On 2026/6/9 18:56, Breno Leitao wrote: > Add a sysctl panic_on_unrecoverable_memory_failure (disabled by > default) that triggers a kernel panic when memory_failure() > encounters pages that cannot be recovered. This provides a clean > crash with useful debug information rather than allowing silent > data corruption or a delayed crash at an unrelated code path. > > Panic eligibility is intentionally narrow: only MF_MSG_KERNEL with > result == MF_IGNORED panics. After the previous patch, MF_MSG_KERNEL > covers PG_reserved pages and the kernel-owned pages promoted from > get_hwpoison_page() via -ENOTRECOVERABLE (slab, page tables, > large-kmalloc). > > All other action types are excluded: > > - MF_MSG_GET_HWPOISON and MF_MSG_KERNEL_HIGH_ORDER can be reached by > transient refcount races with the page allocator (an in-flight buddy > allocation has refcount 0 and is no longer on the buddy free list, > briefly), and panicking on them would risk killing the box for what > is actually a recoverable userspace page. > > - MF_MSG_UNKNOWN means identify_page_state() could not classify the > page; that is precisely the wrong basis for a panic decision. > > Signed-off-by: Breno Leitao <[email protected]>
Acked-by: Miaohe Lin <[email protected]> Thanks. .
