From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B7CEC433EF for ; Thu, 17 Feb 2022 13:47:38 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id ABE7B6B0078; Thu, 17 Feb 2022 08:47:37 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A47CA6B007B; Thu, 17 Feb 2022 08:47:37 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F4A26B007D; Thu, 17 Feb 2022 08:47:37 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0056.hostedemail.com [216.40.44.56]) by kanga.kvack.org (Postfix) with ESMTP id 7CDA96B0078 for ; Thu, 17 Feb 2022 08:47:37 -0500 (EST) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 36DD0181AC9C6 for ; Thu, 17 Feb 2022 13:47:37 +0000 (UTC) X-FDA: 79152399354.10.2F283A0 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by imf29.hostedemail.com (Postfix) with ESMTP id 5D0ED12000A for ; Thu, 17 Feb 2022 13:47:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645105656; x=1676641656; h=date:from:to:cc:subject:message-id:reply-to:references: mime-version:in-reply-to; bh=00jU+EOCM+jaTdG7EhL3AgRMsoum/qW8+F9FVekDncc=; b=MJ689sZBcf+iNmcRzcMzgN0n+gr4vCpToqCnpN3foMJQXK/2DZeeBqkY yJMLAmvpqw85zikvvsTLWxnN1msSOM+m4zIufabi4vCGsuQJ5kM7gqGDR uvMj9TpdYAgHJfnDj1W0IUG2F6PpH0d4RChZsaeJDa5Zgu35MnRqZlKRA Ly8EzCsNSVuQSz1gbGg86DE2oj9WoPRQfAv+pfR24Vmwfvmp+na5BUY6s flNoMHV1pyQwx/95StyokkruggZE2EGpVr3V/u4oTvwB9fiToSC4swSTt WBjacpz4UWmaNyeA6o/Y8fK+BAb7iVh/r0/1IGF+tffC31dnLRWVn1b73 g==; X-IronPort-AV: E=McAfee;i="6200,9189,10260"; a="249710735" X-IronPort-AV: E=Sophos;i="5.88,375,1635231600"; d="scan'208";a="249710735" Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Feb 2022 05:47:35 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,375,1635231600"; d="scan'208";a="503514098" Received: from chaop.bj.intel.com (HELO localhost) ([10.240.192.101]) by orsmga002.jf.intel.com with ESMTP; 17 Feb 2022 05:47:27 -0800 Date: Thu, 17 Feb 2022 21:47:05 +0800 From: Chao Peng To: Mike Rapoport Cc: linux-api@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com Subject: Re: [PATCH v4 00/12] KVM: mm: fd-based approach for supporting KVM guest private memory Message-ID: <20220217134705.GB33836@chaop.bj.intel.com> Reply-To: Chao Peng References: <20220118132121.31388-1-chao.p.peng@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=MJ689sZB; dmarc=pass (policy=none) header.from=intel.com; spf=none (imf29.hostedemail.com: domain of chao.p.peng@linux.intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=chao.p.peng@linux.intel.com X-Rspam-User: X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 5D0ED12000A X-Stat-Signature: quniej9wbjyguute6xsx37iodjthxw9a X-HE-Tag: 1645105656-677224 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Feb 08, 2022 at 08:33:18PM +0200, Mike Rapoport wrote: > (addded linux-api) > > On Tue, Jan 18, 2022 at 09:21:09PM +0800, Chao Peng wrote: > > This is the v4 of this series which try to implement the fd-based KVM > > guest private memory. The patches are based on latest kvm/queue branch > > commit: > > > > fea31d169094 KVM: x86/pmu: Fix available_event_types check for > > REF_CPU_CYCLES event > > > > Introduction > > ------------ > > In general this patch series introduce fd-based memslot which provides > > guest memory through memory file descriptor fd[offset,size] instead of > > hva/size. The fd can be created from a supported memory filesystem > > like tmpfs/hugetlbfs etc. which we refer as memory backing store. KVM > > and the the memory backing store exchange callbacks when such memslot > > gets created. At runtime KVM will call into callbacks provided by the > > backing store to get the pfn with the fd+offset. Memory backing store > > will also call into KVM callbacks when userspace fallocate/punch hole > > on the fd to notify KVM to map/unmap secondary MMU page tables. > > > > Comparing to existing hva-based memslot, this new type of memslot allows > > guest memory unmapped from host userspace like QEMU and even the kernel > > itself, therefore reduce attack surface and prevent bugs. > > > > Based on this fd-based memslot, we can build guest private memory that > > is going to be used in confidential computing environments such as Intel > > TDX and AMD SEV. When supported, the memory backing store can provide > > more enforcement on the fd and KVM can use a single memslot to hold both > > the private and shared part of the guest memory. > > > > mm extension > > --------------------- > > Introduces new F_SEAL_INACCESSIBLE for shmem and new MFD_INACCESSIBLE > > flag for memfd_create(), the file created with these flags cannot read(), > > write() or mmap() etc via normal MMU operations. The file content can > > only be used with the newly introduced memfile_notifier extension. > > It would be great to see man page draft for new ABI flags Yes I can provide the man page. Thanks, Chao