lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 Jun 2019 12:40:42 +1000
From:   Nicholas Piggin <npiggin@...il.com>
To:     Frederic Weisbecker <frederic@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>
Cc:     linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>
Subject: Re: [PATCH] kernel/isolation: Asset that a housekeeping CPU comes up
 at boot time

Frederic Weisbecker's on June 18, 2019 5:05 am:
> On Mon, Jun 17, 2019 at 05:59:31PM +0200, Peter Zijlstra wrote:
>> On Mon, Jun 10, 2019 at 05:24:32PM +1000, Nicholas Piggin wrote:
>> > Nicholas Piggin's on June 1, 2019 9:39 pm:
>> > > With the change to allow the boot CPU0 to be isolated, it is possible
>> > > to specify command line options that result in no housekeeping CPU
>> > > online at boot.
>> > > 
>> > > An 8 CPU system booted with "nohz_full=0-6 maxcpus=4", for example.
>> > > 
>> > > It is not easily possible at housekeeping init time to know all the
>> > > various SMP options that will result in an invalid configuration, so
>> > > this patch adds a sanity check after SMP init, to ensure that a
>> > > housekeeping CPU has been onlined.
>> > > 
>> > > The panic is undesirable, but it's better than the alternative of an
>> > > obscure non deterministic failure. The panic will reliably happen
>> > > when advanced parameters are used incorrectly.
>> > 
>> > Ping on this one? This should resolve Frederic's remaining objection
>> > to the series (at least until he solves it more generally).
>> > 
>> > As the series has already been merged, should we get this upstream
>> > before release?
>> 
>> I was hoping for feedback from Frederic, lacking that, I've queued it
>> now.
>> 
> 
> Sorry I just came back from vacation. Any chance we can use a WARN() instead?
> I prefer to use panic() only when data is really threatened or such.

I thought it was decided to panic here, because we don't assign a house
keeping CPU so the system is unlikely to behave properly. A warn might
scroll off the screen by the time things grind to a halt.

This is a one-time boot parameter misconfiguration, many cases of which
can cause a panic and boot stop.

No question if we can make this more dynamic that would be better, but
for near term at least can we go with this?

Thanks,
Nick

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