| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54cf3e98-49d3-81f5-58e6-ca62671ab457@intel.com>
Date: Wed, 3 Aug 2022 07:20:52 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Kai Huang <kai.huang@...el.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: seanjc@...gle.com, pbonzini@...hat.com, len.brown@...el.com,
tony.luck@...el.com, rafael.j.wysocki@...el.com,
reinette.chatre@...el.com, dan.j.williams@...el.com,
peterz@...radead.org, ak@...ux.intel.com,
kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com,
isaku.yamahata@...el.com
Subject: Re: [PATCH v5 07/22] x86/virt/tdx: Implement SEAMCALL function
On 8/2/22 19:37, Kai Huang wrote:
> On Thu, 2022-07-21 at 13:52 +1200, Kai Huang wrote:
>> Also, if I understand correctly above, your suggestion is we want to prevent any
>> CMR memory going offline so it won't be hot-removed (assuming we can get CMRs
>> during boot). This looks contradicts to the requirement of being able to allow
>> moving memory from core-mm to driver. When we offline the memory, we cannot
>> know whether the memory will be used by driver, or later hot-removed.
> Hi Dave,
>
> The high level flow of device hot-removal is:
>
> acpi_scan_hot_remove()
> -> acpi_scan_try_to_offline()
> -> acpi_bus_offline()
> -> device_offline()
> -> memory_subsys_offline()
> -> acpi_bus_trim()
> -> acpi_memory_device_remove()
>
>
> And memory_subsys_offline() can also be triggered via /sysfs:
>
> echo 0 > /sys/devices/system/memory/memory30/online
>
> After the memory block is offline, my understanding is kernel can theoretically
> move it to, i.e. ZONE_DEVICE via memremap_pages().
>
> As you can see memory_subsys_offline() is the entry point of memory device
> offline (before it the code is generic for all ACPI device), and it cannot
> distinguish whether the removal is from ACPI event, or from /sysfs, so it seems
> we are unable to refuse to offline memory in memory_subsys_offline() when it is
> called from ACPI event.
>
> Any comments?
I suggest refactoring the code in a way that makes it possible to
distinguish the two cases.
It's not like you have some binary kernel. You have the source code for
the whole thing and can propose changes *ANYWHERE* you need. Even better:
$ grep -A2 ^ACPI\$ MAINTAINERS
ACPI
M: "Rafael J. Wysocki" <rafael@...nel.org>
R: Len Brown <lenb@...nel.org>
The maintainer of ACPI works for our employer. Plus, he's a nice
helpful guy that you can go ask how you might refactor this or
approaches you might take. Have you talked to Rafael about this issue?
Also, from a two-minute grepping session, I noticed this:
> static acpi_status acpi_bus_offline(acpi_handle handle, u32 lvl, void *data,
> void **ret_p)
> {
...
> if (device->handler && !device->handler->hotplug.enabled) {
> *ret_p = &device->dev;
> return AE_SUPPORT;
> }
It looks to me like if you simply set:
memory_device_handler->hotplug.enabled = false;
you'll get most of the behavior you want. ACPI memory hotplug would not
work and the changes would be confined to the ACPI world. The
"lower-level" bus-based hotplug would be unaffected.
Now, I don't know what kind of locking would be needed to muck with a
global structure like that. But, it's a start.
Powered by blists - more mailing lists