* [PATCH V2 0/2] Do not try to access unaccepted memory
@ 2023-09-11 11:21 Adrian Hunter
2023-09-11 11:21 ` [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore " Adrian Hunter
2023-09-11 11:21 ` [PATCH V2 2/2] proc/kcore: Do not " Adrian Hunter
0 siblings, 2 replies; 8+ messages in thread
From: Adrian Hunter @ 2023-09-11 11:21 UTC (permalink / raw)
To: Kirill A. Shutemov, Borislav Petkov, Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
Hi
Support for unaccepted memory was added recently, refer commit
dcdfdd40fa82 ("mm: Add support for unaccepted memory"), whereby
a virtual machine may need to accept memory before it can be used.
Plug a few gaps where RAM is exposed without checking if it is
unaccepted memory.
Changes in V2:
efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
Change patch subject and commit message
Use vmcore_cb->.pfn_is_ram() instead of changing vmcore.c
proc/kcore: Do not try to access unaccepted memory
Change patch subject and commit message
Do not open code pfn_is_unaccepted_memory()
/dev/mem: Do not map unaccepted memory
Patch dropped because it is not required
Adrian Hunter (2):
efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
proc/kcore: Do not try to access unaccepted memory
drivers/firmware/efi/unaccepted_memory.c | 20 ++++++++++++++++++++
fs/proc/kcore.c | 3 ++-
include/linux/mm.h | 7 +++++++
3 files changed, 29 insertions(+), 1 deletion(-)
Regards
Adrian
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
2023-09-11 11:21 [PATCH V2 0/2] Do not try to access unaccepted memory Adrian Hunter
@ 2023-09-11 11:21 ` Adrian Hunter
2023-09-12 7:18 ` David Hildenbrand
2023-09-12 7:19 ` David Hildenbrand
2023-09-11 11:21 ` [PATCH V2 2/2] proc/kcore: Do not " Adrian Hunter
1 sibling, 2 replies; 8+ messages in thread
From: Adrian Hunter @ 2023-09-11 11:21 UTC (permalink / raw)
To: Kirill A. Shutemov, Borislav Petkov, Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
Support for unaccepted memory was added recently, refer commit dcdfdd40fa82
("mm: Add support for unaccepted memory"), whereby a virtual machine may
need to accept memory before it can be used.
Do not let /proc/vmcore try to access unaccepted memory because it can
cause the guest to fail.
For /proc/vmcore, which is read-only, this means a read or mmap of
unaccepted memory will return zeros.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
drivers/firmware/efi/unaccepted_memory.c | 20 ++++++++++++++++++++
include/linux/mm.h | 7 +++++++
2 files changed, 27 insertions(+)
Changes in V2:
Change patch subject and commit message
Use vmcore_cb->.pfn_is_ram() instead of changing vmcore.c
diff --git a/drivers/firmware/efi/unaccepted_memory.c b/drivers/firmware/efi/unaccepted_memory.c
index 853f7dc3c21d..79ba576b22e3 100644
--- a/drivers/firmware/efi/unaccepted_memory.c
+++ b/drivers/firmware/efi/unaccepted_memory.c
@@ -3,6 +3,7 @@
#include <linux/efi.h>
#include <linux/memblock.h>
#include <linux/spinlock.h>
+#include <linux/crash_dump.h>
#include <asm/unaccepted_memory.h>
/* Protects unaccepted memory bitmap */
@@ -145,3 +146,22 @@ bool range_contains_unaccepted_memory(phys_addr_t start, phys_addr_t end)
return ret;
}
+
+#ifdef CONFIG_PROC_VMCORE
+static bool unaccepted_memory_vmcore_pfn_is_ram(struct vmcore_cb *cb,
+ unsigned long pfn)
+{
+ return !pfn_is_unaccepted_memory(pfn);
+}
+
+static struct vmcore_cb vmcore_cb = {
+ .pfn_is_ram = unaccepted_memory_vmcore_pfn_is_ram,
+};
+
+static int __init unaccepted_memory_init_kdump(void)
+{
+ register_vmcore_cb(&vmcore_cb);
+ return 0;
+}
+core_initcall(unaccepted_memory_init_kdump);
+#endif /* CONFIG_PROC_VMCORE */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index bf5d0b1b16f4..86511150f1d4 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -4062,4 +4062,11 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end)
#endif
+static inline bool pfn_is_unaccepted_memory(unsigned long pfn)
+{
+ phys_addr_t paddr = pfn << PAGE_SHIFT;
+
+ return range_contains_unaccepted_memory(paddr, paddr + PAGE_SIZE);
+}
+
#endif /* _LINUX_MM_H */
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH V2 2/2] proc/kcore: Do not try to access unaccepted memory
2023-09-11 11:21 [PATCH V2 0/2] Do not try to access unaccepted memory Adrian Hunter
2023-09-11 11:21 ` [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore " Adrian Hunter
@ 2023-09-11 11:21 ` Adrian Hunter
2023-09-12 7:13 ` David Hildenbrand
1 sibling, 1 reply; 8+ messages in thread
From: Adrian Hunter @ 2023-09-11 11:21 UTC (permalink / raw)
To: Kirill A. Shutemov, Borislav Petkov, Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
Support for unaccepted memory was added recently, refer commit
dcdfdd40fa82 ("mm: Add support for unaccepted memory"), whereby a virtual
machine may need to accept memory before it can be used.
