lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aV0-ChclC7SCrxcg@gourry-fedora-PF4VCD3F>
Date: Tue, 6 Jan 2026 11:53:30 -0500
From: Gregory Price <gourry@...rry.net>
To: Michal Hocko <mhocko@...e.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org, kernel-team@...a.com,
	david@...hat.com, osalvador@...e.de, gregkh@...uxfoundation.org,
	rafael@...nel.org, dakr@...nel.org, akpm@...ux-foundation.org,
	lorenzo.stoakes@...cle.com, Liam.Howlett@...cle.com, vbabka@...e.cz,
	rppt@...nel.org, surenb@...gle.com, hare@...e.de
Subject: Re: [RFC PATCH] memory,memory_hotplug: allow restricting memory
 blocks to zone movable

On Tue, Jan 06, 2026 at 04:05:48PM +0100, Michal Hocko wrote:
> On Mon 05-01-26 15:36:11, Gregory Price wrote:
> > It was reported (LPC 2025) that userland services which monitor memory
> > blocks can cause hot-unplug to fail permanently.
> >
> > This can occur when drivers attempt to hot-remove memory in two phases
> > (offline, remove), while a userland service detects the memory offline
> > and re-onlines the memory into a zone which may prevent removal.
> 
> Are there more details about this?

The details are with Hannes, I was just recapping what was described in
his devmem talk at LPC ("To online or not online").

> 
> > This patch allows a driver to specify that a given memory block is
> > intended as ZONE_MOVABLE memory only (i.e. the system should try to
> > protect its hot-unpluggability). This is done via an MHP flag and a new
> > "movable_only" bool in `struct memory_block`.
> > 
> > Attempts to online a memory block with movable_only=true with any value
> > other than MMOP_ONLINE_MOVABLE will fail with -EINVAL.
> > 
> > It is hard to catch all possible ways to implement offline/remove
> > process, so a race condition here can clearly still occur if the
> > userland service onlines the memory back into ZONE_MOVABLE, but it at
> > least will not prevent the removal of a block at a later time.
> 
> Irrespective of the userspace note above (which seems like a policy that
> should probably be re-evaluated or allow for a better fine tuning) I can
> see some sense in drivers having a better control of which zones (kernel
> vs. movable) can their managed memory fall into.

Hannes pointed out that this is some default policy on one or more
distributions, which is quite annoying.  Obviously a kernel change to
fight against user-policy is not great, but trying to prevent
hotplug-intended memory from being onlined in hotplug-unfriendly zones
seemed like a pretty straight forward improvement.

> 
> That being said, rather than movable_only, should we have a mask of
> online types supported for the mem block?
> 

I briefly considered this.  I went with this for RFC-v1 since it's
fairly simple and because movable is really the only zone with hotplug
guarantees (any other zone makes no hotplug guarantees).

It's also significantly more complex of a change for questionable value,
but if people see this as the way to go i'll happily pivot to that.

~Gregory

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