| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Oct 2023 12:55:54 -0000
From: "tip-bot2 for Zhiquan Li" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Youquan Song <youquan.song@...el.com>,
Zhiquan Li <zhiquan1.li@...el.com>,
"Borislav Petkov (AMD)" <bp@...en8.de>,
Naoya Horiguchi <naoya.horiguchi@....com>, x86@...nel.org,
linux-kernel@...r.kernel.org
Subject: [tip: ras/core] x86/mce: Mark fatal MCE's page as poison to avoid
panic in the kdump kernel
The following commit has been merged into the ras/core branch of tip:
Commit-ID: 1d11b153d23b5fd131d4ea125ff23c9e8ebc98ab
Gitweb: https://git.kernel.org/tip/1d11b153d23b5fd131d4ea125ff23c9e8ebc98ab
Author: Zhiquan Li <zhiquan1.li@...el.com>
AuthorDate: Mon, 23 Oct 2023 12:22:37 +08:00
Committer: Borislav Petkov (AMD) <bp@...en8.de>
CommitterDate: Mon, 23 Oct 2023 14:53:13 +02:00
x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel
Memory errors don't happen very often, especially fatal ones. However,
in large-scale scenarios such as data centers, that probability
increases with the amount of machines present.
When a fatal machine check happens, mce_panic() is called based on the
severity grading of that error. The page containing the error is not
marked as poison.
However, when kexec is enabled, tools like makedumpfile understand when
pages are marked as poison and do not touch them so as not to cause
a fatal machine check exception again while dumping the previous
kernel's memory.
Therefore, mark the page containing the error as poisoned so that the
kexec'ed kernel can avoid accessing the page.
[ bp: Rewrite commit message and comment. ]
Co-developed-by: Youquan Song <youquan.song@...el.com>
Signed-off-by: Youquan Song <youquan.song@...el.com>
Signed-off-by: Zhiquan Li <zhiquan1.li@...el.com>
Signed-off-by: Borislav Petkov (AMD) <bp@...en8.de>
Reviewed-by: Naoya Horiguchi <naoya.horiguchi@....com>
Link: https://lore.kernel.org/r/20231014051754.3759099-1-zhiquan1.li@intel.com
---
arch/x86/kernel/cpu/mce/core.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
index 0214d42..a25e692 100644
--- a/arch/x86/kernel/cpu/mce/core.c
+++ b/arch/x86/kernel/cpu/mce/core.c
@@ -44,6 +44,7 @@
#include <linux/sync_core.h>
#include <linux/task_work.h>
#include <linux/hardirq.h>
+#include <linux/kexec.h>
#include <asm/intel-family.h>
#include <asm/processor.h>
@@ -233,6 +234,7 @@ static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
struct llist_node *pending;
struct mce_evt_llist *l;
int apei_err = 0;
+ struct page *p;
/*
* Allow instrumentation around external facilities usage. Not that it
@@ -286,6 +288,18 @@ static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
if (!fake_panic) {
if (panic_timeout == 0)
panic_timeout = mca_cfg.panic_timeout;
+
+ /*
+ * Kdump skips the poisoned page in order to avoid
+ * touching the error bits again. Poison the page even
+ * if the error is fatal and the machine is about to
+ * panic.
+ */
+ if (kexec_crash_loaded()) {
+ p = pfn_to_online_page(final->addr >> PAGE_SHIFT);
+ if (final && (final->status & MCI_STATUS_ADDRV) && p)
+ SetPageHWPoison(p);
+ }
panic(msg);
} else
pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
Powered by blists - more mailing lists