[PATCH 0/2] kvm: disable virtualization on kdump

Eric W. Biederman ebiederm at xmission.com
Mon Oct 27 13:32:43 EDT 2008


Avi Kivity <avi at redhat.com> writes:

> Eduardo Habkost wrote:
>> Can't we just set a flag when we are about to enable vmx, so we run vmxoff
>> only when know it's enabled? There will be a tiny window between setting
>> this flag and and actually running vmxon where things could go wrong,
>> but this doesn't look that bad.
>>
>
> It makes more sense to have a vmxon api in the core; you call it, the kernel
> enables it and sets a flag; then either you or the core can disable it.

Yes.  That sounds like the most maintainable approach.

>> The patches I've sent to the kvm mailing list added a notifier interface
>> specific for kexec_crash, using raw_notifier_*().
>>
>> IMO, if a notifier registration interface was acceptable, the raw
>> notifiers would be good enough for that. But Eric seems to think that
>> adding a notifier registration interface for the crash handler path
>> wouldn't be a good idea, and I am starting to agree with him.
>>
>>
>
> I wouldn't mind notifiers (with a nice comment explaining that you must know
> what you're doing, though that's the case with most kernel APIs).  I'm fine with
> either approach.

This is the 3rd request I have seen for a notifier.  This is the first
request I have seen for code that must be executed in the kexec on
panic path.  So history suggest to me that notifiers make it
unreasonably easy to get code onto the kexec on panic code path.

Occasionally the kexec on panic code path is tested to see how
well it works in strange situations like being called from
a stack overflow etc.

The rest of the history is that previous attempts like lkcd
had very programmer friendly interfaces, that worked fine
in test environments giving beautiful core dumps, but when things
broke in the field they were essentially useless.  The kdump
approach is still not completely reliable but it does work
well enough that people get useful crash dumps sometimes.

I feel anything that makes the kexec on panic code path harder
to verify it will work when things are crazy broken, like
a notifier is something we should avoid.

Eric



More information about the kexec mailing list