lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 29 May 2018 07:19:16 -0500
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Petr Tesarik <ptesarik@...e.cz>
Cc:     dzickus@...hat.com, Neil Horman <nhorman@...hat.com>,
        Tony Luck <tony.luck@...el.com>, bhe@...hat.com,
        Michael Ellerman <mpe@...erman.id.au>,
        kexec@...ts.infradead.org, linux-kernel@...r.kernel.org,
        Hari Bathini <hbathini@...ux.vnet.ibm.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Martin Schwidefsky <schwidefsky@...ibm.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dave Young <dyoung@...hat.com>, Ingo Molnar <mingo@...nel.org>,
        Vivek Goyal <vgoyal@...hat.com>
Subject: Re: [PATCH] kdump: add default crashkernel reserve kernel config options

Petr Tesarik <ptesarik@...e.cz> writes:

> On Fri, 25 May 2018 15:00:13 -0500
> ebiederm@...ssion.com (Eric W. Biederman) wrote:
>
>>[...]
>> The ultimate point is that the absolute best we can do is to run a
>> kernel in memory that we never use for anything else and then we have a
>> fighting chance of getting the system working and getting a report of
>> the failure out to somewhere.
>>
>> > Anyway, of course we would still have to keep the current method,
>> > because user pages are not always filtered. For example, a major SUSE
>> > account runs a database in user space and also inspects its data
>> > structures in case of a system crash.  
>> 
>> And I understand the memory pressures that will encourage people to use
>> user pages for extra memory to run the dump capture kernel in.  Short of
>> the presence of an IOMMU that all DMA transfers must go through I don't
>> see how those user pages could reliably be used.
>
> Absolutely. I fully understand that a system which reuses first
> kernel's memory in some way must be less reliable than the current
> state. However, some people are willing to trade less reliability for
> reduced resource consumption.

That is the kind of tradeoff that can easily result in the crash kernel
eating your data.  I will nack any patch that I see that goes anywhere
near that kind of solution for the kernel that takes the crash.

> Note that we're not talking about reserving a few gigs on a single
> machine with some terabytes of memory (i.e. less than 1% of total RAM),
> rather a few hundred megs of each 4-gig VM on an s390x machine (i.e.
> about 10% of total RAM).

You should be able to get away with tens of gigs instead of hundreds.
The biggest reservation I remember anyone ever making is about 100Meg.
And that was a general purpose configuration not tuned at all.  With the
maximum size dealing with large machines.

kexec on panic grew up on machines with 4Gig or less as it arrived
before everyone was 64bit.  It should be possible to tune your crash
dump taking kernel so things run in a reasonable amount of memory for
the configuration you are talking about.  The usual trade-off is time
vs generality.  Usually I simply have not seen people with non-embedded
configurations take the time to tune things.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