[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090407223545.GC17934@one.firstfloor.org>
Date: Wed, 8 Apr 2009 00:35:45 +0200
From: Andi Kleen <andi@...stfloor.org>
To: Christoph Lameter <cl@...ux.com>
Cc: Andi Kleen <andi@...stfloor.org>, Lee.Schermerhorn@...com,
npiggin@...e.de, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
x86@...nel.org
Subject: Re: [PATCH] [10/16] POISON: Use bitmask/action code for try_to_unmap behaviour
On Tue, Apr 07, 2009 at 06:04:39PM -0400, Christoph Lameter wrote:
> On Tue, 7 Apr 2009, Andi Kleen wrote:
>
> > > Ignoring MLOCK? This means we are violating POSIX which says that an
> > > MLOCKed page cannot be unmapped from a process?
> >
> > I'm sure if you can find sufficiently vague language in the document
> > to standards lawyer around that requirement @)
> >
> > The alternative would be to panic.
>
>
> If you unmmap a MLOCKed page then you may get memory corruption because
> f.e. the Infiniband layer is doing DMA to that page.
The page is not going away, it's poisoned in hardware and software
and stays. There is currently no mechanism to unpoison pages without
rebooting.
DMA should actually cause a bus abort on the hardware level,
at least for RMW.
I currently don't have a cancel mechanism for such kinds of mappings
though. It just does cancel_dirty_page(), but when IO is happening
In theory one could add a more forceful IO cancel mechanism using
special driver callbacks, but I'm not sure it's worth it. Normally the
hardware should abort on hitting poison (although some might do strange things)
and you'll get some more (recoverable) machine checks.
> > > How does that work for the poisoning case? We substitute a fresh page?
> >
> > It depends on the state of the page. If it was a clean disk mapped
> > page yes (it's just invalidated and can be reloaded). If it's a dirty anon
> > page the process is normally killed first (with advisory mode on) or only
> > killed when it hits the corrupted page. The process can also
> > catch the signal if it choses so. The late killing works with
> > a special entry similar to the migration case, but that results
> > in a special SIGBUS.
>
> I think a process needs to be killed if any MLOCKed page gets corrupted
> because the OS cannot keep the POSIX guarantees.
That's the default behaviour with vm.memory_failure_early_kill = 1
However the process can catch the signal if it wants.
-Andi
--
ak@...ux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists