From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Michael S. Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dan Williams <dan.j.williams@intel.com>,
Hanjun Guo <guohanjun@huawei.com>,
Andy Shevchenko <andy.shevchenko@gmail.com>,
virtualization@lists.linux-foundation.org, linux-mm@kvack.org
Subject: Re: [PATCH v2 0/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem
Date: Mon, 23 Aug 2021 21:14:59 +0200 [thread overview]
Message-ID: <aa136104-153c-1c85-54df-f55b953ff36d@redhat.com> (raw)
In-Reply-To: <20210816142505.28359-1-david@redhat.com>
On 16.08.21 16:25, David Hildenbrand wrote:
> Let's add the basic infrastructure to exclude some physical memory
> regions completely from /dev/mem access, on any architecture and under
> any system configuration (independent of CONFIG_STRICT_DEVMEM and
> independent of "iomem=").
>
> Use it for virtio-mem, to disallow mapping any virtio-mem memory via
> /dev/mem to user space after the virtio-mem driver was loaded: there is
> no sane use case to access the device-managed memory region via /dev/mem
> once the driver is actively (un)plugging memory within that region and
> we want to make sure that nobody will accidentially access unplugged
> memory in a sane environment.
>
> Details can be found in patch #1.
>
> v1 -> v2:
> - "/dev/mem: disallow access to explicitly excluded system RAM regions"
> -- Introduce and use for_each_resource() and next_resource_skip_children()
> -- s/iomem_range_contains_excluded/iomem_range_contains_excluded_devmem/
> - "kernel/resource: cleanup and optimize iomem_is_exclusive()"
> -- Use for_each_resource()
>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>
> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Hanjun Guo <guohanjun@huawei.com>
> Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: linux-mm@kvack.org
>
> David Hildenbrand (3):
> /dev/mem: disallow access to explicitly excluded system RAM regions
> virtio-mem: disallow mapping virtio-mem memory via /dev/mem
> kernel/resource: cleanup and optimize iomem_is_exclusive()
>
> drivers/char/mem.c | 22 ++++++--------
> drivers/virtio/virtio_mem.c | 4 ++-
> include/linux/ioport.h | 1 +
> kernel/resource.c | 60 +++++++++++++++++++++++++++++++++----
> lib/Kconfig.debug | 4 ++-
> 5 files changed, 71 insertions(+), 20 deletions(-)
>
>
> base-commit: 7c60610d476766e128cc4284bb6349732cbd6606
>
More review welcome; I'd suggest this should go via the -mm tree, and
not via the vhost tree.
--
Thanks,
David / dhildenb
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>,
"Michael S. Tsirkin" <mst@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
virtualization@lists.linux-foundation.org, linux-mm@kvack.org,
Andy Shevchenko <andy.shevchenko@gmail.com>,
Hanjun Guo <guohanjun@huawei.com>,
Andrew Morton <akpm@linux-foundation.org>,
Dan Williams <dan.j.williams@intel.com>
Subject: Re: [PATCH v2 0/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem
Date: Mon, 23 Aug 2021 21:14:59 +0200 [thread overview]
Message-ID: <aa136104-153c-1c85-54df-f55b953ff36d@redhat.com> (raw)
In-Reply-To: <20210816142505.28359-1-david@redhat.com>
On 16.08.21 16:25, David Hildenbrand wrote:
> Let's add the basic infrastructure to exclude some physical memory
> regions completely from /dev/mem access, on any architecture and under
> any system configuration (independent of CONFIG_STRICT_DEVMEM and
> independent of "iomem=").
>
> Use it for virtio-mem, to disallow mapping any virtio-mem memory via
> /dev/mem to user space after the virtio-mem driver was loaded: there is
> no sane use case to access the device-managed memory region via /dev/mem
> once the driver is actively (un)plugging memory within that region and
> we want to make sure that nobody will accidentially access unplugged
> memory in a sane environment.
>
> Details can be found in patch #1.
>
> v1 -> v2:
> - "/dev/mem: disallow access to explicitly excluded system RAM regions"
> -- Introduce and use for_each_resource() and next_resource_skip_children()
> -- s/iomem_range_contains_excluded/iomem_range_contains_excluded_devmem/
> - "kernel/resource: cleanup and optimize iomem_is_exclusive()"
> -- Use for_each_resource()
>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>
> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Hanjun Guo <guohanjun@huawei.com>
> Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: linux-mm@kvack.org
>
> David Hildenbrand (3):
> /dev/mem: disallow access to explicitly excluded system RAM regions
> virtio-mem: disallow mapping virtio-mem memory via /dev/mem
> kernel/resource: cleanup and optimize iomem_is_exclusive()
>
> drivers/char/mem.c | 22 ++++++--------
> drivers/virtio/virtio_mem.c | 4 ++-
> include/linux/ioport.h | 1 +
> kernel/resource.c | 60 +++++++++++++++++++++++++++++++++----
> lib/Kconfig.debug | 4 ++-
> 5 files changed, 71 insertions(+), 20 deletions(-)
>
>
> base-commit: 7c60610d476766e128cc4284bb6349732cbd6606
>
More review welcome; I'd suggest this should go via the -mm tree, and
not via the vhost tree.
--
Thanks,
David / dhildenb
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2021-08-23 19:15 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-16 14:25 [PATCH v2 0/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem David Hildenbrand
2021-08-16 14:25 ` David Hildenbrand
2021-08-16 14:25 ` [PATCH v2 1/3] /dev/mem: disallow access to explicitly excluded system RAM regions David Hildenbrand
2021-08-16 14:25 ` David Hildenbrand
2021-08-25 0:58 ` Dan Williams
2021-08-25 0:58 ` Dan Williams
2021-08-25 0:58 ` Dan Williams
2021-08-25 7:23 ` David Hildenbrand
2021-08-25 7:23 ` David Hildenbrand
2021-08-25 17:07 ` Dan Williams
2021-08-25 17:07 ` Dan Williams
2021-08-25 17:07 ` Dan Williams
2021-08-25 17:27 ` David Hildenbrand
2021-08-25 17:27 ` David Hildenbrand
2021-08-16 14:25 ` [PATCH v2 2/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem David Hildenbrand
2021-08-16 14:25 ` David Hildenbrand
2021-08-16 14:25 ` [PATCH v2 3/3] kernel/resource: cleanup and optimize iomem_is_exclusive() David Hildenbrand
2021-08-16 14:25 ` David Hildenbrand
2021-08-23 19:14 ` David Hildenbrand [this message]
2021-08-23 19:14 ` [PATCH v2 0/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aa136104-153c-1c85-54df-f55b953ff36d@redhat.com \
--to=david@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=andy.shevchenko@gmail.com \
--cc=arnd@arndb.de \
--cc=dan.j.williams@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=guohanjun@huawei.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mst@redhat.com \
--cc=rafael.j.wysocki@intel.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.