Re: [PATCH v3] x86/mce: Set PG_hwpoison page flag to avoid the capture kernel panic

[Borislav Petkov]

On Sat, Oct 14, 2023 at 05:34:12PM +0800, Zhiquan Li wrote:
> Memory errors don't happen very often, especially the severity is fatal.
> However, in large-scale scenarios, such as data centers, it might still
> happen.  For some MCE fatal error cases, the kernel might call
> mce_panic() to terminate the production kernel directly, thus there is
> no opportunity to queue a task for calling memory_failure() which will
> try to make the kernel survive via memory failure handling.

You can't "make the kernel survive" if the error has been deemed
critical. That's mce_severity()'s job. If it grades the error's severity
wrongly and memory_failure() should run after all, then this is
a different story.

> @@ -286,6 +287,17 @@ static noinstr void mce_panic(const char *msg, struct mce *final, char *exp)
>  	if (!fake_panic) {
>  		if (panic_timeout == 0)
>  			panic_timeout = mca_cfg.panic_timeout;

This whole thing...

> +		/*
> +		 * Kdump can exclude the HWPoison page to avoid touching the error
> +		 * page again, the prerequisite is that the PG_hwpoison page flag is
> +		 * set.  However, for some MCE fatal error cases, there is no
> +		 * opportunity to queue a task for calling memory_failure(), and as a
> +		 * result, the capture kernel panics.  So mark the page as HWPoison
> +		 * before kernel panic() for MCE.
> +		 */
> +		p = pfn_to_online_page(final->addr >> PAGE_SHIFT);
> +		if (final && (final->status & MCI_STATUS_ADDRV) && p)
> +			SetPageHWPoison(p);

... needs to be inside:

	if (kexec_crash_loaded() {
		...
	}

otherwise it'll be useless work on the panic path.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette