* [PATCH v10 01/15] set_memory: set_direct_map_* to take address
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
@ 2026-01-26 16:46 ` Kalyazin, Nikita
2026-01-28 12:18 ` kernel test robot
2026-01-26 16:47 ` [PATCH v10 02/15] set_memory: add folio_{zap,restore}_direct_map helpers Kalyazin, Nikita
` (13 subsequent siblings)
14 siblings, 1 reply; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:46 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Nikita Kalyazin <kalyazin@amazon.com>
This is to avoid excessive conversions folio->page->address when adding
helpers on top of set_direct_map_valid_noflush() in the next patch.
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
arch/arm64/include/asm/set_memory.h | 7 ++++---
arch/arm64/mm/pageattr.c | 19 +++++++++----------
arch/loongarch/include/asm/set_memory.h | 7 ++++---
arch/loongarch/mm/pageattr.c | 25 ++++++++++++-------------
arch/riscv/include/asm/set_memory.h | 7 ++++---
arch/riscv/mm/pageattr.c | 17 +++++++++--------
arch/s390/include/asm/set_memory.h | 7 ++++---
arch/s390/mm/pageattr.c | 13 +++++++------
arch/x86/include/asm/set_memory.h | 7 ++++---
arch/x86/mm/pat/set_memory.c | 23 ++++++++++++-----------
include/linux/set_memory.h | 9 +++++----
kernel/power/snapshot.c | 4 ++--
mm/execmem.c | 6 ++++--
mm/secretmem.c | 6 +++---
mm/vmalloc.c | 11 +++++++----
15 files changed, 90 insertions(+), 78 deletions(-)
diff --git a/arch/arm64/include/asm/set_memory.h b/arch/arm64/include/asm/set_memory.h
index 90f61b17275e..c71a2a6812c4 100644
--- a/arch/arm64/include/asm/set_memory.h
+++ b/arch/arm64/include/asm/set_memory.h
@@ -11,9 +11,10 @@ bool can_set_direct_map(void);
int set_memory_valid(unsigned long addr, int numpages, int enable);
-int set_direct_map_invalid_noflush(struct page *page);
-int set_direct_map_default_noflush(struct page *page);
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid);
+int set_direct_map_invalid_noflush(const void *addr);
+int set_direct_map_default_noflush(const void *addr);
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid);
bool kernel_page_present(struct page *page);
int set_memory_encrypted(unsigned long addr, int numpages);
diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index f0e784b963e6..e2bdc3c1f992 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -243,7 +243,7 @@ int set_memory_valid(unsigned long addr, int numpages, int enable)
__pgprot(PTE_VALID));
}
-int set_direct_map_invalid_noflush(struct page *page)
+int set_direct_map_invalid_noflush(const void *addr)
{
pgprot_t clear_mask = __pgprot(PTE_VALID);
pgprot_t set_mask = __pgprot(0);
@@ -251,11 +251,11 @@ int set_direct_map_invalid_noflush(struct page *page)
if (!can_set_direct_map())
return 0;
- return update_range_prot((unsigned long)page_address(page),
- PAGE_SIZE, set_mask, clear_mask);
+ return update_range_prot((unsigned long)addr, PAGE_SIZE, set_mask,
+ clear_mask);
}
-int set_direct_map_default_noflush(struct page *page)
+int set_direct_map_default_noflush(const void *addr)
{
pgprot_t set_mask = __pgprot(PTE_VALID | PTE_WRITE);
pgprot_t clear_mask = __pgprot(PTE_RDONLY);
@@ -263,8 +263,8 @@ int set_direct_map_default_noflush(struct page *page)
if (!can_set_direct_map())
return 0;
- return update_range_prot((unsigned long)page_address(page),
- PAGE_SIZE, set_mask, clear_mask);
+ return update_range_prot((unsigned long)addr, PAGE_SIZE, set_mask,
+ clear_mask);
}
static int __set_memory_enc_dec(unsigned long addr,
@@ -347,14 +347,13 @@ int realm_register_memory_enc_ops(void)
return arm64_mem_crypt_ops_register(&realm_crypt_ops);
}
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid)
{
- unsigned long addr = (unsigned long)page_address(page);
-
if (!can_set_direct_map())
return 0;
- return set_memory_valid(addr, nr, valid);
+ return set_memory_valid((unsigned long)addr, numpages, valid);
}
#ifdef CONFIG_DEBUG_PAGEALLOC
diff --git a/arch/loongarch/include/asm/set_memory.h b/arch/loongarch/include/asm/set_memory.h
index 55dfaefd02c8..5e9b67b2fea1 100644
--- a/arch/loongarch/include/asm/set_memory.h
+++ b/arch/loongarch/include/asm/set_memory.h
@@ -15,8 +15,9 @@ int set_memory_ro(unsigned long addr, int numpages);
int set_memory_rw(unsigned long addr, int numpages);
bool kernel_page_present(struct page *page);
-int set_direct_map_default_noflush(struct page *page);
-int set_direct_map_invalid_noflush(struct page *page);
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid);
+int set_direct_map_invalid_noflush(const void *addr);
+int set_direct_map_default_noflush(const void *addr);
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid);
#endif /* _ASM_LOONGARCH_SET_MEMORY_H */
diff --git a/arch/loongarch/mm/pageattr.c b/arch/loongarch/mm/pageattr.c
index f5e910b68229..c1b2be915038 100644
--- a/arch/loongarch/mm/pageattr.c
+++ b/arch/loongarch/mm/pageattr.c
@@ -198,32 +198,31 @@ bool kernel_page_present(struct page *page)
return pte_present(ptep_get(pte));
}
-int set_direct_map_default_noflush(struct page *page)
+int set_direct_map_default_noflush(const void *addr)
{
- unsigned long addr = (unsigned long)page_address(page);
-
- if (addr < vm_map_base)
+ if ((unsigned long)addr < vm_map_base)
return 0;
- return __set_memory(addr, 1, PAGE_KERNEL, __pgprot(0));
+ return __set_memory((unsigned long)addr, 1, PAGE_KERNEL, __pgprot(0));
}
-int set_direct_map_invalid_noflush(struct page *page)
+int set_direct_map_invalid_noflush(const void *addr)
{
- unsigned long addr = (unsigned long)page_address(page);
+ unsigned long addr = (unsigned long)addr;
- if (addr < vm_map_base)
+ if ((unsigned long)addr < vm_map_base)
return 0;
- return __set_memory(addr, 1, __pgprot(0), __pgprot(_PAGE_PRESENT | _PAGE_VALID));
+ return __set_memory((unsigned long)addr, 1, __pgprot(0),
+ __pgprot(_PAGE_PRESENT | _PAGE_VALID));
}
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid)
{
- unsigned long addr = (unsigned long)page_address(page);
pgprot_t set, clear;
- if (addr < vm_map_base)
+ if ((unsigned long)addr < vm_map_base)
return 0;
if (valid) {
@@ -234,5 +233,5 @@ int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
clear = __pgprot(_PAGE_PRESENT | _PAGE_VALID);
}
- return __set_memory(addr, 1, set, clear);
+ return __set_memory((unsigned long)addr, 1, set, clear);
}
diff --git a/arch/riscv/include/asm/set_memory.h b/arch/riscv/include/asm/set_memory.h
index 87389e93325a..a87eabd7fc78 100644
--- a/arch/riscv/include/asm/set_memory.h
+++ b/arch/riscv/include/asm/set_memory.h
@@ -40,9 +40,10 @@ static inline int set_kernel_memory(char *startp, char *endp,
}
#endif
-int set_direct_map_invalid_noflush(struct page *page);
-int set_direct_map_default_noflush(struct page *page);
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid);
+int set_direct_map_invalid_noflush(const void *addr);
+int set_direct_map_default_noflush(const void *addr);
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid);
bool kernel_page_present(struct page *page);
#endif /* __ASSEMBLER__ */
diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c
index 3f76db3d2769..0a457177a88c 100644
--- a/arch/riscv/mm/pageattr.c
+++ b/arch/riscv/mm/pageattr.c
@@ -374,19 +374,20 @@ int set_memory_nx(unsigned long addr, int numpages)
return __set_memory(addr, numpages, __pgprot(0), __pgprot(_PAGE_EXEC));
}
-int set_direct_map_invalid_noflush(struct page *page)
+int set_direct_map_invalid_noflush(const void *addr)
{
- return __set_memory((unsigned long)page_address(page), 1,
- __pgprot(0), __pgprot(_PAGE_PRESENT));
+ return __set_memory((unsigned long)addr, 1, __pgprot(0),
+ __pgprot(_PAGE_PRESENT));
}
-int set_direct_map_default_noflush(struct page *page)
+int set_direct_map_default_noflush(const void *addr)
{
- return __set_memory((unsigned long)page_address(page), 1,
- PAGE_KERNEL, __pgprot(_PAGE_EXEC));
+ return __set_memory((unsigned long)addr, 1, PAGE_KERNEL,
+ __pgprot(_PAGE_EXEC));
}
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid)
{
pgprot_t set, clear;
@@ -398,7 +399,7 @@ int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
clear = __pgprot(_PAGE_PRESENT);
}
- return __set_memory((unsigned long)page_address(page), nr, set, clear);
+ return __set_memory((unsigned long)addr, numpages, set, clear);
}
#ifdef CONFIG_DEBUG_PAGEALLOC
diff --git a/arch/s390/include/asm/set_memory.h b/arch/s390/include/asm/set_memory.h
index 94092f4ae764..3e43c3c96e67 100644
--- a/arch/s390/include/asm/set_memory.h
+++ b/arch/s390/include/asm/set_memory.h
@@ -60,9 +60,10 @@ __SET_MEMORY_FUNC(set_memory_rox, SET_MEMORY_RO | SET_MEMORY_X)
__SET_MEMORY_FUNC(set_memory_rwnx, SET_MEMORY_RW | SET_MEMORY_NX)
__SET_MEMORY_FUNC(set_memory_4k, SET_MEMORY_4K)
-int set_direct_map_invalid_noflush(struct page *page);
-int set_direct_map_default_noflush(struct page *page);
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid);
+int set_direct_map_invalid_noflush(const void *addr);
+int set_direct_map_default_noflush(const void *addr);
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid);
bool kernel_page_present(struct page *page);
#endif
diff --git a/arch/s390/mm/pageattr.c b/arch/s390/mm/pageattr.c
index d3ce04a4b248..e231757bb0e0 100644
--- a/arch/s390/mm/pageattr.c
+++ b/arch/s390/mm/pageattr.c
@@ -390,17 +390,18 @@ int __set_memory(unsigned long addr, unsigned long numpages, unsigned long flags
return rc;
}
-int set_direct_map_invalid_noflush(struct page *page)
+int set_direct_map_invalid_noflush(const void *addr)
{
- return __set_memory((unsigned long)page_to_virt(page), 1, SET_MEMORY_INV);
+ return __set_memory((unsigned long)addr, 1, SET_MEMORY_INV);
}
-int set_direct_map_default_noflush(struct page *page)
+int set_direct_map_default_noflush(const void *addr)
{
- return __set_memory((unsigned long)page_to_virt(page), 1, SET_MEMORY_DEF);
+ return __set_memory((unsigned long)addr, 1, SET_MEMORY_DEF);
}
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid)
{
unsigned long flags;
@@ -409,7 +410,7 @@ int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
else
flags = SET_MEMORY_INV;
- return __set_memory((unsigned long)page_to_virt(page), nr, flags);
+ return __set_memory((unsigned long)addr, numpages, flags);
}
bool kernel_page_present(struct page *page)
diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
index 61f56cdaccb5..f912191f0853 100644
--- a/arch/x86/include/asm/set_memory.h
+++ b/arch/x86/include/asm/set_memory.h
@@ -87,9 +87,10 @@ int set_pages_wb(struct page *page, int numpages);
int set_pages_ro(struct page *page, int numpages);
int set_pages_rw(struct page *page, int numpages);
-int set_direct_map_invalid_noflush(struct page *page);
-int set_direct_map_default_noflush(struct page *page);
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid);
+int set_direct_map_invalid_noflush(const void *addr);
+int set_direct_map_default_noflush(const void *addr);
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid);
bool kernel_page_present(struct page *page);
extern int kernel_set_to_readonly;
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index 6c6eb486f7a6..bc8e1c23175b 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2600,9 +2600,9 @@ int set_pages_rw(struct page *page, int numpages)
return set_memory_rw(addr, numpages);
}
-static int __set_pages_p(struct page *page, int numpages)
+static int __set_pages_p(const void *addr, int numpages)
{
- unsigned long tempaddr = (unsigned long) page_address(page);
+ unsigned long tempaddr = (unsigned long)addr;
struct cpa_data cpa = { .vaddr = &tempaddr,
.pgd = NULL,
.numpages = numpages,
@@ -2619,9 +2619,9 @@ static int __set_pages_p(struct page *page, int numpages)
return __change_page_attr_set_clr(&cpa, 1);
}
-static int __set_pages_np(struct page *page, int numpages)
+static int __set_pages_np(const void *addr, int numpages)
{
- unsigned long tempaddr = (unsigned long) page_address(page);
+ unsigned long tempaddr = (unsigned long)addr;
struct cpa_data cpa = { .vaddr = &tempaddr,
.pgd = NULL,
.numpages = numpages,
@@ -2638,22 +2638,23 @@ static int __set_pages_np(struct page *page, int numpages)
return __change_page_attr_set_clr(&cpa, 1);
}
-int set_direct_map_invalid_noflush(struct page *page)
+int set_direct_map_invalid_noflush(const void *addr)
{
- return __set_pages_np(page, 1);
+ return __set_pages_np(addr, 1);
}
-int set_direct_map_default_noflush(struct page *page)
+int set_direct_map_default_noflush(const void *addr)
{
- return __set_pages_p(page, 1);
+ return __set_pages_p(addr, 1);
}
-int set_direct_map_valid_noflush(struct page *page, unsigned nr, bool valid)
+int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
+ bool valid)
{
if (valid)
- return __set_pages_p(page, nr);
+ return __set_pages_p(addr, numpages);
- return __set_pages_np(page, nr);
+ return __set_pages_np(addr, numpages);
}
#ifdef CONFIG_DEBUG_PAGEALLOC
diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h
index 3030d9245f5a..1a2563f525fc 100644
--- a/include/linux/set_memory.h
+++ b/include/linux/set_memory.h
@@ -25,17 +25,18 @@ static inline int set_memory_rox(unsigned long addr, int numpages)
#endif
#ifndef CONFIG_ARCH_HAS_SET_DIRECT_MAP
-static inline int set_direct_map_invalid_noflush(struct page *page)
+static inline int set_direct_map_invalid_noflush(const void *addr)
{
return 0;
}
-static inline int set_direct_map_default_noflush(struct page *page)
+static inline int set_direct_map_default_noflush(const void *addr)
{
return 0;
}
-static inline int set_direct_map_valid_noflush(struct page *page,
- unsigned nr, bool valid)
+static inline int set_direct_map_valid_noflush(const void *addr,
+ unsigned long numpages,
+ bool valid)
{
return 0;
}
diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
index 0a946932d5c1..b6dda3a8eb6e 100644
--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -88,7 +88,7 @@ static inline int hibernate_restore_unprotect_page(void *page_address) {return 0
static inline void hibernate_map_page(struct page *page)
{
if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {
- int ret = set_direct_map_default_noflush(page);
+ int ret = set_direct_map_default_noflush(page_address(page));
if (ret)
pr_warn_once("Failed to remap page\n");
@@ -101,7 +101,7 @@ static inline void hibernate_unmap_page(struct page *page)
{
if (IS_ENABLED(CONFIG_ARCH_HAS_SET_DIRECT_MAP)) {
unsigned long addr = (unsigned long)page_address(page);
- int ret = set_direct_map_invalid_noflush(page);
+ int ret = set_direct_map_invalid_noflush(page_address(page));
if (ret)
pr_warn_once("Failed to remap page\n");
diff --git a/mm/execmem.c b/mm/execmem.c
index 810a4ba9c924..220298ec87c8 100644
--- a/mm/execmem.c
+++ b/mm/execmem.c
@@ -119,7 +119,8 @@ static int execmem_set_direct_map_valid(struct vm_struct *vm, bool valid)
int err = 0;
for (int i = 0; i < vm->nr_pages; i += nr) {
- err = set_direct_map_valid_noflush(vm->pages[i], nr, valid);
+ err = set_direct_map_valid_noflush(page_address(vm->pages[i]),
+ nr, valid);
if (err)
goto err_restore;
updated += nr;
@@ -129,7 +130,8 @@ static int execmem_set_direct_map_valid(struct vm_struct *vm, bool valid)
err_restore:
for (int i = 0; i < updated; i += nr)
- set_direct_map_valid_noflush(vm->pages[i], nr, !valid);
+ set_direct_map_valid_noflush(page_address(vm->pages[i]), nr,
+ !valid);
return err;
}
diff --git a/mm/secretmem.c b/mm/secretmem.c
