05-13 15:36 ` Mark Rutland
2022-04-20 3:04 ` [PATCH -next v4 6/7] arm64: add {get, put}_user to machine check safe Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-05-13 15:39 ` Mark Rutland
2022-05-13 15:39 ` Mark Rutland
2022-05-13 15:39 ` Mark Rutland
2022-05-19 7:09 ` Tong Tiangen
2022-05-19 7:09 ` Tong Tiangen
2022-05-19 7:09 ` Tong Tiangen
2022-04-20 3:04 ` [PATCH -next v4 7/7] arm64: add cow " Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-04-20 3:04 ` Tong Tiangen
2022-05-13 15:44 ` Mark Rutland
2022-05-13 15:44 ` Mark Rutland
2022-05-13 15:44 ` Mark Rutland
2022-05-19 10:38 ` Tong Tiangen
2022-05-19 10:38 ` Tong Tiangen
2022-05-19 10:38 ` Tong Tiangen
2022-04-27 9:09 ` [PATCH -next v4 0/7]arm64: add machine check safe support Tong Tiangen
2022-04-27 9:09 ` Tong Tiangen
2022-04-27 9:09 ` Tong Tiangen
2022-05-04 19:58 ` (subset) " Catalin Marinas
2022-05-04 19:58 ` Catalin Marinas
2022-05-04 19:58 ` Catalin Marinas
2022-05-16 18:45 ` Catalin Marinas
2022-05-16 18:45 ` Catalin Marinas
2022-05-16 18:45 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=46e5954c-a9a8-f4a8-07cc-de42e2753051@huawei.com \
--to=tongtiangen@huawei.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=guohanjun@huawei.com \
--cc=hpa@zytor.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=robin.murphy@arm.com \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=wangkefeng.wang@huawei.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=xiexiuqi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.