| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Oct 2020 16:11:18 -0700
From: Sudarshan Rajagopalan <sudaraja@...eaurora.org>
To: Anshuman Khandual <anshuman.khandual@....com>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Cc: Suren Baghdasaryan <surenb@...gle.com>, pratikp@...eaurora.org,
Gavin Shan <gshan@...hat.com>,
Mark Rutland <mark.rutland@....com>,
Logan Gunthorpe <logang@...tatee.com>,
David Hildenbrand <david@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Steven Price <steven.price@....com>
Subject: arm64: dropping prevent_bootmem_remove_notifier
Hello Anshuman,
In the patch that enables memory hot-remove (commit bbd6ec605c0f
("arm64/mm: Enable memory hot remove")) for arm64, there’s a notifier
put in place that prevents boot memory from being offlined and removed.
Also commit text mentions that boot memory on arm64 cannot be removed.
We wanted to understand more about the reasoning for this. X86 and other
archs doesn’t seem to do this prevention. There’s also comment in the
code that this notifier could be dropped in future if and when boot
memory can be removed.
The current logic is that only “new” memory blocks which are hot-added
can later be offlined and removed. The memory that system booted up with
cannot be offlined and removed. But there could be many usercases such
as inter-VM memory sharing where a primary VM could offline and
hot-remove a block/section of memory and lend it to secondary VM where
it could hot-add it. And after usecase is done, the reverse happens
where secondary VM hot-removes and gives it back to primary which can
hot-add it back. In such cases, the present logic for arm64 doesn’t
allow this hot-remove in primary to happen.
Also, on systems with movable zone that sort of guarantees pages to be
migrated and isolated so that blocks can be offlined, this logic also
defeats the purpose of having a movable zone which system can rely on
memory hot-plugging, which say virt-io mem also relies on for fully
plugged memory blocks.
I understand that some region of boot RAM shouldn’t be allowed to be
removed, but such regions won’t be allowed to be offlined in first place
since pages cannot be migrated and isolated, example reserved pages.
So we’re trying to understand the reasoning for such a prevention put in
place for arm64 arch alone.
One possible way to solve this is by marking the required sections as
“non-early” by removing the SECTION_IS_EARLY bit in its section_mem_map.
This puts these sections in the context of “memory hotpluggable” which
can be offlined-removed and added-onlined which are part of boot RAM
itself and doesn’t need any extra blocks to be hot added. This way of
marking certain sections as “non-early” could be exported so that module
drivers can set the required number of sections as “memory
hotpluggable”. This could have certain checks put in place to see which
sections are allowed, example only movable zone sections can be marked
as “non-early”.
Your thoughts on this? We are also looking for different ways to solve
the problem without having to completely dropping this notifier, but
just putting out the concern here about the notifier logic that is
breaking our usecase which is a generic memory sharing usecase using
memory hotplug feature.
Sudarshan
--
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a
Linux Foundation Collaborative Project
Powered by blists - more mailing lists