index edf111e0a1bb..4453ae5dcdd4 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -72,7 +72,7 @@ static vm_fault_t secretmem_fault(struct vm_fault *vmf)
goto out;
}
- err = set_direct_map_invalid_noflush(folio_page(folio, 0));
+ err = set_direct_map_invalid_noflush(folio_address(folio));
if (err) {
folio_put(folio);
ret = vmf_error(err);
@@ -87,7 +87,7 @@ static vm_fault_t secretmem_fault(struct vm_fault *vmf)
* already happened when we marked the page invalid
* which guarantees that this call won't fail
*/
- set_direct_map_default_noflush(folio_page(folio, 0));
+ set_direct_map_default_noflush(folio_address(folio));
folio_put(folio);
if (err == -EEXIST)
goto retry;
@@ -152,7 +152,7 @@ static int secretmem_migrate_folio(struct address_space *mapping,
static void secretmem_free_folio(struct folio *folio)
{
- set_direct_map_default_noflush(folio_page(folio, 0));
+ set_direct_map_default_noflush(folio_address(folio));
folio_zero_segment(folio, 0, folio_size(folio));
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index ecbac900c35f..5b9b421682ab 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3329,14 +3329,17 @@ struct vm_struct *remove_vm_area(const void *addr)
}
static inline void set_area_direct_map(const struct vm_struct *area,
- int (*set_direct_map)(struct page *page))
+ int (*set_direct_map)(const void *addr))
{
int i;
/* HUGE_VMALLOC passes small pages to set_direct_map */
- for (i = 0; i < area->nr_pages; i++)
- if (page_address(area->pages[i]))
- set_direct_map(area->pages[i]);
+ for (i = 0; i < area->nr_pages; i++) {
+ const void *addr = page_address(area->pages[i]);
+
+ if (addr)
+ set_direct_map(addr);
+ }
}
/*
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* Re: [PATCH v10 01/15] set_memory: set_direct_map_* to take address
2026-01-26 16:46 ` [PATCH v10 01/15] set_memory: set_direct_map_* to take address Kalyazin, Nikita
@ 2026-01-28 12:18 ` kernel test robot
0 siblings, 0 replies; 17+ messages in thread
From: kernel test robot @ 2026-01-28 12:18 UTC (permalink / raw)
To: Kalyazin, Nikita, kvm, linux-doc, linux-kernel, linux-arm-kernel,
kvmarm, linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: llvm, oe-kbuild-all, pbonzini, corbet, maz, oupton, joey.gouly,
suzuki.poulose, yuzenghui, catalin.marinas, will, seanjc, tglx,
mingo, bp, dave.hansen, x86, hpa, luto
Hi Nikita,
kernel test robot noticed the following build errors:
[auto build test ERROR on 0499add8efd72456514c6218c062911ccc922a99]
url: https://github.com/intel-lab-lkp/linux/commits/Kalyazin-Nikita/set_memory-set_direct_map_-to-take-address/20260127-005641
base: 0499add8efd72456514c6218c062911ccc922a99
patch link: https://lore.kernel.org/r/20260126164445.11867-2-kalyazin%40amazon.com
patch subject: [PATCH v10 01/15] set_memory: set_direct_map_* to take address
config: loongarch-allnoconfig (https://download.01.org/0day-ci/archive/20260128/202601282023.vzRHJBfU-lkp@intel.com/config)
compiler: clang version 22.0.0git (https://github.com/llvm/llvm-project 9b8addffa70cee5b2acc5454712d9cf78ce45710)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260128/202601282023.vzRHJBfU-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202601282023.vzRHJBfU-lkp@intel.com/
All errors (new ones prefixed by >>):
>> arch/loongarch/mm/pageattr.c:211:16: error: redefinition of 'addr' with a different type: 'unsigned long' vs 'const void *'
211 | unsigned long addr = (unsigned long)addr;
| ^
arch/loongarch/mm/pageattr.c:209:48: note: previous definition is here
209 | int set_direct_map_invalid_noflush(const void *addr)
| ^
1 error generated.
vim +211 arch/loongarch/mm/pageattr.c
208
209 int set_direct_map_invalid_noflush(const void *addr)
210 {
> 211 unsigned long addr = (unsigned long)addr;
212
213 if ((unsigned long)addr < vm_map_base)
214 return 0;
215
216 return __set_memory((unsigned long)addr, 1, __pgprot(0),
217 __pgprot(_PAGE_PRESENT | _PAGE_VALID));
218 }
219
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH v10 02/15] set_memory: add folio_{zap,restore}_direct_map helpers
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
2026-01-26 16:46 ` [PATCH v10 01/15] set_memory: set_direct_map_* to take address Kalyazin, Nikita
@ 2026-01-26 16:47 ` Kalyazin, Nikita
2026-01-26 16:47 ` [PATCH v10 03/15] mm/gup: drop secretmem optimization from gup_fast_folio_allowed Kalyazin, Nikita
` (12 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:47 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Nikita Kalyazin <kalyazin@amazon.com>
These allow guest_memfd to remove its memory from the direct map.
Only implement them for architectures that have direct map.
In folio_zap_direct_map(), flush TLB on architectures where
set_direct_map_valid_noflush() does not flush it internally.
The new helpers need to be accessible to KVM on architectures that
support guest_memfd (x86 and arm64). Since arm64 does not support
building KVM as a module, only export them on x86.
Direct map removal gives guest_memfd the same protection that
memfd_secret does, such as hardening against Spectre-like attacks
through in-kernel gadgets.
