lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 14 Sep 2020 21:47:54 +0000
From:   Anchal Agarwal <anchalag@...zon.com>
To:     <boris.ostrovsky@...cle.com>
CC:     <tglx@...utronix.de>, <mingo@...hat.com>, <bp@...en8.de>,
        <hpa@...or.com>, <x86@...nel.org>, <jgross@...e.com>,
        <linux-pm@...r.kernel.org>, <linux-mm@...ck.org>,
        <kamatam@...zon.com>, <sstabellini@...nel.org>,
        <konrad.wilk@...cle.com>, <roger.pau@...rix.com>,
        <axboe@...nel.dk>, <davem@...emloft.net>, <rjw@...ysocki.net>,
        <len.brown@...el.com>, <pavel@....cz>, <peterz@...radead.org>,
        <eduval@...zon.com>, <sblbir@...zon.com>,
        <xen-devel@...ts.xenproject.org>, <vkuznets@...hat.com>,
        <netdev@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <dwmw@...zon.co.uk>, <benh@...nel.crashing.org>
Subject: Re: [PATCH v3 01/11] xen/manage: keep track of the on-going suspend mode

On Sun, Sep 13, 2020 at 11:43:30AM -0400, boris.ostrovsky@...cle.com wrote:
> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.
> 
> 
> 
> On 8/21/20 6:25 PM, Anchal Agarwal wrote:
> > From: Munehisa Kamata <kamatam@...zon.com>
> >
> > Guest hibernation is different from xen suspend/resume/live migration.
> > Xen save/restore does not use pm_ops as is needed by guest hibernation.
> > Hibernation in guest follows ACPI path and is guest inititated , the
> > hibernation image is saved within guest as compared to later modes
> > which are xen toolstack assisted and image creation/storage is in
> > control of hypervisor/host machine.
> > To differentiate between Xen suspend and PM hibernation, keep track
> > of the on-going suspend mode by mainly using a new API to keep track of
> > SHUTDOWN_SUSPEND state.
> > Introduce a simple function that keeps track of on-going suspend mode
> > so that PM hibernation code can behave differently according to the
> > current suspend mode.
> > Since Xen suspend doesn't have corresponding PM event, its main logic
> > is modfied to acquire pm_mutex.
> 
> 
> lock_system_sleep() is not taking this mutex.
>
Yes, I just realized that the commit 55f2503c ("PM / reboot: Eliminate race
between reboot and suspend") changed its name to system_transition_mutex.
I think I missed that change somehow and assumed its still pm_mutex.
Will fix the description.
> 
> >
> > Though, accquirng pm_mutex is still right thing to do, we may
> > see deadlock if PM hibernation is interrupted by Xen suspend.
> > PM hibernation depends on xenwatch thread to process xenbus state
> > transactions, but the thread will sleep to wait pm_mutex which is
> > already held by PM hibernation context in the scenario. Xen shutdown
> > code may need some changes to avoid the issue.
> 
> 
> 
> Is it Xen's shutdown or suspend code that needs to address this? (Or I
> may not understand what the problem is that you are describing)
> 
Its Xen suspend code I think. If we do not take the system_transition_mutex
in do_suspend then if hibernation is triggered in parallel to xen suspend there
could be issues. Now this is still theoretical in my case and I havent been able
to reproduce such a race. So the approach the original author took was to take
this lock which to me seems right.
And its Xen suspend and not Xen Shutdown. So basically if this scenario
happens I am of the view one of other will fail to occur then how do we recover
or avoid this at all.

Does that answer your question?
> 
> >
> > +
> > +static int xen_pm_notifier(struct notifier_block *notifier,
> > +     unsigned long pm_event, void *unused)
> > +{
> > +     int ret;
> > +
> > +     switch (pm_event) {
> > +     case PM_SUSPEND_PREPARE:
> > +     case PM_HIBERNATION_PREPARE:
> > +     /* Guest hibernation is not supported for aarch64 currently*/
> > +     if (IS_ENABLED(CONFIG_ARM64)) {
> > +             ret = NOTIFY_BAD;
> > +             break;
> > +     }
> 
> Indentation.
> 
> > +     case PM_RESTORE_PREPARE:
> > +     case PM_POST_SUSPEND:
> > +     case PM_POST_HIBERNATION:
> > +     case PM_POST_RESTORE:
> > +     default:
> > +             ret = NOTIFY_OK;
> > +     }
> > +     return ret;
> > +};
> 
> 
> This whole routine now is
> 
>         if (IS_ENABLED(CONFIG_ARM64))
>                 return NOTIFY_BAD;
> 
>         return NOTIFY_OK;
> 
> isn't it?
> 
Yes.
> 
> > +
> > +static struct notifier_block xen_pm_notifier_block = {
> > +     .notifier_call = xen_pm_notifier
> > +};
> > +
> > +static int xen_setup_pm_notifier(void)
> > +{
> > +     if (!xen_hvm_domain() || xen_initial_domain())
> > +             return -ENODEV;
> 
> 
> I don't think this works anymore.
What do you mean?
The first check is for xen domain types and other is for architecture support. 
The reason I put this check here is because I wanted to segregate the two.
I do not want to register this notifier at all for !hmv guest and also if its
an initial control domain.
The arm check only lands in notifier because once hibernate() api is called ->
calls pm_notifier_call_chain for PM_HIBERNATION_PREPARE this will fail for
aarch64. 
Once we have support for aarch64 this notifier can go away altogether. 

Is there any other reason I may be missing why we should move this check to
notifier?
> 
> In the past your notifier would set suspend_mode (or something) but now
> it really doesn't do anything except reports an error in some (ARM) cases.
> 
> So I think you should move this check into the notifier.

> 
> (And BTW I still think PM_SUSPEND_PREPARE should return an error too.
> The fact that we are using "suspend" in xen routine names is irrelevant)
> 
I may have send "not-updated" version of the notifier's function change.

+    switch (pm_event) {
+       case PM_HIBERNATION_PREPARE:
+        /* Guest hibernation is not supported for aarch64 currently*/
+        if (IS_ENABLED(CONFIG_ARM64)) {
+             ret = NOTIFY_BAD;                                                                                                                                                                                                                                                    
+             break;                                                                                                                                                                                                                                                               
+     }               
+       case PM_RESTORE_PREPARE:
+       case PM_POST_RESTORE:
+       case PM_POST_HIBERNATION:
+       default:
+           ret = NOTIFY_OK;
+    }

With the above path PM_SUSPEND_PREPARE will go all together. Does that
resolves this issue? I wanted to get rid of all SUSPEND_* as they are not needed
here clearly.
The only reason I kept it there is if someone tries to trigger hibernation on
ARM instances they should get an error. As I am not sure about the current
behavior. There may be a better way to not invoke hibernation on ARM DomU's and
get rid of this block all together.

Again, sorry for sending in the half baked fix. My workspace switch may have
caused the error.
>
> 
> 
> -boris
> 
Anchal
> 
> 
> > +     return register_pm_notifier(&xen_pm_notifier_block);
> > +}
> > +

Powered by blists - more mailing lists