| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <df40840d-e860-397d-60bd-02f4b2d0b433@huawei.com> Date: Fri, 14 Feb 2025 09:44:02 +0800 From: Tong Tiangen <tongtiangen@...wei.com> To: Catalin Marinas <catalin.marinas@....com> CC: Mark Rutland <mark.rutland@....com>, Jonathan Cameron <Jonathan.Cameron@...wei.com>, Mauro Carvalho Chehab <mchehab+huawei@...nel.org>, Will Deacon <will@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, James Morse <james.morse@....com>, Robin Murphy <robin.murphy@....com>, Andrey Konovalov <andreyknvl@...il.com>, Dmitry Vyukov <dvyukov@...gle.com>, Vincenzo Frascino <vincenzo.frascino@....com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Andrey Ryabinin <ryabinin.a.a@...il.com>, Alexander Potapenko <glider@...gle.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Aneesh Kumar K.V <aneesh.kumar@...nel.org>, "Naveen N. Rao" <naveen.n.rao@...ux.ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>, "H. Peter Anvin" <hpa@...or.com>, Madhavan Srinivasan <maddy@...ux.ibm.com>, <linux-arm-kernel@...ts.infradead.org>, <linux-mm@...ck.org>, <linuxppc-dev@...ts.ozlabs.org>, <linux-kernel@...r.kernel.org>, <kasan-dev@...glegroups.com>, <wangkefeng.wang@...wei.com>, Guohanjun <guohanjun@...wei.com> Subject: Re: [PATCH v13 2/5] arm64: add support for ARCH_HAS_COPY_MC 在 2025/2/13 0:21, Catalin Marinas 写道: > (catching up with old threads) > > On Mon, Dec 09, 2024 at 10:42:54AM +0800, Tong Tiangen wrote: >> For the arm64 kernel, when it processes hardware memory errors for >> synchronize notifications(do_sea()), if the errors is consumed within the >> kernel, the current processing is panic. However, it is not optimal. >> >> Take copy_from/to_user for example, If ld* triggers a memory error, even in >> kernel mode, only the associated process is affected. Killing the user >> process and isolating the corrupt page is a better choice. > > I agree that killing the user process and isolating the page is a better > choice but I don't see how the latter happens after this patch. Which > page would be isolated? The SEA is triggered when the page with hardware error is read. After that, the page is isolated in memory_failure() (mf). The processing of mf is mentioned in the comments of do_sea(). /* * APEI claimed this as a firmware-first notification. * Some processing deferred to task_work before ret_to_user(). */ Some processing include mf. > >> Add new fixup type EX_TYPE_KACCESS_ERR_ZERO_MEM_ERR to identify insn >> that can recover from memory errors triggered by access to kernel memory, >> and this fixup type is used in __arch_copy_to_user(), This make the regular >> copy_to_user() will handle kernel memory errors. > > Is the assumption that the error on accessing kernel memory is > transient? There's no way to isolate the kernel page and also no point > in isolating the destination page either. Yes, it's transient, the kernel page in mf can't be isolated, the transient access (ld) of this kernel page is currently expected to kill the user-mode process to avoid error spread. The SEA processes synchronization errors. Only hardware errors on the source page can be detected (Through synchronous ld insn) and processed. The destination page cannot be processed. >
Powered by blists - more mailing lists