Reviewed-by: Ackerley Tng <ackerleytng@google.com>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
arch/arm64/include/asm/set_memory.h | 2 ++
arch/arm64/mm/pageattr.c | 12 ++++++++++++
arch/loongarch/include/asm/set_memory.h | 2 ++
arch/loongarch/mm/pageattr.c | 12 ++++++++++++
arch/riscv/include/asm/set_memory.h | 2 ++
arch/riscv/mm/pageattr.c | 12 ++++++++++++
arch/s390/include/asm/set_memory.h | 2 ++
arch/s390/mm/pageattr.c | 12 ++++++++++++
arch/x86/include/asm/set_memory.h | 2 ++
arch/x86/mm/pat/set_memory.c | 20 ++++++++++++++++++++
include/linux/set_memory.h | 10 ++++++++++
11 files changed, 88 insertions(+)
diff --git a/arch/arm64/include/asm/set_memory.h b/arch/arm64/include/asm/set_memory.h
index c71a2a6812c4..49fd54f3c265 100644
--- a/arch/arm64/include/asm/set_memory.h
+++ b/arch/arm64/include/asm/set_memory.h
@@ -15,6 +15,8 @@ int set_direct_map_invalid_noflush(const void *addr);
int set_direct_map_default_noflush(const void *addr);
int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
bool valid);
+int folio_zap_direct_map(struct folio *folio);
+int folio_restore_direct_map(struct folio *folio);
bool kernel_page_present(struct page *page);
int set_memory_encrypted(unsigned long addr, int numpages);
diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c
index e2bdc3c1f992..0b88b0344499 100644
--- a/arch/arm64/mm/pageattr.c
+++ b/arch/arm64/mm/pageattr.c
@@ -356,6 +356,18 @@ int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
return set_memory_valid((unsigned long)addr, numpages, valid);
}
+int folio_zap_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), false);
+}
+
+int folio_restore_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), true);
+}
+
#ifdef CONFIG_DEBUG_PAGEALLOC
/*
* This is - apart from the return value - doing the same
diff --git a/arch/loongarch/include/asm/set_memory.h b/arch/loongarch/include/asm/set_memory.h
index 5e9b67b2fea1..1cdec6afe209 100644
--- a/arch/loongarch/include/asm/set_memory.h
+++ b/arch/loongarch/include/asm/set_memory.h
@@ -19,5 +19,7 @@ int set_direct_map_invalid_noflush(const void *addr);
int set_direct_map_default_noflush(const void *addr);
int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
bool valid);
+int folio_zap_direct_map(struct folio *folio);
+int folio_restore_direct_map(struct folio *folio);
#endif /* _ASM_LOONGARCH_SET_MEMORY_H */
diff --git a/arch/loongarch/mm/pageattr.c b/arch/loongarch/mm/pageattr.c
index c1b2be915038..be397fddc991 100644
--- a/arch/loongarch/mm/pageattr.c
+++ b/arch/loongarch/mm/pageattr.c
@@ -235,3 +235,15 @@ int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
return __set_memory((unsigned long)addr, 1, set, clear);
}
+
+int folio_zap_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), false);
+}
+
+int folio_restore_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), true);
+}
diff --git a/arch/riscv/include/asm/set_memory.h b/arch/riscv/include/asm/set_memory.h
index a87eabd7fc78..208755d9d45e 100644
--- a/arch/riscv/include/asm/set_memory.h
+++ b/arch/riscv/include/asm/set_memory.h
@@ -44,6 +44,8 @@ int set_direct_map_invalid_noflush(const void *addr);
int set_direct_map_default_noflush(const void *addr);
int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
bool valid);
+int folio_zap_direct_map(struct folio *folio);
+int folio_restore_direct_map(struct folio *folio);
bool kernel_page_present(struct page *page);
#endif /* __ASSEMBLER__ */
diff --git a/arch/riscv/mm/pageattr.c b/arch/riscv/mm/pageattr.c
index 0a457177a88c..9a8237658c48 100644
--- a/arch/riscv/mm/pageattr.c
+++ b/arch/riscv/mm/pageattr.c
@@ -402,6 +402,18 @@ int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
return __set_memory((unsigned long)addr, numpages, set, clear);
}
+int folio_zap_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), false);
+}
+
+int folio_restore_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), true);
+}
+
#ifdef CONFIG_DEBUG_PAGEALLOC
static int debug_pagealloc_set_page(pte_t *pte, unsigned long addr, void *data)
{
diff --git a/arch/s390/include/asm/set_memory.h b/arch/s390/include/asm/set_memory.h
index 3e43c3c96e67..a51ff50df3ca 100644
--- a/arch/s390/include/asm/set_memory.h
+++ b/arch/s390/include/asm/set_memory.h
@@ -64,6 +64,8 @@ int set_direct_map_invalid_noflush(const void *addr);
int set_direct_map_default_noflush(const void *addr);
int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
bool valid);
+int folio_zap_direct_map(struct folio *folio);
+int folio_restore_direct_map(struct folio *folio);
bool kernel_page_present(struct page *page);
#endif
diff --git a/arch/s390/mm/pageattr.c b/arch/s390/mm/pageattr.c
index e231757bb0e0..f739fee0e110 100644
--- a/arch/s390/mm/pageattr.c
+++ b/arch/s390/mm/pageattr.c
@@ -413,6 +413,18 @@ int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
return __set_memory((unsigned long)addr, numpages, flags);
}
+int folio_zap_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), false);
+}
+
+int folio_restore_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), true);
+}
+
bool kernel_page_present(struct page *page)
{
unsigned long addr;
diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
index f912191f0853..febbfbdc39df 100644
--- a/arch/x86/include/asm/set_memory.h
+++ b/arch/x86/include/asm/set_memory.h
@@ -91,6 +91,8 @@ int set_direct_map_invalid_noflush(const void *addr);
int set_direct_map_default_noflush(const void *addr);
int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
bool valid);
+int folio_zap_direct_map(struct folio *folio);
+int folio_restore_direct_map(struct folio *folio);
bool kernel_page_present(struct page *page);
extern int kernel_set_to_readonly;
diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c
index bc8e1c23175b..4a5a3124a92d 100644
--- a/arch/x86/mm/pat/set_memory.c
+++ b/arch/x86/mm/pat/set_memory.c
@@ -2657,6 +2657,26 @@ int set_direct_map_valid_noflush(const void *addr, unsigned long numpages,
return __set_pages_np(addr, numpages);
}
+int folio_zap_direct_map(struct folio *folio)
+{
+ const void *addr = folio_address(folio);
+ int ret;
+
+ ret = set_direct_map_valid_noflush(addr, folio_nr_pages(folio), false);
+ flush_tlb_kernel_range((unsigned long)addr,
+ (unsigned long)addr + folio_size(folio));
+
+ return ret;
+}
+EXPORT_SYMBOL_FOR_MODULES(folio_zap_direct_map, "kvm");
+
+int folio_restore_direct_map(struct folio *folio)
+{
+ return set_direct_map_valid_noflush(folio_address(folio),
+ folio_nr_pages(folio), true);
+}
+EXPORT_SYMBOL_FOR_MODULES(folio_restore_direct_map, "kvm");
+
#ifdef CONFIG_DEBUG_PAGEALLOC
void __kernel_map_pages(struct page *page, int numpages, int enable)
{
diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h
index 1a2563f525fc..e2e6485f88db 100644
--- a/include/linux/set_memory.h
+++ b/include/linux/set_memory.h
@@ -41,6 +41,16 @@ static inline int set_direct_map_valid_noflush(const void *addr,
return 0;
}
+static inline int folio_zap_direct_map(struct folio *folio)
+{
+ return 0;
+}
+
+static inline int folio_restore_direct_map(struct folio *folio)
+{
+ return 0;
+}
+
static inline bool kernel_page_present(struct page *page)
{
return true;
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 03/15] mm/gup: drop secretmem optimization from gup_fast_folio_allowed
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
2026-01-26 16:46 ` [PATCH v10 01/15] set_memory: set_direct_map_* to take address Kalyazin, Nikita
2026-01-26 16:47 ` [PATCH v10 02/15] set_memory: add folio_{zap,restore}_direct_map helpers Kalyazin, Nikita
@ 2026-01-26 16:47 ` Kalyazin, Nikita
2026-01-26 16:47 ` [PATCH v10 04/15] mm/gup: drop local variable in gup_fast_folio_allowed Kalyazin, Nikita
` (11 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:47 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
This drops an optimization in gup_fast_folio_allowed() where
secretmem_mapping() was only called if CONFIG_SECRETMEM=y. secretmem is
enabled by default since commit b758fe6df50d ("mm/secretmem: make it on
by default"), so the secretmem check did not actually end up elided in
most cases anymore anyway.
