Jane Chu wrote:
> On 2/27/2024 12:28 PM, Dave Jiang wrote:
>
> >
> > On 2/27/24 1:24 PM, Jane Chu wrote:
> >> On 2/27/2024 8:40 AM, Dave Jiang wrote:
> >>
> >>> On 2/26/24 10:32 PM, Cao, Quanquan/曹 全全 wrote:
> >>>> Hi, Dave
> >>>>
> >>>> On the basis of this patch, I conducted some tests and encountered
> >>>> unexpected errors. I would like to inquire whether the design here is
> >>>> reasonable? Below are the steps of my testing:
> >>>>
> >>>> Link:
> >>>> https://lore.kernel.org/linux-cxl/170138109724.2882696.123294980050048623.stgit@djiang5-mobl3/
> >>>>
> >>>>
> >>>> Problem description: after creating a region, directly forcing
> >>>> 'disable-memdev' and then consuming memory leads to a kernel panic.
> >>> If you are forcing memory disable when the memory cannot be
> >>> offlined, then this behavior is expected. You are ripping the
> >>> memory away from underneath kernel mm. The reason the check was
> >>> added is to prevent the users from doing exactly that.
> >> Since user is doing the illegal thing, shouldn't that lead to
> >> SIGBUS or SIGKILL ?
> > The behavior is unpredictable once the CXL memory is ripped away. If
> > the memory only backed user memory then you may see SIGBUS. But if
> > the memory backed kernel data then kernel OOPs is not out of
> > question.
>
> Make sense, thanks for the clarification.
I will just add consider the case of a technician physically removing a
card without shutting down the kernel's usage of it. That event is
indistinguishable from "cxl disable-memdev --force" at the driver level
since the driver just gets the same ->remove() callback with no
opportunity to return an error.
So this is a case of trusting the system administrator to know best, and
is why --force is documented as:
-f, --force
DANGEROUS: Override the safety measure that blocks attempts
to disable a device if the tool determines the memdev is in active
usage. Recall that CXL memory ranges might have been established by
platform firmware and disabling an active device is akin to force
removing memory from a running system.
