Commit d1fe111f authored by luofei's avatar luofei Committed by Linus Torvalds
Browse files

mm/hwpoison: avoid the impact of hwpoison_filter() return value on mce handler 

When the hwpoison page meets the filter conditions, it should not be
regarded as successful memory_failure() processing for mce handler, but
should return a distinct value, otherwise mce handler regards the error
page has been identified and isolated, which may lead to calling
set_mce_nospec() to change page attribute, etc.

Here memory_failure() return -EOPNOTSUPP to indicate that the error
event is filtered, mce handler should not take any action for this
situation and hwpoison injector should treat as correct.

Link: https://lkml.kernel.org/r/20220223082135.2769649-1-luofei@unicloud.com


Signed-off-by: default avatarluofei <luofei@unicloud.com>
Acked-by: default avatarBorislav Petkov <bp@suse.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Naoya Horiguchi <naoya.horiguchi@nec.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Tony Luck <tony.luck@intel.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent a581865e

arch/x86/kernel/cpu/mce/core.c

+5 −3
Original line number Diff line number Diff line
@@ -1304,10 +1304,12 @@ static void kill_me_maybe(struct callback_head *cb) 


	/*

	 * -EHWPOISON from memory_failure() means that it already sent SIGBUS

	 * to the current process with the proper error info, so no need to

	 * send SIGBUS here again.

	 * to the current process with the proper error info,

	 * -EOPNOTSUPP means hwpoison_filter() filtered the error event,

	 *

	 * In both cases, no further processing is required.

	 */

	if (ret == -EHWPOISON)

	if (ret == -EHWPOISON || ret == -EOPNOTSUPP)

		return;



	pr_err("Memory error not recovered");

drivers/base/memory.c

+2 −0
Original line number Diff line number Diff line
@@ -555,6 +555,8 @@ static ssize_t hard_offline_page_store(struct device *dev, 
		return -EINVAL;

	pfn >>= PAGE_SHIFT;

	ret = memory_failure(pfn, 0);

	if (ret == -EOPNOTSUPP)

		ret = 0;

	return ret ? ret : count;

}

mm/hwpoison-inject.c

+2 −1
Original line number Diff line number Diff line
@@ -48,7 +48,8 @@ static int hwpoison_inject(void *data, u64 val) 


inject:

	pr_info("Injecting memory failure at pfn %#lx\n", pfn);

	return memory_failure(pfn, 0);

	err = memory_failure(pfn, 0);

	return (err == -EOPNOTSUPP) ? 0 : err;

}



static int hwpoison_unpoison(void *data, u64 val)

mm/madvise.c

+2 −0
Original line number Diff line number Diff line
@@ -1067,6 +1067,8 @@ static int madvise_inject_error(int behavior, 
			pr_info("Injecting memory failure for pfn %#lx at process virtual address %#lx\n",

				 pfn, start);

			ret = memory_failure(pfn, MF_COUNT_INCREASED);

			if (ret == -EOPNOTSUPP)

				ret = 0;

		}



		if (ret)

mm/memory-failure.c

+7 −2
Original line number Diff line number Diff line
@@ -1515,7 +1515,7 @@ static int memory_failure_hugetlb(unsigned long pfn, int flags) 
				if (TestClearPageHWPoison(head))

					num_poisoned_pages_dec();

				unlock_page(head);

				return 0;

				return -EOPNOTSUPP;

			}

			unlock_page(head);

			res = MF_FAILED;
@@ -1602,7 +1602,7 @@ static int memory_failure_dev_pagemap(unsigned long pfn, int flags, 
		goto out;



	if (hwpoison_filter(page)) {

		rc = 0;

		rc = -EOPNOTSUPP;

		goto unlock;

	}
@@ -1671,6 +1671,10 @@ static DEFINE_MUTEX(mf_mutex); 
 *

 * Must run in process context (e.g. a work queue) with interrupts

 * enabled and no spinlocks hold.

 *

 * Return: 0 for successfully handled the memory error,

 *         -EOPNOTSUPP for memory_filter() filtered the error event,

 *         < 0(except -EOPNOTSUPP) on failure.

 */

int memory_failure(unsigned long pfn, int flags)

{
@@ -1836,6 +1840,7 @@ int memory_failure(unsigned long pfn, int flags) 
			num_poisoned_pages_dec();

		unlock_page(p);

		put_page(p);

		res = -EOPNOTSUPP;

		goto unlock_mutex;

	}