This is in preparation of the generalization of handling mappings where
direct map entries of folios are set to not present. Currently,
mappings that match this description are secretmem mappings
(memfd_secret()). Later, some guest_memfd configurations will also fall
into this category.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
mm/gup.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 95d948c8e86c..9cad53acbc99 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2739,7 +2739,6 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
{
bool reject_file_backed = false;
struct address_space *mapping;
- bool check_secretmem = false;
unsigned long mapping_flags;
/*
@@ -2751,14 +2750,6 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
reject_file_backed = true;
/* We hold a folio reference, so we can safely access folio fields. */
-
- /* secretmem folios are always order-0 folios. */
- if (IS_ENABLED(CONFIG_SECRETMEM) && !folio_test_large(folio))
- check_secretmem = true;
-
- if (!reject_file_backed && !check_secretmem)
- return true;
-
if (WARN_ON_ONCE(folio_test_slab(folio)))
return false;
@@ -2800,7 +2791,7 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
* At this point, we know the mapping is non-null and points to an
* address_space object.
*/
- if (check_secretmem && secretmem_mapping(mapping))
+ if (secretmem_mapping(mapping))
return false;
/* The only remaining allowed file system is shmem. */
return !reject_file_backed || shmem_mapping(mapping);
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 04/15] mm/gup: drop local variable in gup_fast_folio_allowed
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (2 preceding siblings ...)
2026-01-26 16:47 ` [PATCH v10 03/15] mm/gup: drop secretmem optimization from gup_fast_folio_allowed Kalyazin, Nikita
@ 2026-01-26 16:47 ` Kalyazin, Nikita
2026-01-26 16:47 ` [PATCH v10 05/15] mm: introduce AS_NO_DIRECT_MAP Kalyazin, Nikita
` (10 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:47 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Nikita Kalyazin <kalyazin@amazon.com>
Move the check for pinning closer to where the result is used.
No functional changes.
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
mm/gup.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/mm/gup.c b/mm/gup.c
index 9cad53acbc99..e72dacce3e34 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -2737,18 +2737,9 @@ EXPORT_SYMBOL(get_user_pages_unlocked);
*/
static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
{
- bool reject_file_backed = false;
struct address_space *mapping;
unsigned long mapping_flags;
- /*
- * If we aren't pinning then no problematic write can occur. A long term
- * pin is the most egregious case so this is the one we disallow.
- */
- if ((flags & (FOLL_PIN | FOLL_LONGTERM | FOLL_WRITE)) ==
- (FOLL_PIN | FOLL_LONGTERM | FOLL_WRITE))
- reject_file_backed = true;
-
/* We hold a folio reference, so we can safely access folio fields. */
if (WARN_ON_ONCE(folio_test_slab(folio)))
return false;
@@ -2793,8 +2784,14 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
*/
if (secretmem_mapping(mapping))
return false;
- /* The only remaining allowed file system is shmem. */
- return !reject_file_backed || shmem_mapping(mapping);
+
+ /*
+ * If we aren't pinning then no problematic write can occur. A long term
+ * pin is the most egregious case so this is the one we disallow.
+ * Also check the only remaining allowed file system - shmem.
+ */
+ return (flags & (FOLL_PIN | FOLL_LONGTERM | FOLL_WRITE)) !=
+ (FOLL_PIN | FOLL_LONGTERM | FOLL_WRITE) || shmem_mapping(mapping);
}
static void __maybe_unused gup_fast_undo_dev_pagemap(int *nr, int nr_start,
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 05/15] mm: introduce AS_NO_DIRECT_MAP
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (3 preceding siblings ...)
2026-01-26 16:47 ` [PATCH v10 04/15] mm/gup: drop local variable in gup_fast_folio_allowed Kalyazin, Nikita
@ 2026-01-26 16:47 ` Kalyazin, Nikita
2026-01-26 16:49 ` [PATCH v10 06/15] KVM: guest_memfd: Add stub for kvm_arch_gmem_invalidate Kalyazin, Nikita
` (9 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:47 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Add AS_NO_DIRECT_MAP for mappings where direct map entries of folios are
set to not present. Currently, mappings that match this description are
secretmem mappings (memfd_secret()). Later, some guest_memfd
configurations will also fall into this category.
Reject this new type of mappings in all locations that currently reject
secretmem mappings, on the assumption that if secretmem mappings are
rejected somewhere, it is precisely because of an inability to deal with
folios without direct map entries, and then make memfd_secret() use
AS_NO_DIRECT_MAP on its address_space to drop its special
vma_is_secretmem()/secretmem_mapping() checks.
