From: Catalin Marinas <catalin.marinas@arm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arm64/mm/hotplug: Warn when memory limit has been reduced
Date: Thu, 16 Sep 2021 15:34:25 +0100 [thread overview]
Message-ID: <YUNV8fOxfSSFKZBK@arm.com> (raw)
In-Reply-To: <1631602270-29215-1-git-send-email-anshuman.khandual@arm.com>
On Tue, Sep 14, 2021 at 12:21:10PM +0530, Anshuman Khandual wrote:
> If the max memory limit has been reduced with 'mem=' kernel command line
> option, there might be UEFI memory map described memory beyond that limit
> which could be hot removed. This might be problematic for subsequent kexec
> kernel which could just access such removed memory.
>
> Memory offline notifier exists because there is no other way to block the
> removal of boot memory, only the offlining (which isn't actually a problem)
> But with 'mem=', there is no chance to stop such boot memory being offlined
> as it where never in use by the kernel. As 'mem=' is a debug only option on
> arm64 platform, just warn for such a situation and move on.
Just to make sure I understand, is the memory beyond the mem= limit
considered online by the core code and it can be subsequently offlined?
Looking at walk_system_ram_range(), it doesn't seem to care about the
removed memblock ranges. Would such memory beyond the mem= limit need to
have been onlined first?
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index cfd9deb347c3..7ac39ee876c3 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -1627,6 +1627,18 @@ static int __init prevent_bootmem_remove_init(void)
> if (!IS_ENABLED(CONFIG_MEMORY_HOTREMOVE))
> return ret;
>
> + if (has_mem_limit_reduced()) {
> + /*
> + * Physical memory limit has been reduced via the 'mem=' kernel
> + * command line option. Memory beyond reduced limit could now be
> + * removed and reassigned (guest ?) transparently to the kernel.
> + * This might cause subsequent kexec kernel to crash or at least
> + * corrupt the memory when accessing UEFI memory map enumerated
> + * boot memory which might have been repurposed.
> + */
> + pr_warn("Memory limit reduced, kexec might be problematic\n");
> + }
I'd actually move the warning to hotplug notifier callback rather than
the init function. I'd also make it pr_warn_once().
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Anshuman Khandual <anshuman.khandual@arm.com>
Cc: linux-arm-kernel@lists.infradead.org,
Will Deacon <will@kernel.org>, James Morse <james.morse@arm.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] arm64/mm/hotplug: Warn when memory limit has been reduced
Date: Thu, 16 Sep 2021 15:34:25 +0100 [thread overview]
Message-ID: <YUNV8fOxfSSFKZBK@arm.com> (raw)
In-Reply-To: <1631602270-29215-1-git-send-email-anshuman.khandual@arm.com>
On Tue, Sep 14, 2021 at 12:21:10PM +0530, Anshuman Khandual wrote:
> If the max memory limit has been reduced with 'mem=' kernel command line
> option, there might be UEFI memory map described memory beyond that limit
> which could be hot removed. This might be problematic for subsequent kexec
> kernel which could just access such removed memory.
>
> Memory offline notifier exists because there is no other way to block the
> removal of boot memory, only the offlining (which isn't actually a problem)
> But with 'mem=', there is no chance to stop such boot memory being offlined
> as it where never in use by the kernel. As 'mem=' is a debug only option on
> arm64 platform, just warn for such a situation and move on.
Just to make sure I understand, is the memory beyond the mem= limit
considered online by the core code and it can be subsequently offlined?
Looking at walk_system_ram_range(), it doesn't seem to care about the
removed memblock ranges. Would such memory beyond the mem= limit need to
have been onlined first?
> diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
> index cfd9deb347c3..7ac39ee876c3 100644
> --- a/arch/arm64/mm/mmu.c
> +++ b/arch/arm64/mm/mmu.c
> @@ -1627,6 +1627,18 @@ static int __init prevent_bootmem_remove_init(void)
> if (!IS_ENABLED(CONFIG_MEMORY_HOTREMOVE))
> return ret;
>
> + if (has_mem_limit_reduced()) {
> + /*
> + * Physical memory limit has been reduced via the 'mem=' kernel
> + * command line option. Memory beyond reduced limit could now be
> + * removed and reassigned (guest ?) transparently to the kernel.
> + * This might cause subsequent kexec kernel to crash or at least
> + * corrupt the memory when accessing UEFI memory map enumerated
> + * boot memory which might have been repurposed.
> + */
> + pr_warn("Memory limit reduced, kexec might be problematic\n");
> + }
I'd actually move the warning to hotplug notifier callback rather than
the init function. I'd also make it pr_warn_once().
--
Catalin
next prev parent reply other threads:[~2021-09-16 14:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-14 6:51 [PATCH] arm64/mm/hotplug: Warn when memory limit has been reduced Anshuman Khandual
2021-09-14 6:51 ` Anshuman Khandual
2021-09-16 14:34 ` Catalin Marinas [this message]
2021-09-16 14:34 ` Catalin Marinas
2021-09-17 7:11 ` Anshuman Khandual
2021-09-17 7:11 ` Anshuman Khandual
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YUNV8fOxfSSFKZBK@arm.com \
--to=catalin.marinas@arm.com \
--cc=anshuman.khandual@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.