| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0c0bc332-0323-4e43-a96b-dd5f5957ecc9@huawei.com>
Date: Mon, 14 Apr 2025 22:37:21 +0800
From: Hanjun Guo <guohanjun@...wei.com>
To: Shuai Xue <xueshuai@...ux.alibaba.com>, <catalin.marinas@....com>,
<sudeep.holla@....com>, <lpieralisi@...nel.org>,
<linux-acpi@...r.kernel.org>, <yazen.ghannam@....com>,
<mark.rutland@....com>, <mingo@...hat.com>, <robin.murphy@....com>,
<Jonathan.Cameron@...wei.com>, <bp@...en8.de>, <rafael@...nel.org>,
<linux-arm-kernel@...ts.infradead.org>, <wangkefeng.wang@...wei.com>,
<tanxiaofei@...wei.com>, <mawupeng1@...wei.com>, <tony.luck@...el.com>,
<linmiaohe@...wei.com>, <naoya.horiguchi@....com>, <james.morse@....com>,
<tongtiangen@...wei.com>, <gregkh@...uxfoundation.org>, <will@...nel.org>,
<jarkko@...nel.org>
CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<akpm@...ux-foundation.org>, <linux-edac@...r.kernel.org>, <x86@...nel.org>,
<justin.he@....com>, <ardb@...nel.org>, <ying.huang@...ux.alibaba.com>,
<ashish.kalra@....com>, <baolin.wang@...ux.alibaba.com>,
<tglx@...utronix.de>, <dave.hansen@...ux.intel.com>, <lenb@...nel.org>,
<hpa@...or.com>, <robert.moore@...el.com>, <lvying6@...wei.com>,
<xiexiuqi@...wei.com>, <zhuo.song@...ux.alibaba.com>
Subject: Re: [RESEND PATCH v18 1/2] ACPI: APEI: send SIGBUS to current task if
synchronous memory error not recovered
On 2025/4/4 19:20, Shuai Xue wrote:
> Synchronous error was detected as a result of user-space process accessing
> a 2-bit uncorrected error. The CPU will take a synchronous error exception
> such as Synchronous External Abort (SEA) on Arm64. The kernel will queue a
> memory_failure() work which poisons the related page, unmaps the page, and
> then sends a SIGBUS to the process, so that a system wide panic can be
> avoided.
>
> However, no memory_failure() work will be queued when abnormal synchronous
> errors occur. These errors can include situations such as invalid PA,
> unexpected severity, no memory failure config support, invalid GUID
> section, etc. In such case, the user-space process will trigger SEA again.
> This loop can potentially exceed the platform firmware threshold or even
> trigger a kernel hard lockup, leading to a system reboot.
>
> Fix it by performing a force kill if no memory_failure() work is queued
> for synchronous errors.
>
> Signed-off-by: Shuai Xue <xueshuai@...ux.alibaba.com>
> Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@...wei.com>
> Reviewed-by: Yazen Ghannam <yazen.ghannam@....com>
> Reviewed-by: Jane Chu <jane.chu@...cle.com>
> ---
> drivers/acpi/apei/ghes.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
> index b72772494655..50e4d924aa8b 100644
> --- a/drivers/acpi/apei/ghes.c
> +++ b/drivers/acpi/apei/ghes.c
> @@ -799,6 +799,17 @@ static bool ghes_do_proc(struct ghes *ghes,
> }
> }
>
> + /*
> + * If no memory failure work is queued for abnormal synchronous
> + * errors, do a force kill.
> + */
> + if (sync && !queued) {
> + dev_err(ghes->dev,
> + HW_ERR GHES_PFX "%s:%d: synchronous unrecoverable error (SIGBUS)\n",
> + current->comm, task_pid_nr(current));
> + force_sig(SIGBUS);
> + }
I think it's reasonable to send a force kill to the task when the
synchronous memory error is not recovered.
But I hope this code will not trigger some legacy firmware issues,
let's be careful for this, so can we just introduce arch specific
callbacks for this?
Thanks
Hanjun
Powered by blists - more mailing lists