On Mon, Mar 22, 2021 at 11:52:33AM +0800, Aili Yao wrote: > Hi Andrew: > > Thanks for mergeing v3 patch into mm, but there is still a modification suggested by > Matthew Wilcox needing to finish. I am not sure how does the right process works. I post patch v4 > here, if anythong wrong, please point out. > > Thanks! > > > When we do coredump for user process signal, this may be an SIGBUS signal > with BUS_MCEERR_AR or BUS_MCEERR_AO code, which means this signal is > resulted from ECC memory fail like SRAR or SRAO, we expect the memory > recovery work is finished correctly, then the get_dump_page() will not > return the error page as its process pte is set invalid by > memory_failure(). > > But memory_failure() may fail, and the process's related pte may not be > correctly set invalid, for current code, we will return the poison page, > get it dumped, and then lead to system panic as its in kernel code. > > So check the poison status in get_dump_page(), and if TRUE, return NULL. > > There maybe other scenario that is also better to check the posion status > and not to panic, so make a wrapper for this check, Thanks to David's > suggestion(<david@xxxxxxxxxx>). > > Link: https://lkml.kernel.org/r/20210319104437.6f30e80d@alex-virtual-machine > Signed-off-by: Aili Yao <yaoaili@xxxxxxxxxxxx> > Cc: David Hildenbrand <david@xxxxxxxxxx> > Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx> > Cc: Naoya Horiguchi <naoya.horiguchi@xxxxxxx> > Cc: Oscar Salvador <osalvador@xxxxxxx> > Cc: Mike Kravetz <mike.kravetz@xxxxxxxxxx> > Cc: Aili Yao <yaoaili@xxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Thank you. This is a simple and clear fix, so I think it's worth ccing to -stable. > --- > mm/gup.c | 4 ++++ > mm/internal.h | 20 ++++++++++++++++++++ > 2 files changed, 24 insertions(+) > > diff --git a/mm/gup.c b/mm/gup.c > index e4c224c..dcabe96 100644 > --- a/mm/gup.c > +++ b/mm/gup.c > @@ -1536,6 +1536,10 @@ struct page *get_dump_page(unsigned long addr) > FOLL_FORCE | FOLL_DUMP | FOLL_GET); > if (locked) > mmap_read_unlock(mm); > + > + if (ret == 1 && is_page_poisoned(page)) > + return NULL; > + > return (ret == 1) ? page : NULL; > } > #endif /* CONFIG_ELF_CORE */ > diff --git a/mm/internal.h b/mm/internal.h > index 25d2b2439..dcd2051 100644 > --- a/mm/internal.h > +++ b/mm/internal.h > @@ -97,6 +97,26 @@ static inline void set_page_refcounted(struct page *page) > set_page_count(page, 1); > } > > +/* > + * When kernel touch the user page, the user page may be have been marked > + * poison but still mapped in user space, if without this page, the kernel > + * can guarantee the data integrity and operation success, the kernel is > + * better to check the posion status and avoid touching it, be good not to > + * panic, coredump for process fatal signal is a sample case matching this > + * scenario. Or if kernel can't guarantee the data integrity, it's better > + * not to call this function, let kernel touch the poison page and get to > + * panic. > + */ > +static inline bool is_page_poisoned(struct page *page) The word "poison" is abused even in mm subsystem, so please use "hwpoison" to be distinct. And please send a patch to linux-mm for review instead of replying to this thread. Thanks, Naoya Horiguchi > +{ > + if (PageHWPoison(page)) > + return true; > + else if (PageHuge(page) && PageHWPoison(compound_head(page))) > + return true; > + > + return false; > +} > + > extern unsigned long highest_memmap_pfn; > > /* > -- > 1.8.3.1 >
