lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Jan 2020 09:42:21 +0100
From:   David Hildenbrand <david@...hat.com>
To:     Anshuman Khandual <anshuman.khandual@....com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        akpm@...ux-foundation.org, catalin.marinas@....com, will@...nel.org
Cc:     mark.rutland@....com, cai@....pw, logang@...tatee.com,
        cpandya@...eaurora.org, arunks@...eaurora.org,
        dan.j.williams@...el.com, mgorman@...hsingularity.net,
        osalvador@...e.de, ard.biesheuvel@....com, steve.capper@....com,
        broonie@...nel.org, valentin.schneider@....com,
        Robin.Murphy@....com, steven.price@....com, suzuki.poulose@....com,
        ira.weiny@...el.com
Subject: Re: [PATCH V11 1/5] mm/hotplug: Introduce arch callback validating
 the hot remove range

On 10.01.20 04:09, Anshuman Khandual wrote:
> Currently there are two interfaces to initiate memory range hot removal i.e
> remove_memory() and __remove_memory() which then calls try_remove_memory().
> Platform gets called with arch_remove_memory() to tear down required kernel
> page tables and other arch specific procedures. But there are platforms
> like arm64 which might want to prevent removal of certain specific memory
> ranges irrespective of their present usage or movability properties.

Why? Is this only relevant for boot memory? I hope so, otherwise the
arch code needs fixing IMHO.

If it's only boot memory, we should disallow offlining instead via a
memory notifier - much cleaner.

> 
> Current arch call back arch_remove_memory() is too late in the process to
> abort memory hot removal as memory block devices and firmware memory map
> entries would have already been removed. Platforms should be able to abort
> the process before taking the mem_hotplug_lock with mem_hotplug_begin().
> This essentially requires a new arch callback for memory range validation.

I somewhat dislike this very much. Memory removal should never fail if
used sanely. See e.g., __remove_memory(), it will BUG() whenever
something like that would strike.

> 
> This differentiates memory range validation between memory hot add and hot
> remove paths before carving out a new helper check_hotremove_memory_range()
> which incorporates a new arch callback. This call back provides platforms
> an opportunity to refuse memory removal at the very onset. In future the
> same principle can be extended for memory hot add path if required.
> 
> Platforms can choose to override this callback in order to reject specific
> memory ranges from removal or can just fallback to a default implementation
> which allows removal of all memory ranges.

I suspect we want really want to disallow offlining instead. E.g., I
remember s390x does that with certain areas needed for dumping/kexec.

Somebody who added memory via add_memory() should always be able to
remove the memory via remove_memory() again. Only boot memory can be
treated in a special way, but boot memory is initially always online.

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