| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 May 2011 09:45:50 -0700 From: "Luck, Tony" <tony.luck@...el.com> To: Ingo Molnar <mingo@...e.hu>, "Huang, Ying" <ying.huang@...el.com> CC: huang ying <huang.ying.caritas@...il.com>, Len Brown <lenb@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Andi Kleen <andi@...stfloor.org>, "linux-acpi@...r.kernel.org" <linux-acpi@...r.kernel.org>, Andi Kleen <ak@...ux.intel.com>, "Wu, Fengguang" <fengguang.wu@...el.com>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Borislav Petkov <bp@...en8.de> Subject: RE: [PATCH 5/9] HWPoison: add memory_failure_queue() >> - NMI handler run for the hardware error, where hardware error >> information is collected and put into perf ring buffer as 'event'. > > Correct. > > Note that for MCE errors we want the 'persistent event' framework Boris has > posted: we want these events to be buffered up to a point even if there is no > tool listening in on them: This is a very opportune time to have this discussion. I've been working on getting "in context" recoverable errors working. Sandybridge Server platforms will allow for recovery for both instruction and data fetches in the current execution context. These are flagged in the machine check bank with the "AR" (Action Required) set to 1 (along with several other bits making up a recognizable signature). The critical feature here is that we must not return from the machine check handler to the context that tripped over the error. In the case of the data fault, we'll just re-execute the same access and take another machine check. In the case of the instruction fault there is no valid context to return to (MCGSTATUS.RIPV is zero). There are a couple of cases where recovery is possible: 1) The memory error was found while executing user mode code. The code I have now for recovery makes use of TIF_MCE_NOTIFY to make sure that we don't return to the user, but instead end up in arch/x86/kernel/signal.c:do_notify_resume() where we arrange to have the process handle its own recovery (using mm/memory-failure.c to figure out the type of page, and probably resulting in the mapping out of the page and sending SIGBUS to the process). In your proposed solution, we'd generate an event that would be handled by some process/daemon ... but how would we ensure that the affected process does not run in the mean time? Could we create some analogous method to the ptrace stopped state, and hand control of the affected process to the daemon that gets the event? 2) The memory error was found in certain special sections of the kernel for which recovery is possible (e.g. while copying to/from user memory, perhaps also page copy and page clear). Here I don't have a solution. TIF_MCE_NOTIFY isn't checked when returning from do_machine_check() to kernel code. In a CONFIG_PREEMPT=y kernel, all of the recoverable cases ought to be in places where pre-emption is allowed ... so perhaps we can also use the stop-and-switch option here? -Tony -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists