diff options
author | Andi Kleen <andi@firstfloor.org> | 2009-05-27 15:56:59 -0400 |
---|---|---|
committer | H. Peter Anvin <hpa@zytor.com> | 2009-06-03 17:48:59 -0400 |
commit | 9b1beaf2b551a8a1604f104025b24e9c535c8963 (patch) | |
tree | b335ca7e4744c6de875c6421a6131539094ae851 /arch/x86/kernel/signal.c | |
parent | 8fa8dd9e3aafb7b440b7d54219891615abc6390e (diff) |
x86, mce: support action-optional machine checks
Newer Intel CPUs support a new class of machine checks called recoverable
action optional.
Action Optional means that the CPU detected some form of corruption in
the background and tells the OS about using a machine check
exception. The OS can then take appropiate action, like killing the
process with the corrupted data or logging the event properly to disk.
This is done by the new generic high level memory failure handler added
in a earlier patch. The high level handler takes the address with the
failed memory and does the appropiate action, like killing the process.
In this version of the patch the high level handler is stubbed out
with a weak function to not create a direct dependency on the hwpoison
branch.
The high level handler cannot be directly called from the machine check
exception though, because it has to run in a defined process context to
be able to sleep when taking VM locks (it is not expected to sleep for a
long time, just do so in some exceptional cases like lock contention)
Thus the MCE handler has to queue a work item for process context,
trigger process context and then call the high level handler from there.
This patch adds two path to process context: through a per thread kernel
exit notify_user() callback or through a high priority work item.
The first runs when the process exits back to user space, the other when
it goes to sleep and there is no higher priority process.
The machine check handler will schedule both, and whoever runs first
will grab the event. This is done because quick reaction to this
event is critical to avoid a potential more fatal machine check
when the corruption is consumed.
There is a simple lock less ring buffer to queue the corrupted
addresses between the exception handler and the process context handler.
Then in process context it just calls the high level VM code with
the corrupted PFNs.
The code adds the required code to extract the failed address from
the CPU's machine check registers. It doesn't try to handle all
possible cases -- the specification has 6 different ways to specify
memory address -- but only the linear address.
Most of the required checking has been already done earlier in the
mce_severity rule checking engine. Following the Intel
recommendations Action Optional errors are only enabled for known
situations (encoded in MCACODs). The errors are ignored otherwise,
because they are action optional.
v2: Improve comment, disable preemption while processing ring buffer
(reported by Ying Huang)
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Hidetoshi Seto <seto.hidetoshi@jp.fujitsu.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'arch/x86/kernel/signal.c')
-rw-r--r-- | arch/x86/kernel/signal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c index d5dc15bce005..4976888094f0 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c | |||
@@ -860,7 +860,7 @@ do_notify_resume(struct pt_regs *regs, void *unused, __u32 thread_info_flags) | |||
860 | #ifdef CONFIG_X86_NEW_MCE | 860 | #ifdef CONFIG_X86_NEW_MCE |
861 | /* notify userspace of pending MCEs */ | 861 | /* notify userspace of pending MCEs */ |
862 | if (thread_info_flags & _TIF_MCE_NOTIFY) | 862 | if (thread_info_flags & _TIF_MCE_NOTIFY) |
863 | mce_notify_irq(); | 863 | mce_notify_process(); |
864 | #endif /* CONFIG_X86_64 && CONFIG_X86_MCE */ | 864 | #endif /* CONFIG_X86_64 && CONFIG_X86_MCE */ |
865 | 865 | ||
866 | /* deal with pending signal delivery */ | 866 | /* deal with pending signal delivery */ |