From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41A1CC3ABCC for ; Tue, 13 May 2025 16:34:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id EB44B6B0095; Tue, 13 May 2025 12:34:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E5FDE6B00CD; Tue, 13 May 2025 12:34:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CD7FC6B00CE; Tue, 13 May 2025 12:34:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id AE4D46B0095 for ; Tue, 13 May 2025 12:34:42 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 02BEB81200 for ; Tue, 13 May 2025 16:34:43 +0000 (UTC) X-FDA: 83438433288.08.A5C9396 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf12.hostedemail.com (Postfix) with ESMTP id 2B4CA40003 for ; Tue, 13 May 2025 16:34:41 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=tA3kUoNX; spf=pass (imf12.hostedemail.com: domain of 3oHQjaAUKCF8Q7887DLLDIB.9LJIFKRU-JJHS79H.LOD@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3oHQjaAUKCF8Q7887DLLDIB.9LJIFKRU-JJHS79H.LOD@flex--tabba.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747154082; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=7KUVo2viMPnYSE5ZDE55JuoChHZyPuFMM0oZmNJPumM=; b=Fx9JYBXAIXdXcbA0/xx5VTBeYl8Tqavw2tgPyp7HdjPrb9Wf4yzbaphxys3uUf23FVX59R q6CucLJKbvh0oHgDfGUfePW/PDFwQc1N3hWoEJezxk8bwYbPNIcs83hRfggJ6NkOw/YTZb bBlmaP7VBBGygoKBzEprwID7Rfdb7q8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747154082; a=rsa-sha256; cv=none; b=URNmNL0AqH/XG3ZbpVZceVNxiK67X+Hmfh7qF+xev1B0pO7e4mVpuHCYGkGw5Dei0JX+lk pYN0HRciqLhcbXxlCpf2Qg4cS8CiITcbm4JHH1afp5GG8fC3RXi8Y5Ddw1TNRpEJEjFtAK DvpSpkKbiFbkTGd5FGJWnkYriVe7UHw= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=tA3kUoNX; spf=pass (imf12.hostedemail.com: domain of 3oHQjaAUKCF8Q7887DLLDIB.9LJIFKRU-JJHS79H.LOD@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3oHQjaAUKCF8Q7887DLLDIB.9LJIFKRU-JJHS79H.LOD@flex--tabba.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43cf172ff63so26852725e9.3 for ; Tue, 13 May 2025 09:34:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747154080; x=1747758880; darn=kvack.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=7KUVo2viMPnYSE5ZDE55JuoChHZyPuFMM0oZmNJPumM=; b=tA3kUoNX6JglVbbp+53eBEtteWCCNgPmlWMk9m0awy94Q8b8uis/s+9wB0ApNNmB/I XFrriM7l8CRSvZC1f7misOhbswxR/DrUee7qYEUjrWiqDRryVHo9qBRhogJ69vABumBB dK1WJdasddlEQyZ+g5yGUiU7VSBWETfEKJsxydp9ONPS2v9s6E5InWh9dsKC2QNYHuZH lvdfjUI/ktHiriZDOEkwFJte7GMvF9uM6ZLzZSkfPaKw98xP6AOkdKDQl+VQMjXfllNr cw5glTMq7aAjlhob+16Lwy8HHstbnksx/ISZU797ELKIM7w+ZL1vWTVc+RYwpU19cmDj JQhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747154080; x=1747758880; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=7KUVo2viMPnYSE5ZDE55JuoChHZyPuFMM0oZmNJPumM=; b=dRkOCnfhTSmwBAggZSX7mMEPQ/DpPziQDnHSpV3KNc7I1AsGPaKv/XvTzGZUrH/k3l enAEKOYcmxr8BVc8rlsYxhd6/JRnBFxZ8TH/4ZSzRU7K93/Sztz1HemSqpZ+/DRS0uEW BEE4stjFAmaGuFOTcHlAXXZiiX+pD8b36vCcfRNdD2RHun1LsrYB1MOLTIBkStOARC8f YwgBx39YrbvfH+dLNcFh0qvaT1vgNsc67HjiBum6hsYaxBILmcyxIKfRMGNEQ+vkyl3D A32M8mUHjMpI6xcyzAMMIfYMvaNbpg4MuLPcfOpOmX0hlLIZ8ydi3t+ma0LLl4r0jCib 3wdQ== X-Forwarded-Encrypted: i=1; AJvYcCUs6SYCsssGrfyn48IrRulByKBpK5zE3VjuEDvkJzA8ULD65GV3sESidhNHz0pEalPJMGFIgCvFHQ==@kvack.org X-Gm-Message-State: AOJu0Yz2hZE2t/YzInRyu2+KlouNqNuP8L/SRZwtFI5Ht+g7s8OAKaIt