[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20211006122709.27885-1-david@redhat.com>
Date: Wed, 6 Oct 2021 14:27:09 +0200
From: David Hildenbrand <david@...hat.com>
To: linux-kernel@...r.kernel.org
Cc: virtualization@...ts.linux-foundation.org,
David Hildenbrand <david@...hat.com>,
"Michael S. Tsirkin" <mst@...hat.com>,
Jason Wang <jasowang@...hat.com>,
Cornelia Huck <cohuck@...hat.com>,
Marek Kedzierski <mkedzier@...hat.com>,
Hui Zhu <teawater@...il.com>,
Sebastien Boeuf <sebastien.boeuf@...el.com>,
Pankaj Gupta <pankaj.gupta.linux@...il.com>,
Wei Yang <richard.weiyang@...ux.alibaba.com>
Subject: [PATCH v2] virtio-mem: support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE
The initial virtio-mem spec states that while unplugged memory should not
be read, the device still has to allow for reading unplugged memory inside
the usable region. The primary motivation for this default handling was
to simplify bringup of virtio-mem, because there were corner cases where
Linux might have accidentially read unplugged memory inside added Linux
memory blocks.
In the meantime, we:
* Removed /dev/kmem
* Disallowed access to virtio-mem device memory via /dev/mem
* Sanitized access to virtio-mem device memory via /proc/kcore
* Sanitized access to virtio-mem device memory via /proc/vmcore
"Accidential" access to unplugged memory is no longer possible; we can
support the new VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE feature that will be
required by some hypervisors implementing virtio-mem in the near future.
Cc: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Jason Wang <jasowang@...hat.com>
Cc: Cornelia Huck <cohuck@...hat.com>
Cc: Marek Kedzierski <mkedzier@...hat.com>
Cc: Hui Zhu <teawater@...il.com>
Cc: Sebastien Boeuf <sebastien.boeuf@...el.com>
Cc: Pankaj Gupta <pankaj.gupta.linux@...il.com>
Cc: Wei Yang <richard.weiyang@...ux.alibaba.com>
Signed-off-by: David Hildenbrand <david@...hat.com>
---
Michael, I want this patch in v5.16 if the following two series that
are already queued by Andrew via the -MM tree go into v5.16 (which I
I assume but we never know :) ):
* [PATCH v5 0/3] virtio-mem: disallow mapping virtio-mem memory via
/dev/mem
https://lkml.kernel.org/r/20210920142856.17758-1-david@redhat.com
* [PATCH v2 0/9] proc/vmcore: sanitize access to virtio-mem memory
https://lkml.kernel.org/r/20211005121430.30136-1-david@redhat.com
This is the follow-up of:
https://lkml.kernel.org/r/20210215122143.27608-1-david@redhat.com
The spec updated was proposed in:
https://lists.oasis-open.org/archives/virtio-comment/202109/msg00027.html
v1 -> v2:
- Now that we handle /dev/mem and /proc/vmcore cleaner, we can get
simplify and just support the flag unconditionally
---
drivers/virtio/virtio_mem.c | 1 +
include/uapi/linux/virtio_mem.h | 9 ++++++---
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/drivers/virtio/virtio_mem.c b/drivers/virtio/virtio_mem.c
index bef8ad6bf466..78dfdc9c98a1 100644
--- a/drivers/virtio/virtio_mem.c
+++ b/drivers/virtio/virtio_mem.c
@@ -2758,6 +2758,7 @@ static unsigned int virtio_mem_features[] = {
#if defined(CONFIG_NUMA) && defined(CONFIG_ACPI_NUMA)
VIRTIO_MEM_F_ACPI_PXM,
#endif
+ VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE,
};
static const struct virtio_device_id virtio_mem_id_table[] = {
diff --git a/include/uapi/linux/virtio_mem.h b/include/uapi/linux/virtio_mem.h
index 70e01c687d5e..e9122f1d0e0c 100644
--- a/include/uapi/linux/virtio_mem.h
+++ b/include/uapi/linux/virtio_mem.h
@@ -68,9 +68,10 @@
* explicitly triggered (VIRTIO_MEM_REQ_UNPLUG).
*
* There are no guarantees what will happen if unplugged memory is
- * read/written. Such memory should, in general, not be touched. E.g.,
- * even writing might succeed, but the values will simply be discarded at
- * random points in time.
+ * read/written. In general, unplugged memory should not be touched, because
+ * the resulting action is undefined. There is one exception: without
+ * VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE, unplugged memory inside the usable
+ * region can be read, to simplify creation of memory dumps.
*
* It can happen that the device cannot process a request, because it is
* busy. The device driver has to retry later.
@@ -87,6 +88,8 @@
/* node_id is an ACPI PXM and is valid */
#define VIRTIO_MEM_F_ACPI_PXM 0
+/* unplugged memory must not be accessed */
+#define VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE 1
/* --- virtio-mem: guest -> host requests --- */
base-commit: 9e1ff307c779ce1f0f810c7ecce3d95bbae40896
--
2.31.1
Powered by blists - more mailing lists