Machine check recovery from uncorrected memory errors currently focusses primarily on errors that are detected while running in user mode. There is a mechanism for recovering from errors in kernel code, but it is currently only used for memcpy_mcsafe().
The existing recover actions for errors found in user mode (unmap the page and send SIGBUS to the task) can also be applied when the error is found while copying data from user space to the kernel. Roadmap to this series: 0001: Could be applied as a standalone optimization. But is essential to this series because mce_reign() does not have access to the saved registers from the CPU that hit the error. So it can't recompute severity correctly for this new class of recoverable error. 0002: First piece of infrastructure update. Severity calculations need access to the saved registers. So pass pointer down the call chain. 0003: Later we need to know what type of exception handler is present for a given kernel instruction. Rather than proliferate more functions like ex_has_fault_handler() for each type, replace with a function that looks up the handler and returns an enum describing the type. 0004: Need slightly different handling for *copy_user*() faults from get_user() faults. Create a new exception table tag and apply to the copy functions. 0005: In fixup path of copy functions avoid dealing with the tail when the copy took a machine check by returning that there are no bytes left to be copied. 0006: For the REP MOVS copy case we need to check if %rsi is a user or kernel address. There's already a static function to do this. Make it global so x86/mce code can share the goodness. 0007: New function to get the user virtual address that was used for a user access that hit a machine check. Add the code fragment into do_machine_check() to take recovery actions. Does nothing at this point because severity code to detect copy from user case and set the kflags MCE_IN_KERNEL_COPYIN bit is in last patch of series. 0008: Finally the keystone patch that pulls all the parts together. An instruction decoder figures out whether an instruction tagged as accessing user space is reading from or writing to user space. The instructions in the switch were found experimentally by looking at what instructions in the base kernel are tagged in the exception table. I didn't add the atomic operations (0x87 = XCHG etc.) that both read and write user addresses. I think they should be safe, but I need a test case where a futex has been poisoned to check. Probably this switch should be expanded with all the instructions that the compiler could possibly generate that read from user space. Tony Luck (4): x86/mce: Stop mce_reign() from re-computing severity for every CPU x86/mce: Provide method to find out the type of exception handle x86/mce: Avoid tail copy when machine check terminated a copy from user x86/mce: Decode a kernel instruction to determine if it is copying from user Youquan Song (4): x86/mce: Pass pointer to saved pt_regs to severity calculation routines x86/mce: Add _ASM_EXTABLE_CPY for copy user access x86/mce: Change fault_in_kernel_space() from static to global x86/mce: Recover from poison found while copying from user space arch/x86/include/asm/asm.h | 6 ++ arch/x86/include/asm/extable.h | 9 ++- arch/x86/include/asm/mce.h | 1 + arch/x86/include/asm/traps.h | 2 + arch/x86/kernel/cpu/mce/core.c | 89 ++++++++++++++++++++----- arch/x86/kernel/cpu/mce/internal.h | 3 +- arch/x86/kernel/cpu/mce/severity.c | 49 ++++++++++++-- arch/x86/lib/copy_user_64.S | 103 +++++++++++++++-------------- arch/x86/mm/extable.c | 24 +++++-- arch/x86/mm/fault.c | 2 +- include/linux/sched.h | 1 + 11 files changed, 210 insertions(+), 79 deletions(-) -- 2.21.1