Re: [PATCH -next v4 3/7] arm64: add support for machine check error safe

From: Tong Tiangen
Date: Thu May 26 2022 - 21:40:46 EST



在 2022/5/26 17:50, Mark Rutland 写道:
On Thu, May 26, 2022 at 11:36:41AM +0800, Tong Tiangen wrote:


在 2022/5/25 16:30, Mark Rutland 写道:
On Thu, May 19, 2022 at 02:29:54PM +0800, Tong Tiangen wrote:


在 2022/5/13 23:26, Mark Rutland 写道:
On Wed, Apr 20, 2022 at 03:04:14AM +0000, Tong Tiangen wrote:
During the processing of arm64 kernel hardware memory errors(do_sea()), if
the errors is consumed in the kernel, the current processing is panic.
However, it is not optimal.

Take uaccess for example, if the uaccess operation fails due to memory
error, only the user process will be affected, kill the user process
and isolate the user page with hardware memory errors is a better choice.

Conceptually, I'm fine with the idea of constraining what we do for a
true uaccess, but I don't like the implementation of this at all, and I
think we first need to clean up the arm64 extable usage to clearly
distinguish a uaccess from another access.

OK,using EX_TYPE_UACCESS and this extable type could be recover, this is
more reasonable.

Great.

For EX_TYPE_UACCESS_ERR_ZERO, today we use it for kernel accesses in a
couple of cases, such as
get_user/futex/__user_cache_maint()/__user_swpX_asm(),

Those are all user accesses.

However, __get_kernel_nofault() and __put_kernel_nofault() use
EX_TYPE_UACCESS_ERR_ZERO by way of __{get,put}_mem_asm(), so we'd need to
refactor that code to split the user/kernel cases higher up the callchain.

your suggestion is:
get_user continues to use EX_TYPE_UACCESS_ERR_ZERO and the other cases use
new type EX_TYPE_FIXUP_ERR_ZERO?

Yes, that's the rough shape. We could make the latter EX_TYPE_KACCESS_ERR_ZERO
to be clearly analogous to EX_TYPE_UACCESS_ERR_ZERO, and with that I susepct we
could remove EX_TYPE_FIXUP.

Thanks,
Mark.
According to your suggestion, i think the definition is like this:

#define EX_TYPE_NONE 0
#define EX_TYPE_FIXUP 1 --> delete
#define EX_TYPE_BPF 2
#define EX_TYPE_UACCESS_ERR_ZERO 3
#define EX_TYPE_LOAD_UNALIGNED_ZEROPAD 4
#define EX_TYPE_UACCESS xx --> add
#define EX_TYPE_KACCESS_ERR_ZERO xx --> add
[The value defined by the macro here is temporary]

Almost; you don't need to add EX_TYPE_UACCESS here, as you can use
EX_TYPE_UACCESS_ERR_ZERO for that.

We already have:

| #define _ASM_EXTABLE_UACCESS_ERR(insn, fixup, err) \
| _ASM_EXTABLE_UACCESS_ERR_ZERO(insn, fixup, err, wzr)

... and we can add:

| #define _ASM_EXTABLE_UACCESS(insn, fixup) \
| _ASM_EXTABLE_UACCESS_ERR_ZERO(insn, fixup, wzr, wzr)


... and maybe we should use 'xzr' rather than 'wzr' for clarity.

There are two points to modify:

1、_get_kernel_nofault() and __put_kernel_nofault() using
EX_TYPE_KACCESS_ERR_ZERO, Other positions using EX_TYPE_UACCESS_ERR_ZERO
keep unchanged.

That sounds right to me. This will require refactoring __raw_{get,put}_mem()
and __{get,put}_mem_asm().

2、delete EX_TYPE_FIXUP.

There is no doubt about others. As for EX_TYPE_FIXUP, I think it needs to be
retained, _cond_extable(EX_TYPE_FIXUP) is still in use in assembler.h.

We use _cond_extable for cache maintenance uaccesses, so those should be moved
over to to EX_TYPE_UACCESS_ERR_ZERO. We can rename _cond_extable to
_cond_uaccess_extable for clarity.

That will require restructuring asm-extable.h a bit. If that turns out to be
painful I'm happy to take a look.

Thanks,
Mark.

OK, I'll do it these days, thanks a lot.

.