mbox series

[v2,0/3] virtio-mem: disallow mapping virtio-mem memory via /dev/mem

Message ID 20210816142505.28359-1-david@redhat.com (mailing list archive)
Headers show
Series virtio-mem: disallow mapping virtio-mem memory via /dev/mem | expand

Message

David Hildenbrand Aug. 16, 2021, 2:25 p.m. UTC 
Let's add the basic infrastructure to exclude some physical memory
regions completely from /dev/mem access, on any architecture and under
any system configuration (independent of CONFIG_STRICT_DEVMEM and
independent of "iomem=").

Use it for virtio-mem, to disallow mapping any virtio-mem memory via
/dev/mem to user space after the virtio-mem driver was loaded: there is
no sane use case to access the device-managed memory region via /dev/mem
once the driver is actively (un)plugging memory within that region and
we want to make sure that nobody will accidentially access unplugged
memory in a sane environment.

Details can be found in patch #1.

v1 -> v2:
- "/dev/mem: disallow access to explicitly excluded system RAM regions"
-- Introduce and use for_each_resource() and next_resource_skip_children()
-- s/iomem_range_contains_excluded/iomem_range_contains_excluded_devmem/
- "kernel/resource: cleanup and optimize iomem_is_exclusive()"
-- Use for_each_resource()

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
Cc: virtualization@lists.linux-foundation.org
Cc: linux-mm@kvack.org

David Hildenbrand (3):
  /dev/mem: disallow access to explicitly excluded system RAM regions
  virtio-mem: disallow mapping virtio-mem memory via /dev/mem
  kernel/resource: cleanup and optimize iomem_is_exclusive()

 drivers/char/mem.c          | 22 ++++++--------
 drivers/virtio/virtio_mem.c |  4 ++-
 include/linux/ioport.h      |  1 +
 kernel/resource.c           | 60 +++++++++++++++++++++++++++++++++----
 lib/Kconfig.debug           |  4 ++-
 5 files changed, 71 insertions(+), 20 deletions(-)


base-commit: 7c60610d476766e128cc4284bb6349732cbd6606

Comments

David Hildenbrand Aug. 23, 2021, 7:14 p.m. UTC | #1 
On 16.08.21 16:25, David Hildenbrand wrote:
> Let's add the basic infrastructure to exclude some physical memory
> regions completely from /dev/mem access, on any architecture and under
> any system configuration (independent of CONFIG_STRICT_DEVMEM and
> independent of "iomem=").
> 
> Use it for virtio-mem, to disallow mapping any virtio-mem memory via
> /dev/mem to user space after the virtio-mem driver was loaded: there is
> no sane use case to access the device-managed memory region via /dev/mem
> once the driver is actively (un)plugging memory within that region and
> we want to make sure that nobody will accidentially access unplugged
> memory in a sane environment.
> 
> Details can be found in patch #1.
> 
> v1 -> v2:
> - "/dev/mem: disallow access to explicitly excluded system RAM regions"
> -- Introduce and use for_each_resource() and next_resource_skip_children()
> -- s/iomem_range_contains_excluded/iomem_range_contains_excluded_devmem/
> - "kernel/resource: cleanup and optimize iomem_is_exclusive()"
> -- Use for_each_resource()
> 
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "Michael S. Tsirkin" <mst@redhat.com>
> Cc: Jason Wang <jasowang@redhat.com>
> Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Dan Williams <dan.j.williams@intel.com>
> Cc: Hanjun Guo <guohanjun@huawei.com>
> Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
> Cc: virtualization@lists.linux-foundation.org
> Cc: linux-mm@kvack.org
> 
> David Hildenbrand (3):
>    /dev/mem: disallow access to explicitly excluded system RAM regions
>    virtio-mem: disallow mapping virtio-mem memory via /dev/mem
>    kernel/resource: cleanup and optimize iomem_is_exclusive()
> 
>   drivers/char/mem.c          | 22 ++++++--------
>   drivers/virtio/virtio_mem.c |  4 ++-
>   include/linux/ioport.h      |  1 +
>   kernel/resource.c           | 60 +++++++++++++++++++++++++++++++++----
>   lib/Kconfig.debug           |  4 ++-
>   5 files changed, 71 insertions(+), 20 deletions(-)
> 
> 
> base-commit: 7c60610d476766e128cc4284bb6349732cbd6606
> 

More review welcome; I'd suggest this should go via the -mm tree, and 
not via the vhost tree.