| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231121115448.GCZVyaiNkNvb4t2NxB@fat_crate.local>
Date: Tue, 21 Nov 2023 12:54:48 +0100
From: Borislav Petkov <bp@...en8.de>
To: Tony Luck <tony.luck@...el.com>
Cc: Yazen Ghannam <yazen.ghannam@....com>,
Smita.KoralahalliChannabasappa@....com,
dave.hansen@...ux.intel.com, x86@...nel.org,
linux-edac@...r.kernel.org, linux-kernel@...r.kernel.org,
patches@...ts.linux.dev
Subject: Re: [PATCH v9 2/3] x86/mce: Add per-bank CMCI storm mitigation
On Tue, Nov 14, 2023 at 02:04:46PM -0800, Tony Luck wrote:
> Before any storm happens, machine_check_poll() may only be called once
> a month, or less, when errors occur.
Err:
[ 317.825546] mce: mc_poll_banks_default: CPU2 irq ctxt level: 1
[ 317.825585] mce: mc_poll_banks_default: CPU0 irq ctxt level: 1
[ 317.825585] mce: mc_poll_banks_default: CPU1 irq ctxt level: 1
[ 317.825586] mce: mc_poll_banks_default: CPU3 irq ctxt level: 1
[ 317.825586] mce: mc_poll_banks_default: CPU4 irq ctxt level: 1
[ 317.825586] mce: mc_poll_banks_default: CPU5 irq ctxt level: 1
[ 629.121536] mce: mc_poll_banks_default: CPU1 irq ctxt level: 1
[ 629.121536] mce: mc_poll_banks_default: CPU4 irq ctxt level: 1
[ 629.121560] mce: mc_poll_banks_default: CPU2 irq ctxt level: 1
[ 629.121561] mce: mc_poll_banks_default: CPU0 irq ctxt level: 1
[ 629.121561] mce: mc_poll_banks_default: CPU5 irq ctxt level: 1
[ 629.121569] mce: mc_poll_banks_default: CPU3 irq ctxt level: 1
[ 940.417507] mce: mc_poll_banks_default: CPU2 irq ctxt level: 1
[ 940.417508] mce: mc_poll_banks_default: CPU3 irq ctxt level: 1
[ 940.417508] mce: mc_poll_banks_default: CPU1 irq ctxt level: 1
[ 940.417508] mce: mc_poll_banks_default: CPU4 irq ctxt level: 1
[ 940.417509] mce: mc_poll_banks_default: CPU5 irq ctxt level: 1
[ 940.417508] mce: mc_poll_banks_default: CPU0 irq ctxt level: 1
...
That's from my coffeelake test box.
The irq context level thing says we're in softirq context when the
polling happens.
> When a storm is detected for a bank, that bank (and any others in storm
> mode) will be checked once per second.
Ok.
> For a bank that doesn't support CMCI, then polling is the only way
> to find errors. You are right, these will feed into the history
> tracker, but while at 5-minute interval will not be able to trigger
> a storm.
Yes. But you need to call into the storm handling code somehow. So you
do that from the polling code.
And if the machine supports CMCI, you do the same - call the polling
code which then does the storm check.
> Since that 5-minute interval is halved every time error is
> found consecutively, it is possible at the 1-second poll interval to
> fill out enough bits to indicate a storm. I think I need to add some
> code to handle that case as it makes no sense to mess with the CMCI
> threshold in IA32_MCi_CTL2 for a bank that doesn't support CMCI.
> Probably will just skip tracking for any such banks.
Ok.
> Aren't interrupts disabled while running the code after the timer fires?
No, see above.
> Whichever of the timer and the CMCI happens first will run. Second to
> arrive will pend the interrupt and be handled when interrupts are
> enabled as the first completes.
So I still don't like the timer calling machine_check_poll() and
cmci_mc_poll_banks() doing the same without any proper synchronization
between the two.
Yes, when you get a CMCI interrupt, you poll and do the call the storm
code. Now what happens if the polling runs from softirq context and you
get a CMCI interrupt at exactly the same time. I.e., is
machine_check_poll() reentrant and audited properly?
I hope I'm making more sense.
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists