lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Jan 2020 10:50:04 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Jan H. Schönherr <jschoenh@...zon.de>,
        Yazen Ghannam <yazen.ghannam@....com>,
        Tony Luck <tony.luck@...el.com>
Cc:     linux-kernel@...r.kernel.org, linux-edac@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org
Subject: Re: [PATCH v2 1/6] x86/mce: Take action on UCNA/Deferred errors again

On Fri, Jan 03, 2020 at 04:07:17PM +0100, Jan H. Schönherr wrote:
> Commit fa92c5869426 ("x86, mce: Support memory error recovery for both
> UCNA and Deferred error in machine_check_poll") added handling of UCNA
> and Deferred errors by adding them to the ring for SRAO errors.
> 
> Later, commit fd4cf79fcc4b ("x86/mce: Remove the MCE ring for Action
> Optional errors") switched storage from the SRAO ring to the unified
> pool that is still in use today. In order to only act on the intended
> errors, a filter for MCE_AO_SEVERITY is used -- effectively removing
> handling of UCNA/Deferred errors again.
> 
> Extend the severity filter to include UCNA/Deferred errors again.
> Also, generalize the naming of the notifier from SRAO to UC to capture
> the extended scope.
> 
> Note, that this change may cause a message like the following to appear,
> as the same address may be reported as SRAO and as UCNA:
> 
>  Memory failure: 0x5fe3284: already hardware poisoned
> 
> Technically, this is a return to previous behavior.
> 
> Fixes: fd4cf79fcc4b ("x86/mce: Remove the MCE ring for Action Optional errors")
> Signed-off-by: Jan H. Schönherr <jschoenh@...zon.de>

Tony, ACK?

Also, do you want it in stable@ so that it gets backported?

> diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
> index 8994fe7751a4..16134ce587fd 100644
> --- a/arch/x86/kernel/cpu/mce/core.c
> +++ b/arch/x86/kernel/cpu/mce/core.c
> @@ -156,10 +156,8 @@ void mce_log(struct mce *m)
>  }
>  EXPORT_SYMBOL_GPL(mce_log);
>  
> -static struct notifier_block mce_srao_nb;
> -
>  /*
> - * We run the default notifier if we have only the SRAO, the first and the
> + * We run the default notifier if we have only the UC, the first and the
>   * default notifier registered. I.e., the mandatory NUM_DEFAULT_NOTIFIERS
>   * notifiers registered on the chain.
>   */
> @@ -580,26 +578,29 @@ static struct notifier_block first_nb = {
>  	.priority	= MCE_PRIO_FIRST,
>  };
>  
> -static int srao_decode_notifier(struct notifier_block *nb, unsigned long val,
> -				void *data)
> +static int uc_decode_notifier(struct notifier_block *nb, unsigned long val,
> +			      void *data)
>  {
>  	struct mce *mce = (struct mce *)data;
>  	unsigned long pfn;
>  
> -	if (!mce)
> +	if (!mce || !mce_usable_address(mce))
>  		return NOTIFY_DONE;
>  
> -	if (mce_usable_address(mce) && (mce->severity == MCE_AO_SEVERITY)) {
> -		pfn = mce->addr >> PAGE_SHIFT;
> -		if (!memory_failure(pfn, 0))
> -			set_mce_nospec(pfn);
> -	}
> +	if (mce->severity != MCE_AO_SEVERITY &&
> +	    mce->severity != MCE_DEFERRED_SEVERITY)
> +		return NOTIFY_DONE;
> +
> +	pfn = mce->addr >> PAGE_SHIFT;
> +	if (!memory_failure(pfn, 0))
> +		set_mce_nospec(pfn);

I'm wondering if in the memory_failure error() case, we should hand it
down to the remaining notifiers.

Which also begs the question in light of this clumsy notifier counting:

How about we have the default notifier *unconditionally* print the MCE?
I.e., if the error has reached it, it would print it. If not and some
other notifier consumed it, it will get handled differently.

This way we won't need any special counting of notifiers and special
reg/unreg of notifiers etc.

IOW, the logic would be:

If something consumes the error, then it doesn't get printed. Notifier
does NOTIFY_STOP.

If nothing consumes it or something looks at it and decides that it
should still get printed, then the last catch-all notifier callback does
that.

Thoughts?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