linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Jue Wang <juew@google.com>
To: David Hildenbrand <david@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
	Naoya Horiguchi <naoya.horiguchi@nec.com>,
	 Tony Luck <tony.luck@intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	 Jiaqi Yan <jiaqiyan@google.com>,
	Greg Thelen <gthelen@google.com>,
	 Mina Almasry <almasrymina@google.com>,
	linux-mm@kvack.org,  Sean Christopherson <seanjc@google.com>
Subject: Re: [RFC] Expose a memory poison detector ioctl to user space.
Date: Mon, 2 May 2022 10:36:10 -0700	[thread overview]
Message-ID: <CAPcxDJ4TfxbNgknKznnV3U9XMce=dfh9fN16iaG8nZqM39HA0A@mail.gmail.com> (raw)
In-Reply-To: <2b1d3a10-4a23-3787-dcfa-44f05554688c@redhat.com>

On Mon, May 2, 2022 at 10:33 AM David Hildenbrand <david@redhat.com> wrote:
>
> On 02.05.22 19:30, Jue Wang wrote:
> > On Mon, May 2, 2022 at 10:19 AM David Hildenbrand <david@redhat.com> wrote:
> >>
> >> On 26.04.22 21:39, Dave Hansen wrote:
> >>> On 4/26/22 12:23, Jue Wang wrote:
> >>>> On Tue, Apr 26, 2022 at 11:18 AM Dave Hansen <dave.hansen@intel.com> wrote:
> >>>>> What if you're in a normal (non-TDX) guest and some of the physical
> >>>>> address space has been ballooned away?
> >>>>
> >>>> Accessing to memory that gets ballooned away will cause extra EPT
> >>>> violations and have the memory faulted in on the host side, which is
> >>>> transparent to the guest.
> >>>
> >>> Yeah, but it completely subverts the whole purpose of ballooning.  In
> >>> other words, this is for all intents and purposes also mutually
> >>> exclusive with ballooning.
> >>
> >> Some balloon (or balloon-like) implementations don't support reading
> >> memory that's mapped into the direct map. For example, with never
> >> virtio-mem devices in the hypervisor, reading unplugged memory can
> >> result in undefined behavior (in the worst case, you'll get your VM zapped).
> >>
> >> Reading random physical memory ranges without further checks is a very
> >> bad idea. There are more corner cases, that we e.g., exclude when
> >> reading /proc/kcore.
> >>
> >> Take a look at read_kcore() KCORE_RAM case, where we e.g., exclude
> >> reading PageOffline(), is_page_hwpoison() and !pfn_is_ram(). Unaccepted
> >> memory might be another case we want to exclude there in the future.
> >>
> >>
> >> I assume something as you imagine could be implemented in user space
> >> just by relying on /proc/iomem and /proc/kcore right now in an unsafe
> >> way. So you might want something similar, however, obviously without
> >> exporting page content to user space and requiring root permissions.
> >
> > Thanks.
> >
> > Are the following cases benign if the scan only happens on the host side?
> >
> > . virtio-mem - unplugged memory
> > . Unaccepted memory
>
> No, only in virtualized worlds.
>
> I assume GART memory that implements the pfn_is_ram() callback is around
> on physical machines.

I think host E820 provides an accurate view of which address range is
ram or not?
>
>
> --
> Thanks,
>
> David / dhildenb
>


  reply	other threads:[~2022-05-02 17:36 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-25 16:34 Jue Wang
2022-04-26 15:40 ` Dave Hansen
2022-04-26 17:57   ` Jue Wang
2022-04-26 18:02     ` Jue Wang
2022-04-26 18:21       ` Dave Hansen
2022-04-26 19:25         ` Jue Wang
2022-04-26 19:52           ` Luck, Tony
2022-04-26 20:06             ` Jue Wang
2022-04-26 18:20     ` Dave Hansen
2022-04-26 19:23       ` Jue Wang
2022-04-26 19:39         ` Dave Hansen
2022-04-26 19:50           ` Jue Wang
2022-04-28 16:15           ` Erdem Aktas
2022-04-28 16:34             ` Dave Hansen
2022-04-29 19:46               ` Jue Wang
2022-04-29 21:10                 ` Dave Hansen
2022-04-29 21:32                   ` Jue Wang
2022-04-29 21:44                     ` Jue Wang
2022-04-29 22:29                     ` Dave Hansen
2022-04-29 22:53                       ` Jue Wang
2022-05-02 15:30                 ` Dave Hansen
2022-05-02 17:19           ` David Hildenbrand
2022-05-02 17:30             ` Jue Wang
2022-05-02 17:33               ` David Hildenbrand
2022-05-02 17:36                 ` Jue Wang [this message]
2022-05-02 17:38                   ` David Hildenbrand

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPcxDJ4TfxbNgknKznnV3U9XMce=dfh9fN16iaG8nZqM39HA0A@mail.gmail.com' \
    --to=juew@google.com \
    --cc=almasrymina@google.com \
    --cc=dave.hansen@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=david@redhat.com \
    --cc=gthelen@google.com \
    --cc=jiaqiyan@google.com \
    --cc=linux-mm@kvack.org \
    --cc=naoya.horiguchi@nec.com \
    --cc=seanjc@google.com \
    --cc=tony.luck@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox