From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 54257C433EF
	for <linux-mm@archiver.kernel.org>; Mon,  2 May 2022 17:30:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 61CE76B0071; Mon,  2 May 2022 13:30:32 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5CDA66B0073; Mon,  2 May 2022 13:30:32 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 46E396B0074; Mon,  2 May 2022 13:30:32 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.28])
	by kanga.kvack.org (Postfix) with ESMTP id 37CB66B0071
	for <linux-mm@kvack.org>; Mon,  2 May 2022 13:30:32 -0400 (EDT)
Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 12D5A24476
	for <linux-mm@kvack.org>; Mon,  2 May 2022 17:30:32 +0000 (UTC)
X-FDA: 79421492304.05.B368312
Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173])
	by imf12.hostedemail.com (Postfix) with ESMTP id 5671440061
	for <linux-mm@kvack.org>; Mon,  2 May 2022 17:30:17 +0000 (UTC)
Received: by mail-yb1-f173.google.com with SMTP id m128so27212746ybm.5
        for <linux-mm@kvack.org>; Mon, 02 May 2022 10:30:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=3KcXF7br6fU4fVidNyAgo6i/xFb/TGJ382YUuzwaEVw=;
        b=BZUtGa5yQLi+3tVM83PY5a+EmpFvJ1ZBU3wv0ZdpEVV68hjHwFD5errVmFBbWGYp6s
         JakDUlf7voU/7TVdYz0buU7q7xp4DSgS2V7dgU9t4XYt96qPmfVpU39OTTWzuJuAhlgG
         cKOcDoSty9pu6tm2B/420oKTH2BUPYNynNyZS5yI7WVOqnqmqDjCgnEsB34CqaONn7c9
         E5BngPhkObgi9PVZwZzv7Tt5r24qsipFx05gp35BrtIEG1JOUDqIeoXDFHUhqg3m02Gm
         E+snckS7jIYvaTJTnyaq+LMMTB0aL9RlrNBTC7tV8DH3oG9GL8R9u9rcC2LFsaKRiSCP
         nzHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=3KcXF7br6fU4fVidNyAgo6i/xFb/TGJ382YUuzwaEVw=;
        b=CuV5evpwyv81ierDko4c2bT9TI8pno0TYFBmeHrveK7ALqbyh1cH1yKXznKguzDoly
         xVkob5RTaUNnxjQSzMCWj/OMWZ9Xx0duqGiqLeAzbxXAtXxT7vNJ2MJUUTdalPofyGiy
         JzNtMfoGxZVjk5ikR615mwxH9q6AQWoTv1AjEDlkxWCQy77G16+fjK5ZZxVr2JGy8GVJ
         38nPoQC+d3OybYR7E1zw3gmWgjopBjcfe1wV+Ll5d0xkizVUEw4sMWp9hDpLcDpzcW9v
         dhDzNK1w4M8HcLZs8GxtgGtL1XdAcDUl/+4oG/4Df4Dlg/6mMTEgH0/MS6Ytv/0hnyQ0
         EKsw==
X-Gm-Message-State: AOAM532zxLSlvO6VYSYpXBhq2xdIbE/5Nkn94guF27g3gorNVjs31Ea4
	BDu7Jrc1GZNc7SN+l3zpwaHj7X5l3EmJE0OTQpdoWw==
X-Google-Smtp-Source: ABdhPJx3EZjhJ6CKCp7DVu2IVcubxYdZEy6+cgQnsHf3yW4eF6smHbZ8oCGfZLHQHZnsPHMkohMzOisSJ/M1lbtDu+o=
X-Received: by 2002:a05:6902:1007:b0:649:7745:d393 with SMTP id
 w7-20020a056902100700b006497745d393mr5272527ybt.407.1651512630804; Mon, 02
 May 2022 10:30:30 -0700 (PDT)
MIME-Version: 1.0
References: <20220425163451.3818838-1-juew@google.com> <b4c6c741-3109-c1ea-00fd-725f7a44fe66@intel.com>
 <CAPcxDJ5t109ks+AQ-3+OyEh-P4L=T65NJMePoxh18b2nM9XPfw@mail.gmail.com>
 <5a7f00e3-311d-b5ca-4249-7f50f8712559@intel.com> <CAPcxDJ5Cfrq60pJfwhDp8mZQYX+aueaH6OTq8NH=-C6fhMYL5w@mail.gmail.com>
 <fccd0784-4c58-453f-1f34-9d4038431531@intel.com> <dba78bbc-0c4f-9280-a7f9-1ebcadd3701d@redhat.com>
In-Reply-To: <dba78bbc-0c4f-9280-a7f9-1ebcadd3701d@redhat.com>
