On Mon, Jul 19, 2021 at 05:26:20PM -0700, Andy Lutomirski wrote: > At the risk of asking a potentially silly question, would it be > reasonable to treat non-validated memory as not-present for kernel > purposes and hot-add it in a thread as it gets validated? Or would this > result in poor system behavior before enough memory is validated? > Perhaps we should block instead of failing allocations if we want more > memory than is currently validated? That is basically the idea of pre-validating the first X GB of memory (X==4 has been proposed) and validate the rest at runtime. I see two problems with this: 1) Pre-validating large amounts of memory takes a lot of time (in the range of a few seconds). This is not suitable for all workloads like, e.g., containers which want to boot in a few hundred milliseconds. 2) It limits the physical address range for KASLR placement, factually reducing the randomness of where the kernel is placed in physical memory. With the proposal I sent here only enough memory for the boot-loader and the kernel image is pre-validated, and when the decompressor takes over it can place the kernel anywhere, even in yet unvalidated/unaccepted memory. Regards, Joerg
