Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8459457ybl; Tue, 24 Dec 2019 23:00:37 -0800 (PST) X-Google-Smtp-Source: APXvYqyAdgEiq0bruHl03wxAiOmmvP3ICkOn3Z5rCR7aGK6ABXNbB1MhNSpJFmzGuQrfccxgbyh3 X-Received: by 2002:a05:6830:1d7a:: with SMTP id l26mr41266081oti.138.1577257237407; Tue, 24 Dec 2019 23:00:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577257237; cv=none; d=google.com; s=arc-20160816; b=M+9sN+y6olz94POfLNI56Eeb4y94NYtR03LmsSUERZ+1JyWPkJi8G3WaehtYUsIzCf tdVwC2hz1CHFRXLfGSdMXS4DvPL7l9xjgeKr5GNmLW3oSjEzj841eIAbg+39XM40TvU9 ac13nZ3qiNugfDD6u3Ni4DExMF5mD9rXcoZ8+eqNIkhyXE46D1fT2bjv6bKiXcoFKHPi /HUKBMzs3Pg+uo9+5bVPz0c6dHs2UxJCyaw6ZB6GjIfjWzBtbS89R1L3QPur5RUdtAcX SlKvrNHtglzZT/GK2xeLn5xv70mZ4+Pwrqz26hLN2vsJCSvVs+JsXyjmvD+VYXMWFKhY WRXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=u//ESy15IGc/BP211+J4VWx/wIc7dqxkikgAFDRdb4w=; b=R29rF9lydLhPqcNJsWw7ur1Uzxbg5NO4dJRfUXAHQ6eoQBEJXdCP8rLor4rCR/wBEx wYWEnsifch8r9EyA3at3n39YOwMfT+6Z/8NywQ8at/SGpN9O6xXV0TWO0iPNRHkVuvbw P7KfgvjgSgyqwl/N/NxSwAd6otkEH6DC78DkyUN79deFAJqTaxAbNxpVgKG/m/Pc6Buw ceWEfyXNqJg859/0rFXUkTdr+UeFCyi4+efxrCkBHhxV5qJ+Me6JjXDvZGJLOPoP04tJ lvchTfLvC/12qLxuDfn3TposBkC+jJYzPiuz3oEdxHzCRgI2ECyXLuJzx9/v3kjvDlb5 eUOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fTz+65Bz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y18si3636647oix.27.2019.12.24.23.00.23; Tue, 24 Dec 2019 23:00:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fTz+65Bz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726025AbfLYG7Z (ORCPT + 99 others); Wed, 25 Dec 2019 01:59:25 -0500 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:35679 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725865AbfLYG7Z (ORCPT ); Wed, 25 Dec 2019 01:59:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1577257163; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=u//ESy15IGc/BP211+J4VWx/wIc7dqxkikgAFDRdb4w=; b=fTz+65BzIQp8ftR4JtABkrrnHZOo/jKM+//cmhSAAtfGctWquXtOm+30vLz4erif+Wc7ah dCnACrt9vE4fgna6f0EU74/eStu8R0smYfTnZfl94gd7llZ166WRF92YTS/fbuGuQWAPmo 09bw6AkmgOb5ugEXln21x7LVxMyeWXI= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-308-LgD31ExNMAezazMTwDceuw-1; Wed, 25 Dec 2019 01:59:22 -0500 X-MC-Unique: LgD31ExNMAezazMTwDceuw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B6604800EBF; Wed, 25 Dec 2019 06:59:20 +0000 (UTC) Received: from localhost (ovpn-12-41.pek2.redhat.com [10.72.12.41]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9F54B691EA; Wed, 25 Dec 2019 06:59:17 +0000 (UTC) Date: Wed, 25 Dec 2019 14:59:14 +0800 From: "'bhe@redhat.com'" To: "d.hatayama@fujitsu.com" Cc: "'dyoung@redhat.com'" , "'vgoyal@redhat.com'" , "'ebiederm@xmission.com'" , "'mingo@kernel.org'" , "'linux-kernel@vger.kernel.org'" , "'kexec@lists.infradead.org'" Subject: Re: [RFD] kdump, kaslr: how to fix the failure of reservation of crashkernel low memory due to physical kaslr Message-ID: <20191225065914.GC3355@MiWiFi-R3L-srv> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi HATAYAMA, On 12/25/19 at 04:26am, d.hatayama@fujitsu.com wrote: > Currently, reservation of crashkernel low memory sometimes fails due > to a sparse memory caused by physical kaslr with the following > message: > > Cannot reserve 256MB crashkernel low memory, please try smaller size. I don't understand, may not get your point. KASLR will randomize the position of kernel image. However, kernel image usually takes up 50M memory. Under low 4G memory, how come it can't reserve 256M crashkernel low memory. Do you have the boot log of the failed case? > > Kdump needs low memory, memory area less than 4GB, e.g. for swiotlb. > Its size is 256MB for low memory by default. OTOH, physical kaslr > loads kernel images in a random physical address for > security. Physical kaslr sometimes choose low memory and sparse > there and as a result, reservation of crash kernel low memory could fail. > > This failure seldom occurs on systems with large memory. For example, > on our system with 128GB, the issue occurs once in hundreds of > reboots. Although it doesn't occur frequently and can be avoided in > practice simply by rebooting the system, it definitely occurs once in > hundreds of reboots. Once the issue occurs, it's difficult for ordinary > users to understand why it failed. I'd like to fix this current behavior. > > I'm now coming up two ideas but don't know what is best. Please > discuss how to fix the issue in better way. > > 1) Add a kernel parameter to make physical kaslr to avoid specified > memory area > > This is the simplest idea I came up with first just like > kaslr_mem_avoid=4GB-0, which is similar syntax to memap=, meaning > that kaslr, please avoid to load kernel image into the region [0, > 4GB). > > It looks to me that this can be implemented easily by taking > advantage of the existing code about mem_avoid mechanism in > arch/x86/boot/compressed/kaslr.c. > > This mechanism doesn't lose security provided by physical kaslr if > system memory is large enough. > > Demerit of this is that users need configuration. Automatic way is > better if possible. > > 2) Add special handling for crashkernel= low in physical kaslr > > The second idea I came up with is to add special handling for > crashkernel= low in physical kaslr, i.e. physical kaslr recognizes > crashkernel= in kernel parameters and keep enough memory for > crashkenrel. > > To guarantee that the memory area kept by the special handling in > physical kaslr is used for crashkernel, it is necessary to mark the > area to indicate to the crashkernel code executed after kernel > runs. To implement this, I imagine introducing a new type of memory > a kind of E820_CRASHKERNEL_LOW. > > My concern on this idea is whether its worth implementing such > special handling in physical kaslr simply because I don't find such > code in physical kaslr now. > > 3) Any other better ideas? Someone ever told that some systems may not have low 4G memory since they own hardware iommu. In real life, I never see such kind of system, and most of them can give 256M crashkernel memory a satisfactory result. Unless you reserve more than 1G under low 4G, it could fail because of kinds of complicated memory reservations there. Thanks Baoquan > > Thanks. > HATAYAMA, Daisuke >