[RESEND PATCH v18 1/2] ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered

Fri Apr 18 00:48:00 PDT 2025

On 2025/4/14 23:02, Shuai Xue wrote:
> 
> 
> 在 2025/4/14 22:37, Hanjun Guo 写道:
>> On 2025/4/4 19:20, Shuai Xue wrote:
>>> Synchronous error was detected as a result of user-space process 
>>> accessing
>>> a 2-bit uncorrected error. The CPU will take a synchronous error 
>>> exception
>>> such as Synchronous External Abort (SEA) on Arm64. The kernel will 
>>> queue a
>>> memory_failure() work which poisons the related page, unmaps the 
>>> page, and
>>> then sends a SIGBUS to the process, so that a system wide panic can be
>>> avoided.
>>>
>>> However, no memory_failure() work will be queued when abnormal 
>>> synchronous
>>> errors occur. These errors can include situations such as invalid PA,
>>> unexpected severity, no memory failure config support, invalid GUID
>>> section, etc. In such case, the user-space process will trigger SEA 
>>> again.
>>> This loop can potentially exceed the platform firmware threshold or even
>>> trigger a kernel hard lockup, leading to a system reboot.
>>>
>>> Fix it by performing a force kill if no memory_failure() work is queued
>>> for synchronous errors.
>>>
>>> Signed-off-by: Shuai Xue <xueshuai at linux.alibaba.com>
>>> Reviewed-by: Jarkko Sakkinen <jarkko at kernel.org>
>>> Reviewed-by: Jonathan Cameron <Jonathan.Cameron at huawei.com>
>>> Reviewed-by: Yazen Ghannam <yazen.ghannam at amd.com>
>>> Reviewed-by: Jane Chu <jane.chu at oracle.com>
>>> ---
>>>   drivers/acpi/apei/ghes.c | 11 +++++++++++
>>>   1 file changed, 11 insertions(+)
>>>
>>> diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
>>> index b72772494655..50e4d924aa8b 100644
>>> --- a/drivers/acpi/apei/ghes.c
>>> +++ b/drivers/acpi/apei/ghes.c
>>> @@ -799,6 +799,17 @@ static bool ghes_do_proc(struct ghes *ghes,
>>>           }
>>>       }
>>> +    /*
>>> +     * If no memory failure work is queued for abnormal synchronous
>>> +     * errors, do a force kill.
>>> +     */
>>> +    if (sync && !queued) {
>>> +        dev_err(ghes->dev,
>>> +            HW_ERR GHES_PFX "%s:%d: synchronous unrecoverable error 
>>> (SIGBUS)\n",
>>> +            current->comm, task_pid_nr(current));
>>> +        force_sig(SIGBUS);
>>> +    }
>>
>> I think it's reasonable to send a force kill to the task when the
>> synchronous memory error is not recovered.
>>
>> But I hope this code will not trigger some legacy firmware issues,
>> let's be careful for this, so can we just introduce arch specific
>> callbacks for this?
> 
> Sorry, can you give more details? I am not sure I got your point.
> 
> For x86, Tony confirmed that ghes will not dispatch x86 synchronous errors
> (a.k.a machine check exception), in previous vesion.
> Sync is only used in arm64 platform, see is_hest_sync_notify().

Sorry for the late reply, from the code I can see that x86 will reuse
ghes_do_proc(), if Tony confirmed that x86 is OK, it's OK to me as well.

Thanks
Hanjun