From: Mostafa Saleh <smostafa@google.com>
To: linux-mm@kvack.org, iommu@lists.linux.dev,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org
Cc: corbet@lwn.net, joro@8bytes.org, will@kernel.org,
robin.murphy@arm.com, akpm@linux-foundation.org, vbabka@suse.cz,
surenb@google.com, mhocko@suse.com, jackmanb@google.com,
hannes@cmpxchg.org, ziy@nvidia.com, david@redhat.com,
lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com,
rppt@kernel.org, Mostafa Saleh <smostafa@google.com>
Subject: [RFC PATCH 4/4] drivers/iommu-debug: Check state of mapped/unmapped kernel memory
Date: Fri, 3 Oct 2025 17:32:29 +0000 [thread overview]
Message-ID: <20251003173229.1533640-5-smostafa@google.com> (raw)
In-Reply-To: <20251003173229.1533640-1-smostafa@google.com>
Now, as the page_ext holds count of IOMMU mappings, we can use it to
assert that any page allocated/freed is indeed not in the IOMMU.
The sanitizer doesn’t protect against mapping/unmapping during this
period. However, that’s less harmful as the page is not used by the
kernel.
Signed-off-by: Mostafa Saleh <smostafa@google.com>
---
drivers/iommu/iommu-debug.c | 22 ++++++++++++++++++++++
include/linux/iommu-debug.h | 1 +
include/linux/mm.h | 7 +++++++
3 files changed, 30 insertions(+)
diff --git a/drivers/iommu/iommu-debug.c b/drivers/iommu/iommu-debug.c
index cec8f594c7fa..09157fef697e 100644
--- a/drivers/iommu/iommu-debug.c
+++ b/drivers/iommu/iommu-debug.c
@@ -71,6 +71,28 @@ static size_t iommu_debug_page_size(struct iommu_domain *domain)
return 1UL << __ffs(domain->pgsize_bitmap);
}
+static unsigned int iommu_debug_page_count(unsigned long phys)
+{
+ unsigned int ref;
+ struct page_ext *page_ext = get_iommu_page_ext(phys);
+ struct iommu_debug_metadate *d = get_iommu_data(page_ext);
+
+ ref = atomic_read(&d->ref);
+ page_ext_put(page_ext);
+ return ref;
+}
+
+void iommu_debug_check_unmapped(const struct page *page, int numpages)
+{
+ if (!static_branch_likely(&iommu_debug_initialized))
+ return;
+
+ while (numpages--) {
+ WARN_ON(iommu_debug_page_count(page_to_phys(page)));
+ page++;
+ }
+}
+
void iommu_debug_map(struct iommu_domain *domain, phys_addr_t phys, size_t size)
{
size_t off;
diff --git a/include/linux/iommu-debug.h b/include/linux/iommu-debug.h
index 8d3ea661660f..aaf893cfafd0 100644
--- a/include/linux/iommu-debug.h
+++ b/include/linux/iommu-debug.h
@@ -17,6 +17,7 @@ void iommu_debug_map(struct iommu_domain *domain, phys_addr_t phys, size_t size)
void iommu_debug_unmap(struct iommu_domain *domain, unsigned long iova, size_t size);
void iommu_debug_remap(struct iommu_domain *domain, unsigned long iova, size_t size);
void iommu_debug_init(void);
+void iommu_debug_check_unmapped(const struct page *page, int numpages);
#endif /* CONFIG_IOMMU_DEBUG_PAGEALLOC */
diff --git a/include/linux/mm.h b/include/linux/mm.h
index 06978b4dbeb8..00f5de44faa0 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -36,6 +36,7 @@
#include <linux/rcuwait.h>
#include <linux/bitmap.h>
#include <linux/bitops.h>
+#include <linux/iommu-debug.h>
struct mempolicy;
struct anon_vma;
@@ -3806,12 +3807,18 @@ extern void __kernel_map_pages(struct page *page, int numpages, int enable);
#ifdef CONFIG_DEBUG_PAGEALLOC
static inline void debug_pagealloc_map_pages(struct page *page, int numpages)
{
+#ifdef CONFIG_IOMMU_DEBUG_PAGEALLOC
+ iommu_debug_check_unmapped(page, numpages);
+#endif
if (debug_pagealloc_enabled_static())
__kernel_map_pages(page, numpages, 1);
}
static inline void debug_pagealloc_unmap_pages(struct page *page, int numpages)
{
+#ifdef CONFIG_IOMMU_DEBUG_PAGEALLOC
+ iommu_debug_check_unmapped(page, numpages);
+#endif
if (debug_pagealloc_enabled_static())
__kernel_map_pages(page, numpages, 0);
}
--
2.51.0.618.g983fd99d29-goog
next prev parent reply other threads:[~2025-10-03 17:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-03 17:32 [RFC PATCH 0/4] iommu: Add IOMMU_DEBUG_PAGEALLOC sanitizer Mostafa Saleh
2025-10-03 17:32 ` [RFC PATCH 1/4] drivers/iommu: Add page_ext for IOMMU_DEBUG_PAGEALLOC Mostafa Saleh
2025-10-27 11:42 ` Jörg Rödel
2025-10-29 14:21 ` Mostafa Saleh
2025-10-03 17:32 ` [RFC PATCH 2/4] drivers/iommu: Add calls for iommu debug Mostafa Saleh
2025-10-27 11:43 ` Jörg Rödel
2025-10-29 14:22 ` Mostafa Saleh
2025-10-03 17:32 ` [RFC PATCH 3/4] drivers/iommu-debug: Track IOMMU pages Mostafa Saleh
2025-10-27 11:46 ` Jörg Rödel
2025-10-29 14:24 ` Mostafa Saleh
2025-10-03 17:32 ` Mostafa Saleh [this message]
2025-10-18 8:46 ` [RFC PATCH 0/4] iommu: Add IOMMU_DEBUG_PAGEALLOC sanitizer Qinxin Xia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251003173229.1533640-5-smostafa@google.com \
--to=smostafa@google.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=david@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=iommu@lists.linux.dev \
--cc=jackmanb@google.com \
--cc=joro@8bytes.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=mhocko@suse.com \
--cc=robin.murphy@arm.com \
--cc=rppt@kernel.org \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox