On Tue, Jun 23, 2020 at 09:17:45PM +0100, Matthew Wilcox wrote: > > Hardware actually tells us the blast radius of the error, but we ignore > it and take out the entire page. We've had a customer request to know > exactly how much of the page is damaged so they can avoid reconstructing > an entire 2MB page if only a single cacheline is damaged. > > This is only a strawman that I did in an hour or two; I'd appreciate > architectural-level feedback. Should I just convert memory_failure() to > always take an address & granularity? Should I create a struct to pass > around (page, phys, granularity) instead of reconstructing the missing > pieces in half a dozen functions? Is this functionality welcome at all, > or is the risk of upsetting applications which expect at least a page > of granularity too high? What is the interface to these applications that want finer granularity? Current code does very poorly with hugetlbfs pages ... user loses the whole 2 MB or 1GB. That's just silly (though I've been told that it is hard to fix because allowing a hugetlbfs page to be broken up at an arbitrary time as the result of a mahcine check means that the kernel needs locking around a bunch of fas paths that currently assume that a huge page will stay being a huge page). For sub-4K page usage, there are different problems. We can't leave the original page with the poisoned cache line mapped to the user as they may just access the poison data and trigger another machine check. But if we map in some different page with all the good bits copied, the user needs to be aware which parts of the page no longer have their data. -Tony
