lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20250930082927.18971-1-tianruidong@linux.alibaba.com>
Date: Tue, 30 Sep 2025 16:29:27 +0800
From: Ruidong Tian <tianruidong@...ux.alibaba.com>
To: xueshuai@...ux.alibaba.com,
	palmer@...belt.com,
	paul.walmsley@...ive.com,
	aou@...s.berkeley.edu,
	alex@...ti.fr,
	linux-riscv@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Cc: tianruidong@...ux.alibaba.com
Subject: [PATCH] riscv: mm: Add proper handling for HWPOISON faults

From: winterddd <tianruidong@...ux.alibaba.com>

Currently, the RISC-V fault handler treats memory poisoning faults
(VM_FAULT_HWPOISON and VM_FAULT_HWPOISON_LARGE) as a generic bus error
(BUS_ADRERR). This is incorrect as it loses crucial information about
the nature of the error.

As for describe in [0], A SIGBUS is sent with the correct machine check
error code (BUS_MCEERR_AR) and populates `si_addr_lsb`(log2 of the
corruption page size) in siginfo while there is page fault with poison
page.

The logic is based on the existing arm64 implementation for handling
HWPOISON.

Testing
--------------
ras-tools[0] is used to test.

./einj_mem_uc -j -k single &

echo 0x107943b400 > /sys/devices/system/memory/hard_offline_page

echo trigger > ./trigger_start

before apply this patch:
	signal 7 code 2 addr 0x7fff95bdc400
after apply this patch:
	signal 7 code 4 addr 0x7fff95bdc400

[0]: https://www.man7.org/linux/man-pages/man2/sigaction.2.html
[1]: https://kernel.googlesource.com/pub/scm/linux/kernel/git/aegl/ras-tools/

Signed-off-by: Ruidong Tian <tianruidong@...ux.alibaba.com>
---
 arch/riscv/include/asm/bug.h |  1 +
 arch/riscv/kernel/traps.c    | 32 ++++++++++++++++++++++----------
 arch/riscv/mm/fault.c        | 12 +++++++++++-
 3 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/arch/riscv/include/asm/bug.h b/arch/riscv/include/asm/bug.h
index 4c03e20ad11f..23711f2ffae3 100644
--- a/arch/riscv/include/asm/bug.h
+++ b/arch/riscv/include/asm/bug.h
@@ -95,5 +95,6 @@ struct task_struct;
 void __show_regs(struct pt_regs *regs);
 void die(struct pt_regs *regs, const char *str);
 void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr);
+void riscv_force_sig_mceerr(int code, unsigned long addr, short lsb);
 
 #endif /* _ASM_RISCV_BUG_H */
diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
index d46347482509..17dad6f8d678 100644
--- a/arch/riscv/kernel/traps.c
+++ b/arch/riscv/kernel/traps.c
@@ -113,20 +113,32 @@ void die(struct pt_regs *regs, const char *str)
 		make_task_dead(SIGSEGV);
 }
 
-void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
+static void riscv_show_signal(int signo, int code, unsigned long addr)
 {
 	struct task_struct *tsk = current;
+	struct pt_regs *regs = task_pt_regs(tsk);
 
-	if (show_unhandled_signals && unhandled_signal(tsk, signo)
-	    && printk_ratelimit()) {
-		pr_info("%s[%d]: unhandled signal %d code 0x%x at 0x" REG_FMT,
-			tsk->comm, task_pid_nr(tsk), signo, code, addr);
-		print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
-		pr_cont("\n");
-		__show_regs(regs);
-		dump_instr(KERN_INFO, regs);
-	}
+	if (!show_unhandled_signals || !unhandled_signal(tsk, signo)
+	    || !printk_ratelimit())
+		return;
+
+	pr_info("%s[%d]: unhandled signal %d code 0x%x at 0x" REG_FMT,
+		tsk->comm, task_pid_nr(tsk), signo, code, addr);
+	print_vma_addr(KERN_CONT " in ", instruction_pointer(regs));
+	pr_cont("\n");
+	__show_regs(regs);
+	dump_instr(KERN_INFO, regs);
+}
 
+void riscv_force_sig_mceerr(int code, unsigned long addr, short lsb)
+{
+	riscv_show_signal(SIGBUS, code, addr);
+	force_sig_mceerr(code, (void __user *)addr, lsb);
+}
+
+void do_trap(struct pt_regs *regs, int signo, int code, unsigned long addr)
+{
+	riscv_show_signal(signo, code, addr);
 	force_sig_fault(signo, code, (void __user *)addr);
 }
 
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 04ed6f8acae4..a6ccc4ab3a75 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -16,6 +16,7 @@
 #include <linux/kprobes.h>
 #include <linux/kfence.h>
 #include <linux/entry-common.h>
+#include <linux/hugetlb.h>
 
 #include <asm/ptrace.h>
 #include <asm/tlbflush.h>
@@ -128,10 +129,19 @@ static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr, vm_f
 		 */
 		pagefault_out_of_memory();
 		return;
-	} else if (fault & (VM_FAULT_SIGBUS | VM_FAULT_HWPOISON | VM_FAULT_HWPOISON_LARGE)) {
+	} else if (fault & VM_FAULT_SIGBUS) {
 		/* Kernel mode? Handle exceptions or die */
 		do_trap(regs, SIGBUS, BUS_ADRERR, addr);
 		return;
+	} else if (fault & (VM_FAULT_HWPOISON_LARGE | VM_FAULT_HWPOISON)) {
+		unsigned int lsb;
+
+		lsb = PAGE_SHIFT;
+		if (fault & VM_FAULT_HWPOISON_LARGE)
+			lsb = hstate_index_to_shift(VM_FAULT_GET_HINDEX(fault));
+
+		riscv_force_sig_mceerr(BUS_MCEERR_AR, addr, lsb);
+		return;
 	} else if (fault & VM_FAULT_SIGSEGV) {
 		do_trap(regs, SIGSEGV, SEGV_MAPERR, addr);
 		return;
-- 
2.43.7

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