On 26.11.21 03:30, Sasha Levin wrote: > From: David Hildenbrand <david@xxxxxxxxxx> > > [ Upstream commit 61082ad6a6e1f999eef7e7e90046486c87933b1e ] > > The initial virtio-mem spec states that while unplugged memory should not > be read, the device still has to allow for reading unplugged memory inside > the usable region. The primary motivation for this default handling was > to simplify bringup of virtio-mem, because there were corner cases where > Linux might have accidentially read unplugged memory inside added Linux > memory blocks. > > In the meantime, we: > 1. Removed /dev/kmem in commit bbcd53c96071 ("drivers/char: remove > /dev/kmem for good") > 2. Disallowed access to virtio-mem device memory via /dev/mem in > commit 2128f4e21aa2 ("virtio-mem: disallow mapping virtio-mem memory via > /dev/mem") > 3. Sanitized access to virtio-mem device memory via /proc/kcore in > commit 0daa322b8ff9 ("fs/proc/kcore: don't read offline sections, > logically offline pages and hwpoisoned pages") > 4. Sanitized access to virtio-mem device memory via /proc/vmcore in > commit ce2814622e84 ("virtio-mem: kdump mode to sanitize /proc/vmcore > access") > > "Accidential" access to unplugged memory is no longer possible; we can > support the new VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE feature that will be > required by some hypervisors implementing virtio-mem in the near future. > > Acked-by: Michael S. Tsirkin <mst@xxxxxxxxxx> > Cc: "Michael S. Tsirkin" <mst@xxxxxxxxxx> > Cc: Jason Wang <jasowang@xxxxxxxxxx> > Cc: Marek Kedzierski <mkedzier@xxxxxxxxxx> > Cc: Hui Zhu <teawater@xxxxxxxxx> > Cc: Sebastien Boeuf <sebastien.boeuf@xxxxxxxxx> > Cc: Pankaj Gupta <pankaj.gupta.linux@xxxxxxxxx> > Cc: Wei Yang <richard.weiyang@xxxxxxxxxxxxxxxxx> > Signed-off-by: David Hildenbrand <david@xxxxxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > --- > drivers/virtio/virtio_mem.c | 1 + > include/uapi/linux/virtio_mem.h | 9 ++++++--- > 2 files changed, 7 insertions(+), 3 deletions(-) > > diff --git a/drivers/virtio/virtio_mem.c b/drivers/virtio/virtio_mem.c > index bef8ad6bf4661..78dfdc9c98a1c 100644 > --- a/drivers/virtio/virtio_mem.c > +++ b/drivers/virtio/virtio_mem.c > @@ -2758,6 +2758,7 @@ static unsigned int virtio_mem_features[] = { > #if defined(CONFIG_NUMA) && defined(CONFIG_ACPI_NUMA) > VIRTIO_MEM_F_ACPI_PXM, > #endif > + VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE, > }; > > static const struct virtio_device_id virtio_mem_id_table[] = { > diff --git a/include/uapi/linux/virtio_mem.h b/include/uapi/linux/virtio_mem.h > index 70e01c687d5eb..e9122f1d0e0cb 100644 > --- a/include/uapi/linux/virtio_mem.h > +++ b/include/uapi/linux/virtio_mem.h > @@ -68,9 +68,10 @@ > * explicitly triggered (VIRTIO_MEM_REQ_UNPLUG). > * > * There are no guarantees what will happen if unplugged memory is > - * read/written. Such memory should, in general, not be touched. E.g., > - * even writing might succeed, but the values will simply be discarded at > - * random points in time. > + * read/written. In general, unplugged memory should not be touched, because > + * the resulting action is undefined. There is one exception: without > + * VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE, unplugged memory inside the usable > + * region can be read, to simplify creation of memory dumps. > * > * It can happen that the device cannot process a request, because it is > * busy. The device driver has to retry later. > @@ -87,6 +88,8 @@ > > /* node_id is an ACPI PXM and is valid */ > #define VIRTIO_MEM_F_ACPI_PXM 0 > +/* unplugged memory must not be accessed */ > +#define VIRTIO_MEM_F_UNPLUGGED_INACCESSIBLE 1 > > > /* --- virtio-mem: guest -> host requests --- */ > As 2. and 4. are part of v5.16-rc1 but not v5.15-stable Nacked-by: David Hildenbrand <david@xxxxxxxxxx> -- Thanks, David / dhildenb _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization