Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp963145rdb; Fri, 1 Dec 2023 03:34:21 -0800 (PST) X-Google-Smtp-Source: AGHT+IHbueurRdu++TKXvZ8lcdv2Tbt5+ygOMGjfxDQDqh4hCM0anOkepl20d3AZFUeiJPrK5NCg X-Received: by 2002:a05:6a00:2791:b0:6cb:bc92:c73f with SMTP id bd17-20020a056a00279100b006cbbc92c73fmr29149352pfb.2.1701430461193; Fri, 01 Dec 2023 03:34:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701430461; cv=none; d=google.com; s=arc-20160816; b=uZOKH7/y3Ht2riyJ5KNcduVYtjX7dNLyzBd+S3DaM8jUkC9JufFePqVgqv7JSjF5ke cH1gjQtTgMHItXnbJrjQP+IEh2BDIUUUfElv5BDgri889TLJNAzdKc90HKnP7fCChFMx rXyGmICU1od9k42gz76Nx4n2boEg7iJHEtqxP+HhUweZ0Mmh3ukDBSlA4I62SmuWO9do UnzEk9wM4fNHhrrsSodqWktzivpVL9FCmRx/UJNbWjjao1SnAZGJ6qJOx3kRA8jxA/LV qusHZlLTqQC76D/YfY52cf/PS6ReYTQ+oTwwNjy0Z+mdVZ2mBmv8WGmcQAjWEn8aXM7U PZJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date:dkim-signature; bh=nYm7DltZI4+AHPUZ5dfoYGeOZ9qcY4lfHZBKyjjZBuk=; fh=/aQOHH2O+oCPLeuAQsp53VgCLy6gSRjkYbOYQARfxqo=; b=CGuDplIoNV8tPpGcVIH2tXKtM3U/rasrJu9lp1oYpuSnPMUg428xqurqQmr1Fqw+aX Mqr5E+pErY1xr060Gv/cmg0WR4RC06MGLP2rsH3TrsbVgDxazTpFpnKn+M4cdBdef0A/ D+GIGoApgNBcqIraeUNuQBOlI802NcYzq43vMBUJVugMdyW1Af3Y9LDH3I3aIZdQX5XA 7MOZsCBfuSI6jgXecZR+bqq/MJuVV8M7/GN1f4EcdhGyY4a49NpuAZolN8bQC9Fh6EmP D5KgRGgwPqpP5C6EnlDTwteap7JgNoDURs/qQ0tT7/iEj90UnpZl0HYYhMGqNeAdOFl6 zIOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SRX5i8wQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id l6-20020a056a00140600b006cb63513372si2828118pfu.12.2023.12.01.03.34.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 03:34:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=SRX5i8wQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id C942D808A374; Fri, 1 Dec 2023 03:34:15 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1378547AbjLALd5 (ORCPT + 99 others); Fri, 1 Dec 2023 06:33:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47116 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1378541AbjLALd4 (ORCPT ); Fri, 1 Dec 2023 06:33:56 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C30E0FF for ; Fri, 1 Dec 2023 03:34:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1701430442; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nYm7DltZI4+AHPUZ5dfoYGeOZ9qcY4lfHZBKyjjZBuk=; b=SRX5i8wQOZdKo4jzIi+geUungBoxar+Og8BkhHlK2Q/0IeI9Xdy5GQzWTX42tik6dsDQrj h/5A6NAE/kCucB/gqF+Lgmti9O5IVlBDLX4cIZQ7qxv1TRQYR7YB9LB47D8Cvt9G6ADpQe lHj6A7kBIoKtVOER/l0BF0PO5pafBFk= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-524-FiU4OtBFP0mrsBgN-gL4uw-1; Fri, 01 Dec 2023 06:33:58 -0500 X-MC-Unique: FiU4OtBFP0mrsBgN-gL4uw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 72547101A529; Fri, 1 Dec 2023 11:33:58 +0000 (UTC) Received: from rotkaeppchen (unknown [10.39.194.211]) by smtp.corp.redhat.com (Postfix) with ESMTP id 111391121307; Fri, 1 Dec 2023 11:33:56 +0000 (UTC) Date: Fri, 1 Dec 2023 12:33:53 +0100 From: Philipp Rudo To: Michal Hocko Cc: Baoquan He , Donald Dutile , Jiri Bohac , Pingfan Liu , Tao Liu , Vivek Goyal , Dave Young , kexec@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 0/4] kdump: crashkernel reservation from CMA Message-ID: <20231201123353.2b3db7fa@rotkaeppchen> In-Reply-To: References: <91a31ce5-63d1-7470-18f7-92b039fda8e6@redhat.com> Organization: Red Hat inc. MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.3 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Fri, 01 Dec 2023 03:34:16 -0800 (PST) Hi Michal, On Thu, 30 Nov 2023 14:41:12 +0100 Michal Hocko wrote: > On Thu 30-11-23 20:31:44, Baoquan He wrote: > [...] > > > > which doesn't use the proper pinning API (which