From: Sasha Levin <sashal@kernel.org>
To: David Hildenbrand <david@redhat.com>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org,
"Michael S . Tsirkin" <mst@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Marek Kedzierski <mkedzier@redhat.com>,
Hui Zhu <teawater@gmail.com>,
Sebastien Boeuf <sebastien.boeuf@intel.com>,
Pankaj Gupta <pankaj.gupta.linux@gmail.com>,
Wei Yang <richard.weiyang@linux.alibaba.com>,
virtualization@lists.linux-foundation.org
Subject: Re: [PATCH AUTOSEL 5.15 7/7] virtio-mem: support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE
Date: Sun, 28 Nov 2021 20:12:36 -0500 [thread overview]
Message-ID: <YaQpBKh+fUJM+p/y@sashalap> (raw)
In-Reply-To: <74c1d756-3f7c-7085-0ae9-2c082dce63b2@redhat.com>
On Fri, Nov 26, 2021 at 09:51:23AM +0100, David Hildenbrand wrote:
>On 26.11.21 03:30, Sasha Levin wrote:
>> From: David Hildenbrand <david@redhat.com>
>>
>> [ Upstream commit 61082ad6a6e1f999eef7e7e90046486c87933b1e ]
>>
>> The initial virtio-mem spec states that while unplugged memory should not
>> be read, the device still has to allow for reading unplugged memory inside
>> the usable region. The primary motivation for this default handling was
>> to simplify bringup of virtio-mem, because there were corner cases where
>> Linux might have accidentially read unplugged memory inside added Linux
>> memory blocks.
>>
>> In the meantime, we:
>> 1. Removed /dev/kmem in commit bbcd53c96071 ("drivers/char: remove
>> /dev/kmem for good")
>> 2. Disallowed access to virtio-mem device memory via /dev/mem in
>> commit 2128f4e21aa2 ("virtio-mem: disallow mapping virtio-mem memory via
>> /dev/mem")
>> 3. Sanitized access to virtio-mem device memory via /proc/kcore in
>> commit 0daa322b8ff9 ("fs/proc/kcore: don't read offline sections,
>> logically offline pages and hwpoisoned pages")
>> 4. Sanitized access to virtio-mem device memory via /proc/vmcore in
>> commit ce2814622e84 ("virtio-mem: kdump mode to sanitize /proc/vmcore
>> access")
>>
>> "Accidential" access to unplugged memory is no longer possible; we can
>> support the new VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE feature that will be
>> required by some hypervisors implementing virtio-mem in the near future.
>>
>> Acked-by: Michael S. Tsirkin <mst@redhat.com>
>> Cc: "Michael S. Tsirkin" <mst@redhat.com>
>> Cc: Jason Wang <jasowang@redhat.com>
>> Cc: Marek Kedzierski <mkedzier@redhat.com>
>> Cc: Hui Zhu <teawater@gmail.com>
>> Cc: Sebastien Boeuf <sebastien.boeuf@intel.com>
>> Cc: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
>> Cc: Wei Yang <richard.weiyang@linux.alibaba.com>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>> ---
>> drivers/virtio/virtio_mem.c | 1 +
>> include/uapi/linux/virtio_mem.h | 9 ++++++---
>> 2 files changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/virtio/virtio_mem.c b/drivers/virtio/virtio_mem.c
>> index bef8ad6bf4661..78dfdc9c98a1c 100644
>> --- a/drivers/virtio/virtio_mem.c
>> +++ b/drivers/virtio/virtio_mem.c
>> @@ -2758,6 +2758,7 @@ static unsigned int virtio_mem_features[] = {
>> #if defined(CONFIG_NUMA) && defined(CONFIG_ACPI_NUMA)
>> VIRTIO_MEM_F_ACPI_PXM,
>> #endif
>> + VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE,
>> };
>>
>> static const struct virtio_device_id virtio_mem_id_table[] = {
>> diff --git a/include/uapi/linux/virtio_mem.h b/include/uapi/linux/virtio_mem.h
>> index 70e01c687d5eb..e9122f1d0e0cb 100644
>> --- a/include/uapi/linux/virtio_mem.h
>> +++ b/include/uapi/linux/virtio_mem.h
>> @@ -68,9 +68,10 @@
>> * explicitly triggered (VIRTIO_MEM_REQ_UNPLUG).
>> *
>> * There are no guarantees what will happen if unplugged memory is
>> - * read/written. Such memory should, in general, not be touched. E.g.,
>> - * even writing might succeed, but the values will simply be discarded at
>> - * random points in time.
>> + * read/written. In general, unplugged memory should not be touched, because
>> + * the resulting action is undefined. There is one exception: without
>> + * VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE, unplugged memory inside the usable
>> + * region can be read, to simplify creation of memory dumps.
>> *
>> * It can happen that the device cannot process a request, because it is
>> * busy. The device driver has to retry later.
>> @@ -87,6 +88,8 @@
>>
>> /* node_id is an ACPI PXM and is valid */
>> #define VIRTIO_MEM_F_ACPI_PXM 0
>> +/* unplugged memory must not be accessed */
>> +#define VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE 1
>>
>>
>> /* --- virtio-mem: guest -> host requests --- */
>>
>
>As 2. and 4. are part of v5.16-rc1 but not v5.15-stable
>
>Nacked-by: David Hildenbrand <david@redhat.com>
I'll drop them, thanks!
--
Thanks,
Sasha
prev parent reply other threads:[~2021-11-29 1:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-26 2:30 [PATCH AUTOSEL 5.15 1/7] f2fs: quota: fix potential deadlock Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 2/7] f2fs: set SBI_NEED_FSCK flag when inconsistent node block found Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 3/7] riscv: dts: microchip: fix board compatible Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 4/7] riscv: dts: microchip: drop duplicated MMC/SDHC node Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 5/7] cifs: nosharesock should not share socket with future sessions Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 6/7] ceph: properly handle statfs on multifs setups Sasha Levin
2021-11-26 2:30 ` [PATCH AUTOSEL 5.15 7/7] virtio-mem: support VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE Sasha Levin
2021-11-26 8:51 ` David Hildenbrand
2021-11-29 1:12 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YaQpBKh+fUJM+p/y@sashalap \
--to=sashal@kernel.org \
--cc=david@redhat.com \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkedzier@redhat.com \
--cc=mst@redhat.com \
--cc=pankaj.gupta.linux@gmail.com \
--cc=richard.weiyang@linux.alibaba.com \
--cc=sebastien.boeuf@intel.com \
--cc=stable@vger.kernel.org \
--cc=teawater@gmail.com \
--cc=virtualization@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).