XgkTjG83p8CDRSQxFIVPhJCK2z7V8nltYrY/mH2hRFcGMwJW5FOZ4Nb9OlZjK6bxskY3J5h4CQ= = X-Google-Smtp-Source: AGHT+IHtsg7gz/6cwRuLjWybGINXKyS13ShwKFqFEum/5zvp/THSNOQqQ0KjNDOktFDBU7BPIiVHeub/nA== X-Received: from wmbek10.prod.google.com ([2002:a05:600c:3eca:b0:442:c98d:df37]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3ba8:b0:439:8c80:6af4 with SMTP id 5b1f17b1804b1-442f2110f24mr28985e9.19.1747154080538; Tue, 13 May 2025 09:34:40 -0700 (PDT) Date: Tue, 13 May 2025 17:34:21 +0100 Mime-Version: 1.0 X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <20250513163438.3942405-1-tabba@google.com> Subject: [PATCH v9 00/17] KVM: Mapping guest_memfd backed memory at the host for software protected VMs From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, peterx@redhat.com, pankaj.gupta@amd.com, ira.weiny@intel.com, tabba@google.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 2B4CA40003 X-Stat-Signature: eryfhxo5buimzff4tonnjiejpnro8zjx X-Rspam-User: X-HE-Tag: 1747154081-370689 X-HE-Meta: U2FsdGVkX1+ZIyUOMPKSzYcloLWIyqnoJ6H8gJVv62Tg8zDwxLyorTaSyUhbe19jm2XZdQcxCbBCKeWTb4KLTdpDJySeI/GUVOCCfG2mJ9hVLYkNjqPEB4NukOHL3xUzRYrK5FOWW+u05FhdVfzfOXHR0ZuVn2Odi7vxLxn3cL8g4/A+CWLT1hjCLv9WoTiFxwca5RC5mG78Kyoquf14fnGyVxPKBNP/hk7jq3wvoOcyTBQfmq6mwIvgWaybPA6iHUry7TzfIUpohrMLfdrw3AjaaabtysfMMPHxJsc6AgrMzw62vqtbVcCwU1opzRGf6sLOcwaorpKb2HfzLZ627SOX6xCP4qMIZN2cOlGzKWvVXAXojK+VcIsfbJST4wGbL5mipBPzk9hpZ2iP0ayss7czQ+mxctlUhRqrSaDNcYUqauN9ITdJVl6e1Vv4yxIIB59BDxHD7Mz+Pp5XII+yYtGemRdzbMUVwnJCHRDS4purTn35AmhU/NsdxqqaAp6xBePl3tGp92buujNBfpLGZcpP6iIst9tXswxrYhTCKeBypRTETcymzSFvAgyk1GNSYmW49RGBKKahhOHJMVQVNQlm7+eL+igHm9Cxy0+U2RkR4Jgmt4GBBifFyOvjlJjS793j9b3Xr8sK0h5FTUk9+qbRI4uhX4CP6yw2R97rQkjUFJhGCA+TnIFMhASDpGy86+kSarOQkmV3E5ITA8LrWYoinG47nf+fUL27TKyG4j85xT0FQNDvoJPn1qnSNxdTdpIhcjsd1wFKsfOpaXlAXHX3ESOIDqfZi1lppVRiFpMR3biEmWb9e1LdiAoF/7H/phZFGqk9gqmAWHVersOxy9rJUp6ujSy8eegsIYTkqmUE5TmFnfsTVMpLtxlRQ7JxEWBvNosGNBO2lXUgbRzkwZdyQOMyYBiGqcL5zf3FTyI0WLHNesnon5VOppvCGckL0afP7WdunR7m5PE3+BS O2nbhhqr A/CJuR10GAkeV0tHlUfAYz+Gq9q8ATgffWOhOBf6ouyQ+lKOhHWrUm6vAgtMp7RkoT0PpvqM52mV/S9m4RRzIOa3cPBv8Lcs2JAT8DqjwAExdmZbhuq7n1bFajwfJz5HMJQS6HwOuEdSqkVrXFQv4aBOoaMTFSVia3X9doJLkZbLzAlwMsfJbw612rN+6B9lA0iisPOwLRsZeYpcaEc/n9WM3qshvW+LvwtbQSQ1BJoOW4H3o49Mg8gj8npMZKwnumWojIUzA8evega7CnWl+dttsKQP8hVnzn486YmRkdX/D+lK+aX92rU0MPJ4G/M4c8ZjrZP67dZ0XprolOmKZNV0TKT2yj2Px63X7bc24w7Iguln4gIoUKjFunEETuAFzC13DEjSIKWVsxm1aVzwiHcNYc3iG8ftHFuIzzlGjckibKV/QYNk2iw703uvKKIWik5qPxBsa666V9rmItFE25Oz0nPxupW78Kx8RbNhW4DyVseyWfZQJckKzeazgnLtpR80sa0AxFygZT99zDnNGZY6mKHciEoZzTyyCfugpo8uaJ8nn5LXW9qV3/ox4TaOc6sGfjR58h3EE3Ju1ZK8Wz+ORA0RQBsEIDXLT+IsgV8DDHoA49lTEY1CuwGBj4jVazJfm8nbDRWUA0/l0ZL8oDfFvMZ8h8tD2S34JXKxAivW+9+TcOHRKTdriOizx/x99AXV2wbu1t+Zju7/vZiTTQ78eeQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Main changes since v8 [1]: - Added guest_memfd flag that toggles support for in-place shared memory - Added best-effort validation that the userspace memory address range matches the shared memory backed by guest_memfd - Rework handling faults for shared guest_memfd memory in x86 - Fixes based on feedback from the previous series - Rebase on Linux 6.15-rc6 The purpose of this series is to allow mapping guest_memfd backed memory at the host. This support enables VMMs like Firecracker to run guests backed completely by guest_memfd [2]. Combined with Patrick's