| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Jan 2022 17:52:29 +0530
From: Anshuman Khandual <anshuman.khandual@....com>
To: David Hildenbrand <david@...hat.com>,
linux-arm-kernel@...ts.infradead.org
Cc: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
James Morse <james.morse@....com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] arm64/mm/hotplug: Warn when memory limit has been
reduced
On 1/3/22 3:25 PM, David Hildenbrand wrote:
> On 03.01.22 07:21, Anshuman Khandual wrote:
>> If the max memory limit has been reduced with 'mem=' kernel command line
>> option, there might be UEFI memory map described memory beyond that limit
>> which could be hot removed. This might be problematic for subsequent kexec
>> kernel which could just access such removed memory.
>>
>> Memory offline notifier exists because there is no other way to block the
>> removal of boot memory, only the offlining (which isn't actually a problem)
>> But with 'mem=', there is no chance to stop such boot memory being offlined
>> as it where never in use by the kernel. As 'mem=' is a debug only option on
>> arm64 platform, just warn for such a situation and move on.
>>
>
> Hi,
>
> but why warn on the offlining path?
The proposed change is just a one shot warning which is triggered during
the first memory offlining attempt, explaining potential kexec problems
as the kernel is already running on a trimmed boot memory.
>
> IIUC, you'd have a layout like
>
>
> [ boot memory ][ unused memory ]
> ^memory_limit
s/unused memory/unused boot memory/ instead as it is present during boot.
>
> Let's assume "unused memory" corresponds to exactly one DIMM that can
> get hotunplugged. The complete DIMM isn't added to Linux and not online,
> so the offline notifier will never trigger.
Right, it will not trigger the warning. This proposal does not cover such
scenarios, where "unused memory" can just be "hotunplugged" without the
kernel knowing about it. But as the warning is not really dependent on
which exact memory is being offlined, user would still come to know if
there is an offlining attempt for any memory.
We probably might require another patch adding an warning when the boot
memory is trimmed with "mem=" cmdline, irrespective of hotplug support
in the kernel. It would ensure that the user is still warned about any
potential kexec problems, above scenario (i.e "unused memory" getting
"hotunplugged" without kernel knowing about it) might cause.
This patch just adds an warning in case there is an offlining attempt
on a hot-remove enabled kernel.
>
> Via which mechanism would the unplug of that memory happen? On arm64,
> this should only be possible via ACPI, when unplugging a DIMM that was
> available since boot.
>
> But won't acpi_memory_enable_device() try adding that memory while
> ignoring the memory limit? And adding should work, no?
Adding that memory via hotplug into the kernel first ? In that case
removal would still go via the kernel and user would know about it.
>
> Can you share some details on how to trigger this on arm64?
The primary scenario this proposal is targeted towards is when boot
memory is set aside from the host, hot-plugged back into the kernel
and repurposed (via hotplug-hotremove path) for guest kernel usage.
This new warning would reassert that "mem=" cmdline option is debug
only on arm64 platform, and should not be used for production.
Powered by blists - more mailing lists