| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4A8233A5.2020501@redhat.com> Date: Wed, 12 Aug 2009 11:14:45 +0800 From: Amerigo Wang <amwang@...hat.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: linux-kernel@...r.kernel.org, linux-ia64@...r.kernel.org, Neil Horman <nhorman@...hat.com>, Andi Kleen <andi@...stfloor.org>, akpm@...ux-foundation.org, Ingo Molnar <mingo@...e.hu> Subject: Re: [RFC Patch 2/2] kexec: allow to shrink reserved memory Eric W. Biederman wrote: > Amerigo Wang <amwang@...hat.com> writes: > > >> Eric W. Biederman wrote: >> >>> Amerigo Wang <amwang@...hat.com> writes: >>> >>> >>> >>>> Eric W. Biederman wrote: >>>> >>>> >>>>> Amerigo Wang <amwang@...hat.com> writes: >>>>> >>>>> >>>>> >>>>>> This patch implements shrinking the reserved memory for crash kernel, >>>>>> if it is more than enough. >>>>>> >>>>>> For example, if you have already reserved 128M, now you just want 100M, >>>>>> you can do: >>>>>> >>>>>> # echo $((100*1024*1024)) > /sys/kernel/kexec_crash_size >>>>>> >>>>>> >>>>> This patch looks like a reasonable start. >>>>> >>>>> However once a crash kernel image is loaded we have already told that >>>>> image about the memory that is available and what you are doing here >>>>> will go and stop on the memory that is reserved but not yet used, >>>>> totally breaking the DMA protections. AKA we know the memory is safe >>>>> from ongoing DMAs because it has lain fallow since boot up. >>>>> >>>>> The only safe thing to do is to reduce the memory size before (possibly >>>>> just before) we load the crash kernel. Which means we should only >>>>> be allowed to shrink the size when nothing is loaded, exactly the >>>>> opposite of what you have implemented. >>>>> >>>>> >>>>> >>>> Confused, why just loading the crash kernel makes it unsafe? >>>> DMA should be avoided when reserving that memory during boot, shouldn't it? >>>> >>>> >>> Yes. But you are removing the reservation and starting DMA on memory >>> we have told the crash kernel it can use. >>> >>> >> We can modify the info given to the crash kernel. >> > > Only by unloading and reloading. > > >>>> I know I missed the part that freeing memory before loading, but if it is safe >>>> before loading, how can it be unsafe after that? >>>> >>>> >>> We tell the crash kernel when loading it, it can use all of the reserved memory. >>> >>> >> Yeah, but we should reload the kernel after shrinking the memory, it is not >> surprised that doing this is necessary... >> > > So unload the crash kernel first. If you don't you open a race where > many of the guarantees we make for the crash kernel about the state of > the memory it might be using are not true. > > In general I expect we will be able to do this all before we load the > crash kernel the first time. But at least we should not need to reboot > things if there is a problem. > Ok, thanks for your explanation. I will drop patch 1/2, since we will move it to kexec. I will put patch 2/2 into my "crashkernel=auto" patch set, and resend them all. Thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists