| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <353809e7-5373-0d54-6ddb-767bc5af9e5f@huawei.com>
Date: Fri, 18 Apr 2025 15:48:00 +0800
From: Hanjun Guo <guohanjun@...wei.com>
To: Shuai Xue <xueshuai@...ux.alibaba.com>, <catalin.marinas@....com>,
<sudeep.holla@....com>, <lpieralisi@...nel.org>,
<linux-acpi@...r.kernel.org>, <yazen.ghannam@....com>,
<mark.rutland@....com>, <mingo@...hat.com>, <robin.murphy@....com>,
<Jonathan.Cameron@...wei.com>, <bp@...en8.de>, <rafael@...nel.org>,
<linux-arm-kernel@...ts.infradead.org>, <wangkefeng.wang@...wei.com>,
<tanxiaofei@...wei.com>, <mawupeng1@...wei.com>, <tony.luck@...el.com>,
<linmiaohe@...wei.com>, <naoya.horiguchi@....com>, <james.morse@....com>,
<tongtiangen@...wei.com>, <gregkh@...uxfoundation.org>, <will@...nel.org>,
<jarkko@...nel.org>
CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>,
<akpm@...ux-foundation.org>, <linux-edac@...r.kernel.org>, <x86@...nel.org>,
<justin.he@....com>, <ardb@...nel.org>, <ying.huang@...ux.alibaba.com>,
<ashish.kalra@....com>, <baolin.wang@...ux.alibaba.com>,
<tglx@...utronix.de>, <dave.hansen@...ux.intel.com>, <lenb@...nel.org>,
<hpa@...or.com>, <robert.moore@...el.com>, <lvying6@...wei.com>,
<xiexiuqi@...wei.com>, <zhuo.song@...ux.alibaba.com>
Subject: Re: [RESEND PATCH v18 1/2] ACPI: APEI: send SIGBUS to current task if
synchronous memory error not recovered
On 2025/4/14 23:02, Shuai Xue wrote:
>
>
> 在 2025/4/14 22:37, Hanjun Guo 写道:
>> On 2025/4/4 19:20, Shuai Xue wrote:
>>> Synchronous error was detected as a result of user-space process
>>> accessing
>>> a 2-bit uncorrected error. The CPU will take a synchronous error
>>> exception
>>> such as Synchronous External Abort (SEA) on Arm64. The kernel will
>>> queue a
>>> memory_failure() work which poisons the related page, unmaps the
>>> page, and
>>> then sends a SIGBUS to the process, so that a system wide panic can be
>>> avoided.
>>>
>>> However, no memory_failure() work will be queued when abnormal
>>> synchronous
>>> errors occur. These errors can include situations such as invalid PA,
>>> unexpected severity, no memory failure config support, invalid GUID
>>> section, etc. In such case, the user-space process will trigger SEA
>>> again.
>>> This loop can potentially exceed the platform firmware threshold or even
>>> trigger a kernel hard lockup, leading to a system reboot.
>>>
>>> Fix it by performing a force kill if no memory_failure() work is queued
>>> for synchronous errors.
>>>
>>> Signed-off-by: Shuai Xue <xueshuai@...ux.alibaba.com>
>>> Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
>>> Reviewed-by: Jonathan Cameron <Jonathan.Cameron@...wei.com>
>>> Reviewed-by: Yazen Ghannam <yazen.ghannam@....com>
>>> Reviewed-by: Jane Chu <jane.chu@...cle.com>
>>> ---
>>> drivers/acpi/apei/ghes.c | 11 +++++++++++
>>> 1 file changed, 11 insertions(+)
>>>
>>> diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
>>> index b72772494655..50e4d924aa8b 100644
>>> --- a/drivers/acpi/apei/ghes.c
>>> +++ b/drivers/acpi/apei/ghes.c
>>> @@ -799,6 +799,17 @@ static bool ghes_do_proc(struct ghes *ghes,
>>> }
>>> }
>>> + /*
>>> + * If no memory failure work is queued for abnormal synchronous
>>> + * errors, do a force kill.
>>> + */
>>> + if (sync && !queued) {
>>> + dev_err(ghes->dev,
>>> + HW_ERR GHES_PFX "%s:%d: synchronous unrecoverable error
>>> (SIGBUS)\n",
>>> + current->comm, task_pid_nr(current));
>>> + force_sig(SIGBUS);
>>> + }
>>
>> I think it's reasonable to send a force kill to the task when the
>> synchronous memory error is not recovered.
>>
>> But I hope this code will not trigger some legacy firmware issues,
>> let's be careful for this, so can we just introduce arch specific
>> callbacks for this?
>
> Sorry, can you give more details? I am not sure I got your point.
>
> For x86, Tony confirmed that ghes will not dispatch x86 synchronous errors
> (a.k.a machine check exception), in previous vesion.
> Sync is only used in arm64 platform, see is_hest_sync_notify().
Sorry for the late reply, from the code I can see that x86 will reuse
ghes_do_proc(), if Tony confirmed that x86 is OK, it's OK to me as well.
Thanks
Hanjun
Powered by blists - more mailing lists