Do not try to access unaccepted memory because it can cause the guest to
fail.
For /proc/kcore, which is read-only and does not support mmap, this means a
read of unaccepted memory will return zeros.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
---
fs/proc/kcore.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Changes in V2:
Change patch subject and commit message
Do not open code pfn_is_unaccepted_memory()
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 23fc24d16b31..6422e569b080 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -546,7 +546,8 @@ static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter)
* and explicitly excluded physical ranges.
*/
if (!page || PageOffline(page) ||
- is_page_hwpoison(page) || !pfn_is_ram(pfn)) {
+ is_page_hwpoison(page) || !pfn_is_ram(pfn) ||
+ pfn_is_unaccepted_memory(pfn)) {
if (iov_iter_zero(tsz, iter) != tsz) {
ret = -EFAULT;
goto out;
--
2.34.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH V2 2/2] proc/kcore: Do not try to access unaccepted memory
2023-09-11 11:21 ` [PATCH V2 2/2] proc/kcore: Do not " Adrian Hunter
@ 2023-09-12 7:13 ` David Hildenbrand
0 siblings, 0 replies; 8+ messages in thread
From: David Hildenbrand @ 2023-09-12 7:13 UTC (permalink / raw)
To: Adrian Hunter, Kirill A. Shutemov, Borislav Petkov,
Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
On 11.09.23 13:21, Adrian Hunter wrote:
> Support for unaccepted memory was added recently, refer commit
> dcdfdd40fa82 ("mm: Add support for unaccepted memory"), whereby a virtual
> machine may need to accept memory before it can be used.
>
> Do not try to access unaccepted memory because it can cause the guest to
> fail.
>
> For /proc/kcore, which is read-only and does not support mmap, this means a
> read of unaccepted memory will return zeros.
>
> Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
> ---
> fs/proc/kcore.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>
> Changes in V2:
>
> Change patch subject and commit message
> Do not open code pfn_is_unaccepted_memory()
>
>
> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
> index 23fc24d16b31..6422e569b080 100644
> --- a/fs/proc/kcore.c
> +++ b/fs/proc/kcore.c
> @@ -546,7 +546,8 @@ static ssize_t read_kcore_iter(struct kiocb *iocb, struct iov_iter *iter)
> * and explicitly excluded physical ranges.
> */
> if (!page || PageOffline(page) ||
> - is_page_hwpoison(page) || !pfn_is_ram(pfn)) {
> + is_page_hwpoison(page) || !pfn_is_ram(pfn) ||
> + pfn_is_unaccepted_memory(pfn)) {
> if (iov_iter_zero(tsz, iter) != tsz) {
> ret = -EFAULT;
> goto out;
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
2023-09-11 11:21 ` [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore " Adrian Hunter
@ 2023-09-12 7:18 ` David Hildenbrand
2023-09-12 7:19 ` David Hildenbrand
1 sibling, 0 replies; 8+ messages in thread
From: David Hildenbrand @ 2023-09-12 7:18 UTC (permalink / raw)
To: Adrian Hunter, Kirill A. Shutemov, Borislav Petkov,
Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
On 11.09.23 13:21, Adrian Hunter wrote:
> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82
> ("mm: Add support for unaccepted memory"), whereby a virtual machine may
> need to accept memory before it can be used.
>
> Do not let /proc/vmcore try to access unaccepted memory because it can
> cause the guest to fail.
>
> For /proc/vmcore, which is read-only, this means a read or mmap of
> unaccepted memory will return zeros.
>
> Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
> ---
[...]
> +static inline bool pfn_is_unaccepted_memory(unsigned long pfn)
> +{
> + phys_addr_t paddr = pfn << PAGE_SHIFT;
> +
> + return range_contains_unaccepted_memory(paddr, paddr + PAGE_SIZE);
> +}
> +
> #endif /* _LINUX_MM_H */
As stated, if the relevant table is not already properly populated with
information about unaccepted memory by the first kernel, this probably
logically belongs into Kirills series.
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
2023-09-11 11:21 ` [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore " Adrian Hunter
2023-09-12 7:18 ` David Hildenbrand
@ 2023-09-12 7:19 ` David Hildenbrand
2023-09-12 7:47 ` Adrian Hunter
1 sibling, 1 reply; 8+ messages in thread
From: David Hildenbrand @ 2023-09-12 7:19 UTC (permalink / raw)
To: Adrian Hunter, Kirill A. Shutemov, Borislav Petkov,
Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
On 11.09.23 13:21, Adrian Hunter wrote:
> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82
> ("mm: Add support for unaccepted memory"), whereby a virtual machine may
> need to accept memory before it can be used.
>
> Do not let /proc/vmcore try to access unaccepted memory because it can
> cause the guest to fail.
Oh, hold on. What are the actual side effects of this?
Once we're in the kdump kernel, any guest is already dead. So failing a
guest doesn't apply, no?
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
2023-09-12 7:19 ` David Hildenbrand
@ 2023-09-12 7:47 ` Adrian Hunter
2023-09-12 7:50 ` David Hildenbrand
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Hunter @ 2023-09-12 7:47 UTC (permalink / raw)
To: David Hildenbrand, Adrian Hunter, Kirill A. Shutemov,
Borislav Petkov, Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
On 12/09/23 10:19, David Hildenbrand wrote:
> On 11.09.23 13:21, Adrian Hunter wrote:
>> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82
>> ("mm: Add support for unaccepted memory"), whereby a virtual machine may
>> need to accept memory before it can be used.
>>
>> Do not let /proc/vmcore try to access unaccepted memory because it can
>> cause the guest to fail.
>
> Oh, hold on. What are the actual side effects of this?
>
> Once we're in the kdump kernel, any guest is already dead. So failing a guest doesn't apply, no?
>
Unaccepted Memory is used by virtual machines. In this case the guest
has kexec'ed to a dump-capture kernel, so the virtual machine is still
alive and running the dump-capture kernel.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore try to access unaccepted memory
2023-09-12 7:47 ` Adrian Hunter
@ 2023-09-12 7:50 ` David Hildenbrand
0 siblings, 0 replies; 8+ messages in thread
From: David Hildenbrand @ 2023-09-12 7:50 UTC (permalink / raw)
To: Adrian Hunter, Kirill A. Shutemov, Borislav Petkov,
Andrew Morton, Ard Biesheuvel
Cc: Dave Hansen, Vlastimil Babka, Mike Rapoport, Lorenzo Stoakes,
Tom Lendacky, Baoquan He, Vivek Goyal, Dave Young, linux-kernel,
linux-fsdevel, linux-mm, linux-coco, linux-efi, kexec
On 12.09.23 09:47, Adrian Hunter wrote:
> On 12/09/23 10:19, David Hildenbrand wrote:
>> On 11.09.23 13:21, Adrian Hunter wrote:
>>> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82
>>> ("mm: Add support for unaccepted memory"), whereby a virtual machine may
>>> need to accept memory before it can be used.
>>>
>>> Do not let /proc/vmcore try to access unaccepted memory because it can
>>> cause the guest to fail.
>>
>> Oh, hold on. What are the actual side effects of this?
>>
>> Once we're in the kdump kernel, any guest is already dead. So failing a guest doesn't apply, no?
>>
> Unaccepted Memory is used by virtual machines. In this case the guest
> has kexec'ed to a dump-capture kernel, so the virtual machine is still
> alive and running the dump-capture kernel.
Ah, I got lost in TDX host semantics. So what you're saying, if we
(guest) are reading unnaccepted memory we will get zapped. Makes sense.
--
Cheers,
David / dhildenb
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-12 7:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-11 11:21 [PATCH V2 0/2] Do not try to access unaccepted memory Adrian Hunter
2023-09-11 11:21 ` [PATCH V2 1/2] efi/unaccepted: Do not let /proc/vmcore " Adrian Hunter
2023-09-12 7:18 ` David Hildenbrand
2023-09-12 7:19 ` David Hildenbrand
2023-09-12 7:47 ` Adrian Hunter
2023-09-12 7:50 ` David Hildenbrand
2023-09-11 11:21 ` [PATCH V2 2/2] proc/kcore: Do not " Adrian Hunter
2023-09-12 7:13 ` David Hildenbrand
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).