Re: [Tails-dev] from sdmem to memtest, and testing procedure…

Delete this message

Reply to this message
Author: Maxim Kammerer
Date:  
To: intrigeri
CC: The Tails public development discussion list
Subject: Re: [Tails-dev] from sdmem to memtest, and testing procedures
Hi,

> Ok. Do you confirm one may test this on Liberté 2011.2 as follows?
>
>  1. write a known string numerous times in RAM
>  2. enter the bottom-left menu
>  3. select "Logout"
>  4. select "Reboot"
>  5. as soon as I see qemu trying to netboot, I may assume the
>     kexec+memtest thing is supposed to be done
>  6. pmemsave + grep -c


That's correct, although I did this a bit more precisely at the time,
by adding a sleep() at the end of KEXEC kernel's initramfs, and
performing pmemsave at that point. Also, a Unionfs file approach is
better, in my opinion, since you can be sure that patterned memory
won't be overwritten by the kernel during shutdown/reboot, and you
know exactly how many times the pattern occurs in the file
(repetitions of, e.g., 123456789abcdef+newline work great for counting
later). But no need to check — you will find the patterns (see below).

> I did not even try. Since our goal was to fix the known existing flaws
> in the Tails memory wiping process (flaws that are in the 3-4GiB area,
> as you know), I only run my tests against systems with at least 4GiB.


Well, I didn't, and that was my mistake. I assumed that when kernel
developers claim to do a memory test, they do a *memory* test, not a
test of whatever-RAM-we-can-easily-access-atm — so I only checked that
memtest correctly wipes RAM. Turns out that only LOWMEM is tested,
which is <= 896 MiB (see http://linux-mm.org/HighMemory). In the tests
with 1536 MiB I have just performed with QEMU, the KEXEC kernel
reported 891MB LOWMEM / 643MB HIGHMEM, and memtest wiped 889.62 MiB,
which is consistent with your findings. Adding highmem=0 to the kernel
options doesn't help, since LOWMEM size stays the same.

So yes, memtest right now is not suitable for RAM sizes >= 1GiB.
However, I really don't want to go back to a userspace solution.
Although I did implement a nice fork-based one (see
src/usr/local/src/memwipe.c prior to commit 99a4e27), it is
problematic, since exhausting absolutely all memory causes all kinds
of problems, as I mentioned previously. In addition, with the
inevitable switch to amd64 at some point, any effort to deal with
32-bit architectures' problems is wasted in the long term.

I will file a kernel bug report, and see if the kernel developers can
be convinced to map HIGHMEM with kmap() (as is apparently necessary)
for memtest.

Best regards,
Maxim

--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)