Re: [PATCH v9 0/2] ACPI: APEI: handle synchronous errors in task work with proper si_code

From: James Morse
Date: Thu Nov 30 2023 - 12:43:53 EST

Next message: Guenter Roeck: "Re: [PATCH 5.15 00/69] 5.15.141-rc1 review"
Previous message: Bartosz Golaszewski: "Re: [PATCH v2 08/10] pinctrl: sppctl: use gpiochip_dup_line_label()"
In reply to: Borislav Petkov: "Re: [PATCH v9 0/2] ACPI: APEI: handle synchronous errors in task work with proper si_code"
Next in thread: Shuai Xue: "Re: [PATCH v9 0/2] ACPI: APEI: handle synchronous errors in task work with proper si_code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Boris,

On 30/11/2023 14:40, Borislav Petkov wrote:
> FTR, this is starting to make sense, thanks for explaining.
>
> Replying only to this one for now:
>
> On Thu, Nov 30, 2023 at 10:58:53AM +0800, Shuai Xue wrote:
>> To reproduce this problem:
>>
>> # STEP1: enable early kill mode
>> #sysctl -w vm.memory_failure_early_kill=1
>> vm.memory_failure_early_kill = 1
>>
>> # STEP2: inject an UCE error and consume it to trigger a synchronous error
>
> So this is for ARM folks to deal with, BUT:
>
> A consumed uncorrectable error on x86 means panic. On some hw like on
> AMD, that error doesn't even get seen by the OS but the hw does
> something called syncflood to prevent further error propagation. So
> there's no any action required - the hw does that.
>
> But I'd like to hear from ARM folks whether consuming an uncorrectable
> error even lets software run. Dunno.

I think we mean different things by 'consume' here.

I'd assume Shuai's test is poisoning a cache-line. When the CPU tries to access that
cache-line it will get an 'external abort' signal back from the memory system. Shuai - is
this what you mean by 'consume' - the CPU received external abort from the poisoned cache
line?

It's then up to the CPU whether it can put the world back in order to take this as
synchronous-external-abort or asynchronous-external-abort, which for arm64 are two
different interrupt/exception types.
The synchronous exceptions can't be masked, but the asynchronous one can.
If by the time the asynchronous-external-abort interrupt/exception has been unmasked, the
CPU has used the poisoned value in some calculation (which is what we usually mean by
consume) which has resulted in a memory access - it will report the error as 'uncontained'
because the error has been silently propagated. APEI should always report those a 'fatal',
and there is little point getting the OS involved at this point. Also in this category are
things like 'tag ram corruption', where you can no longer trust anything about memory.

Everything in this thread is about synchronous errors where this can't happen. The CPU
stops and does takes an interrupt/exception instead.

Thanks,

James

Next message: Guenter Roeck: "Re: [PATCH 5.15 00/69] 5.15.141-rc1 review"
Previous message: Bartosz Golaszewski: "Re: [PATCH v2 08/10] pinctrl: sppctl: use gpiochip_dup_line_label()"
In reply to: Borislav Petkov: "Re: [PATCH v9 0/2] ACPI: APEI: handle synchronous errors in task work with proper si_code"
Next in thread: Shuai Xue: "Re: [PATCH v9 0/2] ACPI: APEI: handle synchronous errors in task work with proper si_code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]