Unverified Commit fd124538 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!251 [OLK-5.10] arm64: add machine checksafe support 

Merge Pull Request from: @ma-wupeng 
 
With the increase of memory capacity and density, the probability of
memory error increases. The increasing size and density of server RAM
in the data center and cloud have shown increased uncorrectable memory
errors.

Currently, the kernel has a mechanism to recover from hardware memory
errors. This patchset provides an new recovery mechanism.

For arm64, the hardware memory error handling is do_sea() which divided
into two cases:

The user state consumed the memory errors, the solution is kill the
user process and isolate the error page.
The kernel state consumed the memory errors, the solution is panic.
For case 2, Undifferentiated panic maybe not the optimal choice, it can be
handled better, in some scenarios, we can avoid panic, such as uaccess, if
the uaccess fails due to memory error, only the user process will be affected,
kill the user process and isolate the user page with hardware memory errors
is a better choice.

PR form 22.09:  
 
Link:https://gitee.com/openeuler/kernel/pulls/251

 
Reviewed-by: default avatarKefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parents d8dfe441 6a228a8e

Documentation/admin-guide/sysctl/kernel.rst

+21 −17
Original line number Diff line number Diff line
@@ -478,6 +478,27 @@ if leaking kernel pointer values to unprivileged users is a concern. 
When ``kptr_restrict`` is set to 2, kernel pointers printed using

%pK will be replaced with 0s regardless of privileges.



machine_check_safe (arm64 only)

================================



Controls the kernel's behaviour when an hardware memory error is

encountered in the following scenarios:



=  ===================

1  cow

2  copy_mc_to_kernel

3  copy_from_user

4  copy_to_user

5  get_user

6  put_user

=  ===================



Correspondence between sysctl value and behavior:



= =======================

0 Kernel panic

1 Kill related processes

= =======================



modprobe

========
@@ -1521,20 +1542,3 @@ is 10 seconds. 


The softlockup threshold is (``2 * watchdog_thresh``). Setting this

tunable to zero will disable lockup detection altogether.
 


uce_kernel_recovery(ARM64 only)

===============================



This value can be used to control whether panic the kernel when UCE RAS

errors occur in a specific scenario. Each bit controls a scene, 1 means

avoid kernel panic when encountering UCE RAS error in this scenario, and

0 means kernel panic.



Current usage of each bit:



============  ==============

bit0          reserved

bit1          reserved

bit2          copy_from_user

bit3 ~ bit31  reserved

============  ==============

arch/arm64/Kconfig

+5 −9
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ config ARM64 
	select ACPI_PPTT if ACPI

	select ARCH_HAS_DEBUG_WX

	select ARCH_BINFMT_ELF_STATE

	select ARCH_HAS_COPY_MC if ACPI_APEI_GHES

	select ARCH_HAS_DEBUG_VIRTUAL

	select ARCH_HAS_DEBUG_VM_PGTABLE

	select ARCH_HAS_DEVMEM_IS_ALLOWED
@@ -22,6 +23,7 @@ config ARM64 
	select ARCH_HAS_GIGANTIC_PAGE

	select ARCH_HAS_KCOV

	select ARCH_HAS_KEEPINITRD

	select ARCH_HAS_MC_EXTABLE if ARCH_HAS_COPY_MC

	select ARCH_HAS_MEMBARRIER_SYNC_CORE

	select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE

	select ARCH_HAS_PTE_DEVMAP
@@ -1171,6 +1173,9 @@ config ARCH_LLC_128_LINE_SIZE 
config ARCH_HAS_FILTER_PGPROT

	def_bool y



config ARCH_HAS_MC_EXTABLE

	bool



config ARCH_ENABLE_SPLIT_PMD_PTLOCK

	def_bool y if PGTABLE_LEVELS > 2
@@ -1647,15 +1652,6 @@ config ARM64_CNP 
	  at runtime, and does not affect PEs that do not implement

	  this feature.



config ARM64_UCE_KERNEL_RECOVERY

	bool "arm64 uce kernel recovery for special scenario"

	depends on ACPI_APEI_SEA

	help

	  With ARM v8.2 RAS Extension, SEA are usually triggered when memory

	  error are consumed. In some cases, if the error address is in a

	  user page there is a chance to recover. we can isolate this page

	  and killing process instead of die.



endmenu



menu "ARMv8.3 architectural features"

arch/arm64/configs/openeuler_defconfig

+0 −1
Original line number Diff line number Diff line
@@ -466,7 +466,6 @@ CONFIG_ARM64_UAO=y 
CONFIG_ARM64_PMEM=y

CONFIG_ARM64_RAS_EXTN=y

CONFIG_ARM64_CNP=y

CONFIG_ARM64_UCE_KERNEL_RECOVERY=y

# end of ARMv8.2 architectural features



#

arch/arm64/include/asm/asm-uaccess.h

+5 −0
Original line number Diff line number Diff line
@@ -70,6 +70,9 @@ alternative_else_nop_endif 


		_asm_extable	8888b,\l;

		_asm_extable	8889b,\l;



		_asm_mc_extable	8888b,\l;

		_asm_mc_extable	8889b,\l;

	.endm



	.macro user_stp l, reg1, reg2, addr, post_inc
@@ -86,5 +89,7 @@ alternative_else_nop_endif 
		add		\addr, \addr, \post_inc;



		_asm_extable	8888b,\l;



		_asm_mc_extable	8888b,\l;

	.endm

#endif

arch/arm64/include/asm/assembler.h

+25 −1
Original line number Diff line number Diff line
@@ -145,9 +145,33 @@ alternative_endif 
	.popsection

	.endm



/*

 * Emit an entry into the machine check exception table

 */

#ifdef CONFIG_ARCH_HAS_MC_EXTABLE

	.macro		_asm_mc_extable, from, to

	.pushsection	__mc_ex_table, "a"

	.align		3

	.long		(\from - .), (\to - .)

	.popsection

	.endm

#else

	.macro		_asm_mc_extable, from, to

	.endm

#endif



#define USER(l, x...)				\

9999:	x;					\

	_asm_extable	9999b, l

	_asm_extable	9999b, l;		\

	_asm_mc_extable	9999b, l



#define USER_MC(l, x...)			\

9999:	x;					\

	_asm_mc_extable	9999b, l



#define CPY_MC(l, x...)				\

9999:   x;					\

	_asm_mc_extable  9999b, l



/*

 * Register aliases.