Use a new flag instead of overloading AS_INACCESSIBLE (which is already
set by guest_memfd) because not all guest_memfd mappings will end up
being direct map removed (e.g. in pKVM setups, parts of guest_memfd that
can be mapped to userspace should also be GUP-able, and generally not
have restrictions on who can access it).
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Ackerley Tng <ackerleytng@google.com>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
include/linux/pagemap.h | 16 ++++++++++++++++
include/linux/secretmem.h | 18 ------------------
lib/buildid.c | 4 ++--
mm/gup.c | 9 ++++-----
mm/mlock.c | 2 +-
mm/secretmem.c | 8 ++------
6 files changed, 25 insertions(+), 32 deletions(-)
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
index 31a848485ad9..6ce7301d474a 100644
--- a/include/linux/pagemap.h
+++ b/include/linux/pagemap.h
@@ -210,6 +210,7 @@ enum mapping_flags {
AS_WRITEBACK_MAY_DEADLOCK_ON_RECLAIM = 9,
AS_KERNEL_FILE = 10, /* mapping for a fake kernel file that shouldn't
account usage to user cgroups */
+ AS_NO_DIRECT_MAP = 11, /* Folios in the mapping are not in the direct map */
/* Bits 16-25 are used for FOLIO_ORDER */
AS_FOLIO_ORDER_BITS = 5,
AS_FOLIO_ORDER_MIN = 16,
@@ -345,6 +346,21 @@ static inline bool mapping_writeback_may_deadlock_on_reclaim(const struct addres
return test_bit(AS_WRITEBACK_MAY_DEADLOCK_ON_RECLAIM, &mapping->flags);
}
+static inline void mapping_set_no_direct_map(struct address_space *mapping)
+{
+ set_bit(AS_NO_DIRECT_MAP, &mapping->flags);
+}
+
+static inline bool mapping_no_direct_map(const struct address_space *mapping)
+{
+ return test_bit(AS_NO_DIRECT_MAP, &mapping->flags);
+}
+
+static inline bool vma_has_no_direct_map(const struct vm_area_struct *vma)
+{
+ return vma->vm_file && mapping_no_direct_map(vma->vm_file->f_mapping);
+}
+
static inline gfp_t mapping_gfp_mask(const struct address_space *mapping)
{
return mapping->gfp_mask;
diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h
index e918f96881f5..0ae1fb057b3d 100644
--- a/include/linux/secretmem.h
+++ b/include/linux/secretmem.h
@@ -4,28 +4,10 @@
#ifdef CONFIG_SECRETMEM
-extern const struct address_space_operations secretmem_aops;
-
-static inline bool secretmem_mapping(struct address_space *mapping)
-{
- return mapping->a_ops == &secretmem_aops;
-}
-
-bool vma_is_secretmem(struct vm_area_struct *vma);
bool secretmem_active(void);
#else
-static inline bool vma_is_secretmem(struct vm_area_struct *vma)
-{
- return false;
-}
-
-static inline bool secretmem_mapping(struct address_space *mapping)
-{
- return false;
-}
-
static inline bool secretmem_active(void)
{
return false;
diff --git a/lib/buildid.c b/lib/buildid.c
index aaf61dfc0919..b78fe5797e9c 100644
--- a/lib/buildid.c
+++ b/lib/buildid.c
@@ -46,8 +46,8 @@ static int freader_get_folio(struct freader *r, loff_t file_off)
freader_put_folio(r);
- /* reject secretmem folios created with memfd_secret() */
- if (secretmem_mapping(r->file->f_mapping))
+ /* reject folios without direct map entries (e.g. from memfd_secret() or guest_memfd()) */
+ if (mapping_no_direct_map(r->file->f_mapping))
return -EFAULT;
r->folio = filemap_get_folio(r->file->f_mapping, file_off >> PAGE_SHIFT);
diff --git a/mm/gup.c b/mm/gup.c
index e72dacce3e34..3d73c00a36d5 100644
--- a/mm/gup.c
+++ b/mm/gup.c
@@ -11,7 +11,6 @@
#include <linux/rmap.h>
#include <linux/swap.h>
#include <linux/swapops.h>
-#include <linux/secretmem.h>
#include <linux/sched/signal.h>
#include <linux/rwsem.h>
@@ -1216,7 +1215,7 @@ static int check_vma_flags(struct vm_area_struct *vma, unsigned long gup_flags)
if ((gup_flags & FOLL_SPLIT_PMD) && is_vm_hugetlb_page(vma))
return -EOPNOTSUPP;
- if (vma_is_secretmem(vma))
+ if (vma_has_no_direct_map(vma))
return -EFAULT;
if (write) {
@@ -2724,7 +2723,7 @@ EXPORT_SYMBOL(get_user_pages_unlocked);
* This call assumes the caller has pinned the folio, that the lowest page table
* level still points to this folio, and that interrupts have been disabled.
*
- * GUP-fast must reject all secretmem folios.
+ * GUP-fast must reject all folios without direct map entries (such as secretmem).
*
* Writing to pinned file-backed dirty tracked folios is inherently problematic
* (see comment describing the writable_file_mapping_allowed() function). We
@@ -2744,7 +2743,7 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
if (WARN_ON_ONCE(folio_test_slab(folio)))
return false;
- /* hugetlb neither requires dirty-tracking nor can be secretmem. */
+ /* hugetlb neither requires dirty-tracking nor can be without direct map. */
if (folio_test_hugetlb(folio))
return true;
@@ -2782,7 +2781,7 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
* At this point, we know the mapping is non-null and points to an
* address_space object.
