| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Oct 2023 12:22:37 +0800
From: Zhiquan Li <zhiquan1.li@...el.com>
To: x86@...nel.org, linux-edac@...r.kernel.org,
linux-kernel@...r.kernel.org, patches@...ts.linux.dev,
bp@...en8.de, mingo@...nel.org, tony.luck@...el.com,
naoya.horiguchi@....com
Cc: zhiquan1.li@...el.com, Youquan Song <youquan.song@...el.com>
Subject: [PATCH v4] x86/mce: Set PG_hwpoison page flag to avoid the capture kernel panic
Memory errors don't happen very often, especially the severity is fatal.
However, in large-scale scenarios, such as data centers, it might still
happen. When there is a fatal machine check Linux calls mce_panic()
without checking to see if bad data at some memory address was reported
in the machine check banks.
If kexec is enabled, check for memory errors and mark the page as
poisoned so that the kexec'ed kernel can avoid accessing the page.
Co-developed-by: Youquan Song <youquan.song@...el.com>
Signed-off-by: Youquan Song <youquan.song@...el.com>
Signed-off-by: Zhiquan Li <zhiquan1.li@...el.com>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi@....com>
Cc: Borislav Petkov <bp@...en8.de>
---
V3: https://lore.kernel.org/all/20231014051754.3759099-1-zhiquan1.li@intel.com/
Changes since V3:
- Rebased to v6.6-rc7.
- Added the check if kexec is enabled highlighted by Boris.
- Re-wrote the commit message suggested by Tony.
V2: https://lore.kernel.org/all/20230914030539.1622477-1-zhiquan1.li@intel.com/
Changes since V2:
- Rebased to v6.6-rc5.
- Explained full scenario in commit message per Boris's suggestion.
- Included Ingo's fixes.
Link: https://lore.kernel.org/all/ZRsUpM%2FXtPAE50Rm@gmail.com/
V1: https://lore.kernel.org/all/20230127015030.30074-1-tony.luck@intel.com/
Changes since V1:
- Revised the commit message as per Naoya's suggestion.
- Replaced "TODO" comment in code with comments based on mailing list
discussion on the lack of value in covering other page types.
- Added the tag from Naoya.
Link: https://lore.kernel.org/all/20230327083739.GA956278@hori.linux.bs1.fc.nec.co.jp/
---
arch/x86/kernel/cpu/mce/core.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 6f35f724cc14..930b1120009b 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -44,6 +44,7 @@
#include <linux/sync_core.h>
#include <linux/task_work.h>
#include <linux/hardirq.h>
+#include <linux/kexec.h>
#include <asm/intel-family.h>
#include <asm/processor.h>
@@ -233,6 +234,7 @@ static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
struct llist_node *pending;
struct mce_evt_llist *l;
int apei_err = 0;
+ struct page *p;
/*
* Allow instrumentation around external facilities usage. Not that it
@@ -286,6 +288,19 @@ static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
if (!fake_panic) {
if (panic_timeout == 0)
panic_timeout = mca_cfg.panic_timeout;
+ if (kexec_crash_loaded()) {
+ /*
+ * Kdump can exclude the poisoned page to avoid touching the error
+ * page again, the prerequisite is that the PG_hwpoison page flag
+ * is set. However, for some MCE fatal error cases, there is no
+ * opportunity to queue a task for calling memory_failure(), and as
+ * a result, the capture kernel panics. So mark the page as
+ * poisoned before kernel panic() for MCE.
+ */
+ p = pfn_to_online_page(final->addr >> PAGE_SHIFT);
+ if (final && (final->status & MCI_STATUS_ADDRV) && p)
+ SetPageHWPoison(p);
+ }
panic(msg);
} else
pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
--
2.25.1
Powered by blists - more mailing lists