[PATCH] arm64/mm/hotplug: Warn when memory limit has been reduced
From: Anshuman Khandual
Date: Tue Sep 14 2021 - 02:50:20 EST
If the max memory limit has been reduced with 'mem=' kernel command line
option, there might be UEFI memory map described memory beyond that limit
which could be hot removed. This might be problematic for subsequent kexec
kernel which could just access such removed memory.
Memory offline notifier exists because there is no other way to block the
removal of boot memory, only the offlining (which isn't actually a problem)
But with 'mem=', there is no chance to stop such boot memory being offlined
as it where never in use by the kernel. As 'mem=' is a debug only option on
arm64 platform, just warn for such a situation and move on.
Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: Will Deacon <will@xxxxxxxxxx>
Cc: James Morse <james.morse@xxxxxxx>
Cc: linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Signed-off-by: Anshuman Khandual <anshuman.khandual@xxxxxxx>
---
This applies on v5.15-rc1
arch/arm64/include/asm/memory.h | 1 +
arch/arm64/mm/init.c | 9 +++++++--
arch/arm64/mm/mmu.c | 12 ++++++++++++
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index f1745a843414..361d4e01a864 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -353,6 +353,7 @@ static inline void *phys_to_virt(phys_addr_t x)
})
void dump_mem_limit(void);
+bool has_mem_limit_reduced(void);
#endif /* !ASSEMBLY */
/*
diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
index 37a81754d9b6..cf21edfc8b0f 100644
--- a/arch/arm64/mm/init.c
+++ b/arch/arm64/mm/init.c
@@ -211,6 +211,11 @@ EXPORT_SYMBOL(pfn_is_map_memory);
static phys_addr_t memory_limit = PHYS_ADDR_MAX;
+bool has_mem_limit_reduced(void)
+{
+ return memory_limit != PHYS_ADDR_MAX;
+}
+
/*
* Limit the memory size that was specified via FDT.
*/
@@ -285,7 +290,7 @@ void __init arm64_memblock_init(void)
* high up in memory, add back the kernel region that must be accessible
* via the linear mapping.
*/
- if (memory_limit != PHYS_ADDR_MAX) {
+ if (has_mem_limit_reduced()) {
memblock_mem_limit_remove_map(memory_limit);
memblock_add(__pa_symbol(_text), (u64)(_end - _text));
}
@@ -461,7 +466,7 @@ void free_initmem(void)
void dump_mem_limit(void)
{
- if (memory_limit != PHYS_ADDR_MAX) {
+ if (has_mem_limit_reduced()) {
pr_emerg("Memory Limit: %llu MB\n", memory_limit >> 20);
} else {
pr_emerg("Memory Limit: none\n");
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index cfd9deb347c3..7ac39ee876c3 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -1627,6 +1627,18 @@ static int __init prevent_bootmem_remove_init(void)
if (!IS_ENABLED(CONFIG_MEMORY_HOTREMOVE))
return ret;
+ if (has_mem_limit_reduced()) {
+ /*
+ * Physical memory limit has been reduced via the 'mem=' kernel
+ * command line option. Memory beyond reduced limit could now be
+ * removed and reassigned (guest ?) transparently to the kernel.
+ * This might cause subsequent kexec kernel to crash or at least
+ * corrupt the memory when accessing UEFI memory map enumerated
+ * boot memory which might have been repurposed.
+ */
+ pr_warn("Memory limit reduced, kexec might be problematic\n");
+ }
+
validate_bootmem_online();
ret = register_memory_notifier(&prevent_bootmem_remove_nb);
if (ret)
--
2.20.1