series for direct map removal in guest_memfd [3], this would allow running VMs that offer additional hardening against Spectre-like transient execution attacks. This series will also serve as a base for _restricted_ mmap() support for guest_memfd backed memory at the host for CoCos that allow sharing guest memory in-place with the host [4]. Patches 1 to 6 are mainly about decoupling the concept of guest memory being private vs guest memory being backed by guest_memfd. They are mostly refactoring and renaming. Patches 7 and 8 add support for in-place shared memory, as well as the ability to map it by the host as long as it is shared, gated by a new configuration option, toggled by a new flag, and advertised to userspace by a new capability (introduced in patch 15). Patches 9 to 14 add x86 and arm64 support for in-place shared memory. Patch 15 introduces the capability that advertises support for in-place shared memory, and updates the documentation. Patches 16 and 17 add new selftests for the added features. For details on how to test this patch series, and on how to boot a guest has uses the new features, please refer to v8 [1]. Cheers, /fuad [1] https://lore.kernel.org/all/20250430165655.605595-1-tabba@google.com/ [2] https://github.com/firecracker-microvm/firecracker/tree/feature/secret-hiding [3] https://lore.kernel.org/all/20250221160728.1584559-1-roypat@amazon.co.uk/ [4] https://lore.kernel.org/all/20250328153133.3504118-1-tabba@google.com/ Ackerley Tng (4): KVM: guest_memfd: Check that userspace_addr and fd+offset refer to same range KVM: x86/mmu: Handle guest page faults for guest_memfd with shared memory KVM: x86: Compute max_mapping_level with input from guest_memfd KVM: selftests: Test guest_memfd same-range validation Fuad Tabba (13): KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_KVM_GENERIC_GMEM_POPULATE KVM: Rename kvm_arch_has_private_mem() to kvm_arch_supports_gmem() KVM: x86: Rename kvm->arch.has_private_mem to kvm->arch.supports_gmem KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() KVM: Fix comments that refer to slots_lock KVM: guest_memfd: Allow host to map guest_memfd() pages KVM: arm64: Refactor user_mem_abort() calculation of force_pte KVM: arm64: Rename variables in user_mem_abort() KVM: arm64: Handle guest_memfd()-backed guest page faults KVM: arm64: Enable mapping guest_memfd in arm64 KVM: Introduce the KVM capability KVM_CAP_GMEM_SHARED_MEM KVM: selftests: guest_memfd mmap() test when mapping is allowed Documentation/virt/kvm/api.rst | 18 + arch/arm64/include/asm/kvm_host.h | 10 + arch/arm64/kvm/Kconfig | 1 + arch/arm64/kvm/mmu.c | 149 +++++---- arch/x86/include/asm/kvm_host.h | 22 +- arch/x86/kvm/Kconfig | 4 +- arch/x86/kvm/mmu/mmu.c | 135 +++++--- arch/x86/kvm/svm/sev.c | 4 +- arch/x86/kvm/svm/svm.c | 4 +- arch/x86/kvm/x86.c | 3 +- include/linux/kvm_host.h | 76 ++++- include/uapi/linux/kvm.h | 2 + tools/testing/selftests/kvm/Makefile.kvm | 1 + .../testing/selftests/kvm/guest_memfd_test.c | 313 ++++++++++++++++-- virt/kvm/Kconfig | 15 +- virt/kvm/Makefile.kvm | 2 +- virt/kvm/guest_memfd.c | 152 ++++++++- virt/kvm/kvm_main.c | 21 +- virt/kvm/kvm_mm.h | 4 +- 19 files changed, 753 insertions(+), 183 deletions(-) base-commit: 82f2b0b97b36ee3fcddf0f0780a9a0825d52fec3 -- 2.49.0.1045.g170613ef41-goog