lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 23 Nov 2020 17:06:31 +0000
From:   "Paoloni, Gabriele" <gabriele.paoloni@...el.com>
To:     Borislav Petkov <bp@...en8.de>
CC:     "Luck, Tony" <tony.luck@...el.com>,
        "tglx@...utronix.de" <tglx@...utronix.de>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>,
        "linux-edac@...r.kernel.org" <linux-edac@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-safety@...ts.elisa.tech" <linux-safety@...ts.elisa.tech>
Subject: RE: [PATCH 2/4] x86/mce: move the mce_panic() call and kill_it
 assignments at the right places

Hi Boris

> -----Original Message-----
> From: Borislav Petkov <bp@...en8.de>
> Sent: Monday, November 23, 2020 3:28 PM
> To: Paoloni, Gabriele <gabriele.paoloni@...el.com>
> Cc: Luck, Tony <tony.luck@...el.com>; tglx@...utronix.de;
> mingo@...hat.com; x86@...nel.org; hpa@...or.com; linux-
> edac@...r.kernel.org; linux-kernel@...r.kernel.org; linux-
> safety@...ts.elisa.tech
> Subject: Re: [PATCH 2/4] x86/mce: move the mce_panic() call and kill_it
> assignments at the right places
> 
> On Wed, Nov 18, 2020 at 03:15:50PM +0000, Gabriele Paoloni wrote:
> > Right now for local MCEs we panic(),if needed, right after lmce is
> > set. For global MCEs mce_reign() takes care of calling mce_panic().
> > Hence this patch:
> > - improves readibility by moving the conditional evaluation of
> > tolerant up to when kill_it is set first
> > - moves the mce_panic() call up into the statement where mce_end()
> > fails
> 
> Pls avoid using "this patch does this and that" in the commit message
> but say directly what it does:
> 
> - Improve readability ...
> 
> - Move mce_panic()...
> 
> and so on.

Thanks, I'll fix it in v2

> 
> > Signed-off-by: Gabriele Paoloni <gabriele.paoloni@...el.com>
> > Reviewed-by: Tony Luck <tony.luck@...el.com>
> > ---
> >  arch/x86/kernel/cpu/mce/core.c | 21 +++++++++------------
> >  1 file changed, 9 insertions(+), 12 deletions(-)
> >
> > diff --git a/arch/x86/kernel/cpu/mce/core.c
> b/arch/x86/kernel/cpu/mce/core.c
> > index b990892c6766..e025ff04438f 100644
> > --- a/arch/x86/kernel/cpu/mce/core.c
> > +++ b/arch/x86/kernel/cpu/mce/core.c
> > @@ -1350,8 +1350,7 @@ noinstr void do_machine_check(struct pt_regs
> *regs)
> >  	 * severity is MCE_AR_SEVERITY we have other options.
> >  	 */
> >  	if (!(m.mcgstatus & MCG_STATUS_RIPV))
> > -		kill_it = 1;
> > -
> > +		kill_it = (cfg->tolerant == 3) ? 0 : 1;
> 
> So you just set kill_it using cfg->tolerant...

Well I fist see if RIPV is not set; the I check the tolerance level to see if we need to
kill the user space app... 

> 
> >  	/*
> >  	 * Check if this MCE is signaled to only this logical processor,
> >  	 * on Intel, Zhaoxin only.
> > @@ -1384,8 +1383,15 @@ noinstr void do_machine_check(struct pt_regs
> *regs)
> >  	 * When there's any problem use only local no_way_out state.
> >  	 */
> >  	if (!lmce) {
> > -		if (mce_end(order) < 0)
> > +		if (mce_end(order) < 0) {
> >  			no_way_out = no_way_out ? no_way_out : worst >=
> MCE_PANIC_SEVERITY;
> > +			/*
> > +			 * mce_reign() has probably failed hence evaluate if
> we need
> > +			 * to panic
> > +			 */
> > +			if (no_way_out && mca_cfg.tolerant < 3)
> 
> ... but here you're testing cfg->tolerant again.

Yes because the tolerant flag tells me if I need to take action...

> 
> why not
> 
> 			if (no_way_out && kill_it)
> 
> ?

From my understanding no_way_out and kill_it are different in principles:
no_way_out is telling that an error occurred 'somewhere' in some CPU bank
that requires the system to panic (e.g. PCC=1); kill_it is saying that the execution
cannot be restarted where it left for the local CPU and hence we need to find
an alternative solution as part of the recovery action. In practice it seems to
me that kill_it is used to replace kill_me_maybe with kill_me_now in case
the exception happened in user mode.

So If I where using the statement "if (no_way_out && kill_it)" I would miss
to panic, for example, in cases where no_way_out captured a fatal error
somewhere in other CPUs but RIPV is set for the local CPU...

Thanks
Gab  

> 
> Thx.
> 
> --
> Regards/Gruss,
>     Boris.
> 
> https://people.kernel.org/tglx/notes-about-netiquette
---------------------------------------------------------------------
INTEL CORPORATION ITALIA S.p.A. con unico socio
Sede: Milanofiori Palazzo E 4 
CAP 20094 Assago (MI)
Capitale Sociale Euro 104.000,00 interamente versato
Partita I.V.A. e Codice Fiscale  04236760155
Repertorio Economico Amministrativo n. 997124 
Registro delle Imprese di Milano nr. 183983/5281/33
Soggetta ad attivita' di direzione e coordinamento di 
INTEL CORPORATION, USA

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