From: Rob Herring <robh@kernel.org>
To: Oreoluwa Babatunde <quic_obabatun@quicinc.com>
Cc: catalin.marinas@arm.com, will@kernel.org, frowand.list@gmail.com,
dinguyen@kernel.org, chenhuacai@kernel.org,
tsbogend@alpha.franken.de, jonas@southpole.se,
stefan.kristiansson@saunalahti.fi, shorne@gmail.com,
mpe@ellerman.id.au, ysato@users.sourceforge.jp, dalias@libc.org,
glaubitz@physik.fu-berlin.de, richard@nod.at,
anton.ivanov@cambridgegreys.com, johannes@sipsolutions.net,
chris@zankel.net, jcmvbkbc@gmail.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-msm@vger.kernel.org, kernel@quicinc.com
Subject: Re: [RFC PATCH v2 0/6] Dynamic allocation of reserved_mem array.
Date: Wed, 6 Dec 2023 15:35:43 -0600 [thread overview]
Message-ID: <20231206213543.GB3345785-robh@kernel.org> (raw)
In-Reply-To: <20231204185409.19615-1-quic_obabatun@quicinc.com>
On Mon, Dec 04, 2023 at 10:54:03AM -0800, Oreoluwa Babatunde wrote:
> The reserved_mem array is used to store the data of the different
> reserved memory regions specified in the DT of a device.
> The array stores information such as the name, node, starting address,
> and size of a reserved memory region.
>
> The array is currently statically allocated with a size of
> MAX_RESERVED_REGIONS(64). This means that any system that specifies a
> number of reserved memory regions greater than MAX_RESERVED_REGIONS(64)
> will not have enough space to store the information for all the regions.
>
> Therefore, this series extends the use of a static array for
> reserved_mem, and introduces a dynamically allocated array using
> memblock_alloc() based on the number of reserved memory regions
> specified in the DT.
>
> Memory gotten from memblock_alloc() is only writable after paging_init()
> is called, but the reserved memory regions need to be reserved before
> then so that the system does not create page table mappings for them.
>
> Reserved memory regions can be divided into 2 groups.
> i) Statically-placed reserved memory regions
> i.e. regions defined in the DT using the @reg property.
> ii) Dynamically-placed reserved memory regions.
> i.e. regions specified in the DT using the @alloc_ranges
> and @size properties.
>
> It is possible to call memblock_reserve() and memblock_mark_nomap() on
> the statically-placed reserved memory regions and not need to save them
> to the array until after paging_init(), but this is not possible for the
> dynamically-placed reserved memory because the starting address of these
> regions need to be stored somewhere after they are allocated.
>
> Therefore, this series achieves the allocation and population of the
> reserved_mem array in two steps:
>
> 1. Before paging_init()
> Before paging_init() is called, iterate through the reserved_mem
> nodes in the DT and do the following:
> - Allocate memory for dynamically-placed reserved memory regions and
> store their starting address in the static allocated reserved_mem
> array.
> - Call memblock_reserve() and memblock_mark_nomap() on all the
> reserved memory regions as needed.
> - Count the total number of reserved_mem nodes in the DT.
>
> 2. After paging_init()
> After paging_init() is called:
> - Allocate new memory for the reserved_mem array based on the number
> of reserved memory nodes in the DT.
> - Transfer all the information that was stored in the static array
> into the new array.
> - Store the rest of the reserved_mem regions in the new array.
> i.e. the statically-placed regions.
>
> The static array is no longer needed after this point, but there is
> currently no obvious way to free the memory. Therefore, the size of the
> initial static array is now defined using a config option.
A config option is not going to work here.
> Because the array is used only before paging_init() to store the
> dynamically-placed reserved memory regions, the required size can vary
> from device to device. Therefore, scaling it can help get some memory
> savings.
>
> A possible solution to freeing the memory for the static array will be
> to mark it as __initdata. This will automatically free the memory once
> the init process is done running.
> The reason why this is not pursued in this series is because of
> the possibility of a use-after-free.
> If the dynamic allocation of the reserved_mem array fails, then future
> accesses of the reserved_mem array will still be referencing the static
> array. When the init process ends and the memory is freed up, any
> further attempts to use the reserved_mem array will result in a
> use-after-free.
If memory allocation for the reserved_mem array fails so early in boot,
you've got much bigger problems. Use __initdata, and just WARN if
allocation fails and continue on (so hopefully the console is brought
up and someone can see the WARN).
Rob
WARNING: multiple messages have this Message-ID (diff)
From: Rob Herring <robh@kernel.org>
To: Oreoluwa Babatunde <quic_obabatun@quicinc.com>
Cc: catalin.marinas@arm.com, will@kernel.org, frowand.list@gmail.com,
dinguyen@kernel.org, chenhuacai@kernel.org,
tsbogend@alpha.franken.de, jonas@southpole.se,
stefan.kristiansson@saunalahti.fi, shorne@gmail.com,
mpe@ellerman.id.au, ysato@users.sourceforge.jp, dalias@libc.org,
glaubitz@physik.fu-berlin.de, richard@nod.at,
anton.ivanov@cambridgegreys.com, johannes@sipsolutions.net,
chris@zankel.net, jcmvbkbc@gmail.com,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, devicetree@vger.kernel.org,
linux-arm-msm@vger.kernel.org, kernel@quicinc.com
Subject: Re: [RFC PATCH v2 0/6] Dynamic allocation of reserved_mem array.