would migrate away from > > > > the CMA) then what is the worst case? We will get crash kernel corrupted > > > > potentially and fail to take a proper kernel crash, right? Is this > > > > worrisome? Yes. Is it a real roadblock? I do not think so. The problem > > > > We may fail to take a proper kernel crash, why isn't it a roadblock? > > It would be if the threat was practical. So far I only see very > theoretical what-if concerns. And I do not mean to downplay those at > all. As already explained proper CMA users shouldn't ever leak out any > writes across kernel reboot. You are right, "proper" CMA users don't do that. But "proper" drivers also provide a working shutdown() method. Experience shows that there are enough shitty drivers out there without working shutdown(). So I think it is naive to assume you are only dealing with "proper" CMA users. For me the question is, what is less painful? Hunting down shitty (potentially out of tree) drivers that cause a memory corruption? Or ... > > We > > have stable way with a little more memory, why would we take risk to > > take another way, just for saving memory? Usually only high end server > > needs the big memory for crashkernel and the big end server usually have > > huge system ram. The big memory will be a very small percentage relative > > to huge system RAM. > > Jiri will likely talk more specific about that but our experience tells > that proper crashkernel memory scaling has turned out a real > maintainability problem because existing setups tend to break with major > kernel version upgrades or non trivial changes. ... frequently test if the crashkernel memory is still appropriate? The big advantage of the latter I see is that an OOM situation has very easy to detect and debug. A memory corruption isn't. Especially when it was triggered by an other kernel. And yes, those are all what-if concerns but unfortunately that is all we have right now. Only alternative would be to run extended tests in the field. Which means this user facing change needs to be included. Which also means that we are stuck with it as once a user facing change is in it's extremely hard to get rid of it again... Thanks Philipp > > > > seems theoretical to me and it is not CMA usage at fault here IMHO. It > > > > is the said theoretical driver that needs fixing anyway. > > > > Now, what we want to make clear is if it's a theoretical possibility, or > > very likely happen. We have met several on-flight DMA stomping into > > kexec kernel's initrd in the past two years because device driver didn't > > provide shutdown() methor properly. For kdump, once it happen, the pain > > is we don't know how to debug. For kexec reboot, customer allows to > > login their system to reproduce and figure out the stomping. For kdump, > > the system corruption rarely happend, and the stomping could rarely > > happen too. > > yes, this is understood. > > > The code change looks simple and the benefit is very attractive. I > > surely like it if finally people confirm there's no risk. As I said, we > > can't afford to take the risk if it possibly happen. But I don't object > > if other people would rather take risk, we can let it land in kernel. > > I think it is fair to be cautious and I wouldn't impose the new method > as a default. Only time can tell how safe this really is. It is hard to > protect agains theoretical issues though. Bugs should be fixed. > I believe this option would allow to configure kdump much easier and > less fragile. > > > My personal opinion, thanks for sharing your thought. > > Thanks for sharing. >