From: Jue Wang <juew@google.com>
Date: Mon, 2 May 2022 10:30:19 -0700
Message-ID: <CAPcxDJ56NJ6KqQX6KvZFEqWS9AG-R2AKFMKHw73qsUOqcDpcJg@mail.gmail.com>
Subject: Re: [RFC] Expose a memory poison detector ioctl to user space.
To: David Hildenbrand <david@redhat.com>
Cc: Dave Hansen <dave.hansen@intel.com>, Naoya Horiguchi <naoya.horiguchi@nec.com>, 
	Tony Luck <tony.luck@intel.com>, Dave Hansen <dave.hansen@linux.intel.com>, 
	Jiaqi Yan <jiaqiyan@google.com>, Greg Thelen <gthelen@google.com>, 
	Mina Almasry <almasrymina@google.com>, linux-mm@kvack.org, 
	Sean Christopherson <seanjc@google.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 5671440061
X-Stat-Signature: sathm4onw4t8f8h59nqbrpqsziembhys
Authentication-Results: imf12.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=BZUtGa5y;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf12.hostedemail.com: domain of juew@google.com designates 209.85.219.173 as permitted sender) smtp.mailfrom=juew@google.com
X-Rspam-User: 
X-Rspamd-Server: rspam08
X-HE-Tag: 1651512617-192221
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, May 2, 2022 at 10:19 AM David Hildenbrand <david@redhat.com> wrote:
>
> On 26.04.22 21:39, Dave Hansen wrote:
> > On 4/26/22 12:23, Jue Wang wrote:
> >> On Tue, Apr 26, 2022 at 11:18 AM Dave Hansen <dave.hansen@intel.com> wrote:
> >>> What if you're in a normal (non-TDX) guest and some of the physical
> >>> address space has been ballooned away?
> >>
> >> Accessing to memory that gets ballooned away will cause extra EPT
> >> violations and have the memory faulted in on the host side, which is
> >> transparent to the guest.
> >
> > Yeah, but it completely subverts the whole purpose of ballooning.  In
> > other words, this is for all intents and purposes also mutually
> > exclusive with ballooning.
>
> Some balloon (or balloon-like) implementations don't support reading
> memory that's mapped into the direct map. For example, with never
> virtio-mem devices in the hypervisor, reading unplugged memory can
> result in undefined behavior (in the worst case, you'll get your VM zapped).
>
> Reading random physical memory ranges without further checks is a very
> bad idea. There are more corner cases, that we e.g., exclude when
> reading /proc/kcore.
>
> Take a look at read_kcore() KCORE_RAM case, where we e.g., exclude
> reading PageOffline(), is_page_hwpoison() and !pfn_is_ram(). Unaccepted
> memory might be another case we want to exclude there in the future.
>
>
> I assume something as you imagine could be implemented in user space
> just by relying on /proc/iomem and /proc/kcore right now in an unsafe
> way. So you might want something similar, however, obviously without
> exporting page content to user space and requiring root permissions.

Thanks.

Are the following cases benign if the scan only happens on the host side?

. virtio-mem - unplugged memory
. Unaccepted memory


>
> --
> Thanks,
>
> David / dhildenb
>