Date: Wed, 6 Dec 2023 15:35:43 -0600 [thread overview]
Message-ID: <20231206213543.GB3345785-robh@kernel.org> (raw)
In-Reply-To: <20231204185409.19615-1-quic_obabatun@quicinc.com>
On Mon, Dec 04, 2023 at 10:54:03AM -0800, Oreoluwa Babatunde wrote:
> The reserved_mem array is used to store the data of the different
> reserved memory regions specified in the DT of a device.
> The array stores information such as the name, node, starting address,
> and size of a reserved memory region.
>
> The array is currently statically allocated with a size of
> MAX_RESERVED_REGIONS(64). This means that any system that specifies a
> number of reserved memory regions greater than MAX_RESERVED_REGIONS(64)
> will not have enough space to store the information for all the regions.
>
> Therefore, this series extends the use of a static array for
> reserved_mem, and introduces a dynamically allocated array using
> memblock_alloc() based on the number of reserved memory regions
> specified in the DT.
>
> Memory gotten from memblock_alloc() is only writable after paging_init()
> is called, but the reserved memory regions need to be reserved before
> then so that the system does not create page table mappings for them.
>
> Reserved memory regions can be divided into 2 groups.
> i) Statically-placed reserved memory regions
> i.e. regions defined in the DT using the @reg property.
> ii) Dynamically-placed reserved memory regions.
> i.e. regions specified in the DT using the @alloc_ranges
> and @size properties.
>
> It is possible to call memblock_reserve() and memblock_mark_nomap() on
> the statically-placed reserved memory regions and not need to save them
> to the array until after paging_init(), but this is not possible for the
> dynamically-placed reserved memory because the starting address of these
> regions need to be stored somewhere after they are allocated.
>
> Therefore, this series achieves the allocation and population of the
> reserved_mem array in two steps:
>
> 1. Before paging_init()
> Before paging_init() is called, iterate through the reserved_mem
> nodes in the DT and do the following:
> - Allocate memory for dynamically-placed reserved memory regions and
> store their starting address in the static allocated reserved_mem
> array.
> - Call memblock_reserve() and memblock_mark_nomap() on all the
> reserved memory regions as needed.
> - Count the total number of reserved_mem nodes in the DT.
>
> 2. After paging_init()
> After paging_init() is called:
> - Allocate new memory for the reserved_mem array based on the number
> of reserved memory nodes in the DT.
> - Transfer all the information that was stored in the static array
> into the new array.
> - Store the rest of the reserved_mem regions in the new array.
> i.e. the statically-placed regions.
>
> The static array is no longer needed after this point, but there is
> currently no obvious way to free the memory. Therefore, the size of the
> initial static array is now defined using a config option.
A config option is not going to work here.
> Because the array is used only before paging_init() to store the
> dynamically-placed reserved memory regions, the required size can vary
> from device to device. Therefore, scaling it can help get some memory
> savings.
>
> A possible solution to freeing the memory for the static array will be
> to mark it as __initdata. This will automatically free the memory once
> the init process is done running.
> The reason why this is not pursued in this series is because of
> the possibility of a use-after-free.
> If the dynamic allocation of the reserved_mem array fails, then future
> accesses of the reserved_mem array will still be referencing the static
> array. When the init process ends and the memory is freed up, any
> further attempts to use the reserved_mem array will result in a
> use-after-free.
If memory allocation for the reserved_mem array fails so early in boot,
you've got much bigger problems. Use __initdata, and just WARN if
allocation fails and continue on (so hopefully the console is brought
up and someone can see the WARN).
Rob
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2023-12-06 21:35 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-04 18:54 [RFC PATCH v2 0/6] Dynamic allocation of reserved_mem array Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 1/6] of: reserved_mem: Change the order that reserved_mem regions are stored Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 2/6] of: reserved_mem: Swicth call to unflatten_device_tree() to after paging_init() Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-06 21:31 ` Rob Herring
2023-12-06 21:31 ` Rob Herring
2023-12-11 0:51 ` Oreoluwa Babatunde
2023-12-11 0:51 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 3/6] of: resevred_mem: Delay allocation of memory for dynamic regions Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 4/6] of: reserved_mem: Add code to use unflattened DT for reserved_mem nodes Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 5/6] of: reserved_mem: Add code to dynamically allocate reserved_mem array Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` [RFC PATCH v2 6/6] of: reserved_mem: Make MAX_RESERVED_REGIONS a config option Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-06 21:35 ` Rob Herring [this message]
2023-12-06 21:35 ` [RFC PATCH v2 0/6] Dynamic allocation of reserved_mem array Rob Herring
2023-12-11 0:42 ` Oreoluwa Babatunde
2023-12-11 0:42 ` Oreoluwa Babatunde
-- strict thread matches above, loose matches on Subject: below --
2023-12-04 4:13 Oreoluwa Babatunde
2023-12-04 4:13 ` Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
2023-12-04 18:54 ` Oreoluwa Babatunde
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231206213543.GB3345785-robh@kernel.org \
--to=robh@kernel.org \
--cc=anton.ivanov@cambridgegreys.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=chris@zankel.net \
--cc=dalias@libc.org \
--cc=devicetree@vger.kernel.org \
--cc=dinguyen@kernel.org \
--cc=frowand.list@gmail.com \
--cc=glaubitz@physik.fu-berlin.de \
--cc=jcmvbkbc@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=jonas@southpole.se \
--cc=kernel@quicinc.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpe@ellerman.id.au \
--cc=quic_obabatun@quicinc.com \
--cc=richard@nod.at \
--cc=shorne@gmail.com \
--cc=stefan.kristiansson@saunalahti.fi \
--cc=tsbogend@alpha.franken.de \
--cc=will@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.