lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <36cdf123-5b2e-0bd5-0bd7-82a801cf2e43@redhat.com>
Date:   Thu, 10 Dec 2020 10:39:15 +0100
From:   David Hildenbrand <david@...hat.com>
To:     Anshuman Khandual <anshuman.khandual@....com>,
        Heiko Carstens <hca@...ux.ibm.com>
Cc:     linux-mm@...ck.org, akpm@...ux-foundation.org,
        catalin.marinas@....com, linux-arm-kernel@...ts.infradead.org,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        Vasily Gorbik <gor@...ux.ibm.com>,
        Will Deacon <will@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Mark Rutland <mark.rutland@....com>
Subject: Re: [PATCH 3/3] s390/mm: Define arch_get_mappable_range()

On 10.12.20 09:58, Anshuman Khandual wrote:
> 
> 
> On 12/10/20 1:32 PM, David Hildenbrand wrote:
>> On 10.12.20 08:40, Anshuman Khandual wrote:
>>>
>>>
>>> On 12/10/20 12:34 PM, David Hildenbrand wrote:
>>>>
>>>>> Am 10.12.2020 um 07:58 schrieb Heiko Carstens <hca@...ux.ibm.com>:
>>>>>
>>>>> On Thu, Dec 10, 2020 at 09:48:11AM +0530, Anshuman Khandual wrote:
>>>>>>>> Alternatively leaving __segment_load() and vmem_add_memory() unchanged
>>>>>>>> will create three range checks i.e two memhp_range_allowed() and the
>>>>>>>> existing VMEM_MAX_PHYS check in vmem_add_mapping() on all the hotplug
>>>>>>>> paths, which is not optimal.
>>>>>>>
>>>>>>> Ah, sorry. I didn't follow this discussion too closely. I just thought
>>>>>>> my point of view would be clear: let's not have two different ways to
>>>>>>> check for the same thing which must be kept in sync.
>>>>>>> Therefore I was wondering why this next version is still doing
>>>>>>> that. Please find a way to solve this.
>>>>>>
>>>>>> The following change is after the current series and should work with
>>>>>> and without memory hotplug enabled. There will be just a single place
>>>>>> i.e vmem_get_max_addr() to update in case the maximum address changes
>>>>>> from VMEM_MAX_PHYS to something else later.
>>>>>
>>>>> Still not. That's way too much code churn for what you want to achieve.
>>>>> If the s390 specific patch would look like below you can add
>>>>>
>>>>> Acked-by: Heiko Carstens <hca@...ux.ibm.com>
>>>>>
>>>>> But please make sure that the arch_get_mappable_range() prototype in
>>>>> linux/memory_hotplug.h is always visible and does not depend on
>>>>> CONFIG_MEMORY_HOTPLUG. I'd like to avoid seeing sparse warnings
>>>>> because of this.
>>>>>
>>>>> Thanks.
>>>>>
>>>>> diff --git a/arch/s390/mm/init.c b/arch/s390/mm/init.c
>>>>> index 77767850d0d0..e0e78234ae57 100644
>>>>> --- a/arch/s390/mm/init.c
>>>>> +++ b/arch/s390/mm/init.c
>>>>> @@ -291,6 +291,7 @@ int arch_add_memory(int nid, u64 start, u64 size,
>>>>>    if (WARN_ON_ONCE(params->pgprot.pgprot != PAGE_KERNEL.pgprot))
>>>>>        return -EINVAL;
>>>>>
>>>>> +    VM_BUG_ON(!memhp_range_allowed(start, size, 1));
>>>>>    rc = vmem_add_mapping(start, size);
>>>>>    if (rc)
>>>>>        return rc;
>>>>> diff --git a/arch/s390/mm/vmem.c b/arch/s390/mm/vmem.c
>>>>> index b239f2ba93b0..ccd55e2f97f9 100644
>>>>> --- a/arch/s390/mm/vmem.c
>>>>> +++ b/arch/s390/mm/vmem.c
>>>>> @@ -4,6 +4,7 @@
>>>>>  *    Author(s): Heiko Carstens <heiko.carstens@...ibm.com>
>>>>>  */
>>>>>
>>>>> +#include <linux/memory_hotplug.h>
>>>>> #include <linux/memblock.h>
>>>>> #include <linux/pfn.h>
>>>>> #include <linux/mm.h>
>>>>> @@ -532,11 +533,23 @@ void vmem_remove_mapping(unsigned long start, unsigned long size)
>>>>>    mutex_unlock(&vmem_mutex);
>>>>> }
>>>>>
>>>>> +struct range arch_get_mappable_range(void)
>>>>> +{
>>>>> +    struct range range;
>>>>> +
>>>>> +    range.start = 0;
>>>>> +    range.end = VMEM_MAX_PHYS;
>>>>> +    return range;
>>>>> +}
>>>>> +
>>>>> int vmem_add_mapping(unsigned long start, unsigned long size)
>>>>> {
>>>>> +    struct range range;
>>>>>    int ret;
>>>>>
>>>>> -    if (start + size > VMEM_MAX_PHYS ||
>>>>> +    range = arch_get_mappable_range();
>>>>> +    if (start < range.start ||
>>>>> +        start + size > range.end ||
>>>>>        start + size < start)
>>>>>        return -ERANGE;
>>>>>
>>>>>
>>>>
>>>> Right, what I had in mind as reply to v1. Not sure if we really need new checks in common code. Having a new memhp_get_pluggable_range() would be sufficient for my use case (virtio-mem).
>>> Didn't quite understand "Not sure if we really need new checks in common code".
>>> Could you please be more specific. New checks as in pagemap_range() ? Because
>>> other places it is either replacing erstwhile check_hotplug_memory_addressable()
>>> or just moving existing checks from platform arch_add_memory() to the beginning
>>> of various hotplug paths.
>>
>> The main concern I have with current code is that it makes it impossible
>> for some driver to detect which ranges it could actually later hotplug.
>> You cannot warn about a strange setup before you actually run into the
>> issues while trying to add memory. Like returning "-EINVAL" from a
>> function but not exposing which values are actually valid.
>>
>> If we have memhp_get_pluggable_range(), we have such a mechanism and
>>
>> 1. Trying to add out-of-range memory will fail (although deep down in
>> arch code, but at least it fails).
>>
>> 2. There is a way for drivers to find out which values are actually
>> valid before triggering 1.
> 
> Right, that is an important use case from a driver perspective as it
> helps validate the range being attempted for hotplug, before failing.
> But then memhp_range_allowed() also uses the same mechanism i.e
> memhp_get_pluggable_range() to unify
> 
> 1. Generic check_hotplug_memory_addressable()
> 2. Platform checks in arch_add_memory()
> 
> This unified function can be called just at the beginning of memory
> hotplug so that both (1) and (2) can be dropped all together. This
> is just a logical extension which does improve the memory hotplug
> implementation (in itself) by failing earlier and while at it, also
> unifying generic and platform specific range constraints. Both the
> use cases are orthogonal IMHO.

As longs as it simplifies the code sure. But at least in the s390x case,
we cannot get rid of the internal checks.

-- 
Thanks,

David / dhildenb

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