lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZWbvB/4bKu69zMbd@MiWiFi-R3L-srv>
Date:   Wed, 29 Nov 2023 15:57:59 +0800
From:   Baoquan He <bhe@...hat.com>
To:     Michal Hocko <mhocko@...e.com>
Cc:     Jiri Bohac <jbohac@...e.cz>, Pingfan Liu <piliu@...hat.com>,
        Tao Liu <ltao@...hat.com>, Vivek Goyal <vgoyal@...hat.com>,
        Dave Young <dyoung@...hat.com>, kexec@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/4] kdump: crashkernel reservation from CMA

On 11/28/23 at 10:08am, Michal Hocko wrote:
> On Tue 28-11-23 10:11:31, Baoquan He wrote:
> > On 11/28/23 at 09:12am, Tao Liu wrote:
> [...]
> > Thanks for the effort to bring this up, Jiri.
> > 
> > I am wondering how you will use this crashkernel=,cma parameter. I mean
> > the scenario of crashkernel=,cma. Asking this because I don't know how
> > SUSE deploy kdump in SUSE distros. In SUSE distros, kdump kernel's
> > driver will be filter out? If latter case, It's possibly having the
> > on-flight DMA issue, e.g NIC has DMA buffer in the CMA area, but not
> > reset during kdump bootup because the NIC driver is not loaded in to
> > initialize. Not sure if this is 100%, possible in theory?
> 
> NIC drivers do not allocation from movable zones (that includes CMA
> zone). In fact kernel doesn't use GFP_MOVABLE for non-user requests.
> RDMA drivers might and do transfer from user backed memory but for that
> purpose they should be pinning memory (have a look at
> __gup_longterm_locked and its callers) and that will migrate away from
> the any zone.

OK, in that case, we don't need to worry about the risk of DMA.

>  
> [...]
> > The crashkernel=,cma requires no userspace data dumping, from our
> > support engineers' feedback, customer never express they don't need to
> > dump user space data. Assume a server with huge databse deployed, and
> > the database often collapsed recently and database provider claimed that
> > it's not database's fault, OS need prove their innocence. What will you
> > do?
> 
> Don't use CMA backed crash memory then? This is an optional feature.

Guess so. As I said earlier, this is more like a nice-to-have feature,
can suggest user to try by themselves. Since Jiri didn't give how he
will use it.

>  
> > So this looks like a nice to have to me. At least in fedora/rhel's
> > usage, we may only back port this patch, and add one sentence in our
> > user guide saying "there's a crashkernel=,cma added, can be used with
> > crashkernel= to save memory. Please feel free to try if you like".
> > Unless SUSE or other distros decides to use it as default config or
> > something like that. Please correct me if I missed anything or took
> > anything wrong.
> 
> Jiri will know better than me but for us a proper crash memory
> configuration has become a real nut. You do not want to reserve too much
> because it is effectively cutting of the usable memory and we regularly
> hit into "not enough memory" if we tried to be savvy. The more tight you
> try to configure the easier to fail that is. Even worse any in kernel
> memory consumer can increase its memory demand and get the overall
> consumption off the cliff. So this is not an easy to maintain solution.
> CMA backed crash memory can be much more generous while still usable.

Hmm, Redhat could go in a different way. We have been trying to:
1) customize initrd for kdump kernel specifically, e.g exclude unneeded
devices's driver to save memory;
2) monitor device and kenrel memory usage if they begin to consume much
more memory than before. We have CI testing cases to watch this. We ever
found one NIC even eat up GB level memory, then this need be
investigated and fixed.

With these effort, our default crashkernel values satisfy most of cases,
surely not call cases. Only rare cases need be handled manually,
increasing crashkernel. The crashkernel=,high was added in this case, a
small low memory under 4G for DMA with crashkernel=,low, a big chunk of
high memory above 4G with crashkernel=,high. I can't see where needs are
not met.

Wondering how you will use this crashkernel=,cma syntax. On normal
machines and virt guests, not much meomry is needed, usually 256M or a
little more is enough. On those high end systems with hundreds of Giga
bytes, even Tera bytes of memory, I don't think the saved memory with
crashkernel=,cma make much sense. Taking out 1G memory above 4G as
crashkernel won't impact much. 

So with my understanding, crashkernel=,cma adds an option user can take
besides the existing crashkernel=,high. As I have said earlier, in
Redhat, we may rebase it to fedora/RHEL and add one sentence into our
user guide saying "one another crashkernel=,cma can be use to save
memory, please feel free to try if you like." Then that's it. Guess SUSE
will check user's configuration, e.g the dump level of makedumpfile, if
no user space data needed, crashkernel=,cma is taken, otherwise the normal
crashkernel=xM will be chosen?

Thanks
Baoquan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