Message ID | 20230911112114.91323-2-adrian.hunter@intel.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Do not try to access unaccepted memory | expand |
On 11.09.23 13:21, Adrian Hunter wrote: > Support for unaccepted memory was added recently, refer commit dcdfdd40fa82 > ("mm: Add support for unaccepted memory"), whereby a virtual machine may > need to accept memory before it can be used. > > Do not let /proc/vmcore try to access unaccepted memory because it can > cause the guest to fail. > > For /proc/vmcore, which is read-only, this means a read or mmap of > unaccepted memory will return zeros. > > Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> > --- [...] > +static inline bool pfn_is_unaccepted_memory(unsigned long pfn) > +{ > + phys_addr_t paddr = pfn << PAGE_SHIFT; > + > + return range_contains_unaccepted_memory(paddr, paddr + PAGE_SIZE); > +} > + > #endif /* _LINUX_MM_H */ As stated, if the relevant table is not already properly populated with information about unaccepted memory by the first kernel, this probably logically belongs into Kirills series. Reviewed-by: David Hildenbrand <david@redhat.com>
On 11.09.23 13:21, Adrian Hunter wrote: > Support for unaccepted memory was added recently, refer commit dcdfdd40fa82 > ("mm: Add support for unaccepted memory"), whereby a virtual machine may > need to accept memory before it can be used. > > Do not let /proc/vmcore try to access unaccepted memory because it can > cause the guest to fail. Oh, hold on. What are the actual side effects of this? Once we're in the kdump kernel, any guest is already dead. So failing a guest doesn't apply, no?
On 12/09/23 10:19, David Hildenbrand wrote: > On 11.09.23 13:21, Adrian Hunter wrote: >> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82 >> ("mm: Add support for unaccepted memory"), whereby a virtual machine may >> need to accept memory before it can be used. >> >> Do not let /proc/vmcore try to access unaccepted memory because it can >> cause the guest to fail. > > Oh, hold on. What are the actual side effects of this? > > Once we're in the kdump kernel, any guest is already dead. So failing a guest doesn't apply, no? > Unaccepted Memory is used by virtual machines. In this case the guest has kexec'ed to a dump-capture kernel, so the virtual machine is still alive and running the dump-capture kernel.
On 12.09.23 09:47, Adrian Hunter wrote: > On 12/09/23 10:19, David Hildenbrand wrote: >> On 11.09.23 13:21, Adrian Hunter wrote: >>> Support for unaccepted memory was added recently, refer commit dcdfdd40fa82 >>> ("mm: Add support for unaccepted memory"), whereby a virtual machine may >>> need to accept memory before it can be used. >>> >>> Do not let /proc/vmcore try to access unaccepted memory because it can >>> cause the guest to fail. >> >> Oh, hold on. What are the actual side effects of this? >> >> Once we're in the kdump kernel, any guest is already dead. So failing a guest doesn't apply, no? >> > Unaccepted Memory is used by virtual machines. In this case the guest > has kexec'ed to a dump-capture kernel, so the virtual machine is still > alive and running the dump-capture kernel. Ah, I got lost in TDX host semantics. So what you're saying, if we (guest) are reading unnaccepted memory we will get zapped. Makes sense.
diff --git a/drivers/firmware/efi/unaccepted_memory.c b/drivers/firmware/efi/unaccepted_memory.c index 853f7dc3c21d..79ba576b22e3 100644 --- a/drivers/firmware/efi/unaccepted_memory.c +++ b/drivers/firmware/efi/unaccepted_memory.c @@ -3,6 +3,7 @@ #include <linux/efi.h> #include <linux/memblock.h> #include <linux/spinlock.h> +#include <linux/crash_dump.h> #include <asm/unaccepted_memory.h> /* Protects unaccepted memory bitmap */ @@ -145,3 +146,22 @@ bool range_contains_unaccepted_memory(phys_addr_t start, phys_addr_t end) return ret; } + +#ifdef CONFIG_PROC_VMCORE +static bool unaccepted_memory_vmcore_pfn_is_ram(struct vmcore_cb *cb, + unsigned long pfn) +{ + return !pfn_is_unaccepted_memory(pfn); +} + +static struct vmcore_cb vmcore_cb = { + .pfn_is_ram = unaccepted_memory_vmcore_pfn_is_ram, +}; + +static int __init unaccepted_memory_init_kdump(void) +{ + register_vmcore_cb(&vmcore_cb); + return 0; +} +core_initcall(unaccepted_memory_init_kdump); +#endif /* CONFIG_PROC_VMCORE */ diff --git a/include/linux/mm.h b/include/linux/mm.h index bf5d0b1b16f4..86511150f1d4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4062,4 +4062,11 @@ static inline void accept_memory(phys_addr_t start, phys_addr_t end) #endif +static inline bool pfn_is_unaccepted_memory(unsigned long pfn) +{ + phys_addr_t paddr = pfn << PAGE_SHIFT; + + return range_contains_unaccepted_memory(paddr, paddr + PAGE_SIZE); +} + #endif /* _LINUX_MM_H */
Support for unaccepted memory was added recently, refer commit dcdfdd40fa82 ("mm: Add support for unaccepted memory"), whereby a virtual machine may need to accept memory before it can be used. Do not let /proc/vmcore try to access unaccepted memory because it can cause the guest to fail. For /proc/vmcore, which is read-only, this means a read or mmap of unaccepted memory will return zeros. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> --- drivers/firmware/efi/unaccepted_memory.c | 20 ++++++++++++++++++++ include/linux/mm.h | 7 +++++++ 2 files changed, 27 insertions(+) Changes in V2: Change patch subject and commit message Use vmcore_cb->.pfn_is_ram() instead of changing vmcore.c