*/
- if (secretmem_mapping(mapping))
+ if (mapping_no_direct_map(mapping))
return false;
/*
diff --git a/mm/mlock.c b/mm/mlock.c
index 2f699c3497a5..a6f4b3df4f3f 100644
--- a/mm/mlock.c
+++ b/mm/mlock.c
@@ -474,7 +474,7 @@ static int mlock_fixup(struct vma_iterator *vmi, struct vm_area_struct *vma,
if (newflags == oldflags || (oldflags & VM_SPECIAL) ||
is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm) ||
- vma_is_dax(vma) || vma_is_secretmem(vma) || (oldflags & VM_DROPPABLE))
+ vma_is_dax(vma) || vma_has_no_direct_map(vma) || (oldflags & VM_DROPPABLE))
/* don't set VM_LOCKED or VM_LOCKONFAULT and don't count */
goto out;
diff --git a/mm/secretmem.c b/mm/secretmem.c
index 4453ae5dcdd4..bfbca0be55e6 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -134,11 +134,6 @@ static int secretmem_mmap_prepare(struct vm_area_desc *desc)
return 0;
}
-bool vma_is_secretmem(struct vm_area_struct *vma)
-{
- return vma->vm_ops == &secretmem_vm_ops;
-}
-
static const struct file_operations secretmem_fops = {
.release = secretmem_release,
.mmap_prepare = secretmem_mmap_prepare,
@@ -156,7 +151,7 @@ static void secretmem_free_folio(struct folio *folio)
folio_zero_segment(folio, 0, folio_size(folio));
}
-const struct address_space_operations secretmem_aops = {
+static const struct address_space_operations secretmem_aops = {
.dirty_folio = noop_dirty_folio,
.free_folio = secretmem_free_folio,
.migrate_folio = secretmem_migrate_folio,
@@ -205,6 +200,7 @@ static struct file *secretmem_file_create(unsigned long flags)
mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER);
mapping_set_unevictable(inode->i_mapping);
+ mapping_set_no_direct_map(inode->i_mapping);
inode->i_op = &secretmem_iops;
inode->i_mapping->a_ops = &secretmem_aops;
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 06/15] KVM: guest_memfd: Add stub for kvm_arch_gmem_invalidate
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (4 preceding siblings ...)
2026-01-26 16:47 ` [PATCH v10 05/15] mm: introduce AS_NO_DIRECT_MAP Kalyazin, Nikita
@ 2026-01-26 16:49 ` Kalyazin, Nikita
2026-01-26 16:50 ` [PATCH v10 07/15] KVM: x86: define kvm_arch_gmem_supports_no_direct_map() Kalyazin, Nikita
` (8 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:49 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Add a no-op stub for kvm_arch_gmem_invalidate if
CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE=n. This allows defining
kvm_gmem_free_folio without ifdef-ery, which allows more cleanly using
guest_memfd's free_folio callback for non-arch-invalidation related
code.
Acked-by: David Hildenbrand (Red Hat) <david@kernel.org>
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Ackerley Tng <ackerleytng@google.com>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
include/linux/kvm_host.h | 2 ++
virt/kvm/guest_memfd.c | 4 ----
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index d93f75b05ae2..27796a09d29b 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -2589,6 +2589,8 @@ long kvm_gmem_populate(struct kvm *kvm, gfn_t gfn, void __user *src, long npages
#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end);
+#else
+static inline void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end) { }
#endif
#ifdef CONFIG_KVM_GENERIC_PRE_FAULT_MEMORY
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index fdaea3422c30..92e7f8c1f303 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -527,7 +527,6 @@ static int kvm_gmem_error_folio(struct address_space *mapping, struct folio *fol
return MF_DELAYED;
}
-#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
static void kvm_gmem_free_folio(struct folio *folio)
{
struct page *page = folio_page(folio, 0);
@@ -536,15 +535,12 @@ static void kvm_gmem_free_folio(struct folio *folio)
kvm_arch_gmem_invalidate(pfn, pfn + (1ul << order));
}
-#endif
static const struct address_space_operations kvm_gmem_aops = {
.dirty_folio = noop_dirty_folio,
.migrate_folio = kvm_gmem_migrate_folio,
.error_remove_folio = kvm_gmem_error_folio,
-#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE
.free_folio = kvm_gmem_free_folio,
-#endif
};
static int kvm_gmem_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 07/15] KVM: x86: define kvm_arch_gmem_supports_no_direct_map()
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (5 preceding siblings ...)
2026-01-26 16:49 ` [PATCH v10 06/15] KVM: guest_memfd: Add stub for kvm_arch_gmem_invalidate Kalyazin, Nikita
@ 2026-01-26 16:50 ` Kalyazin, Nikita
2026-01-26 16:50 ` [PATCH v10 08/15] KVM: arm64: " Kalyazin, Nikita
` (7 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:50 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
x86 supports GUEST_MEMFD_FLAG_NO_DIRECT_MAP whenever direct map
modifications are possible (which is always the case).
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Reviewed-by: Ackerley Tng <ackerleytng@google.com>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
arch/x86/include/asm/kvm_host.h | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 5a3bfa293e8b..68bd29a52f24 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -28,6 +28,7 @@
#include <linux/sched/vhost_task.h>
#include <linux/call_once.h>
#include <linux/atomic.h>
+#include <linux/set_memory.h>
#include <asm/apic.h>
#include <asm/pvclock-abi.h>
@@ -2481,4 +2482,12 @@ static inline bool kvm_arch_has_irq_bypass(void)
return enable_device_posted_irqs;
}
+#ifdef CONFIG_KVM_GUEST_MEMFD
+static inline bool kvm_arch_gmem_supports_no_direct_map(void)
+{
+ return can_set_direct_map();
+}
+#define kvm_arch_gmem_supports_no_direct_map kvm_arch_gmem_supports_no_direct_map
+#endif /* CONFIG_KVM_GUEST_MEMFD */
+
#endif /* _ASM_X86_KVM_HOST_H */
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 08/15] KVM: arm64: define kvm_arch_gmem_supports_no_direct_map()
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (6 preceding siblings ...)
2026-01-26 16:50 ` [PATCH v10 07/15] KVM: x86: define kvm_arch_gmem_supports_no_direct_map() Kalyazin, Nikita
@ 2026-01-26 16:50 ` Kalyazin, Nikita
2026-01-26 16:50 ` [PATCH v10 09/15] KVM: guest_memfd: Add flag to remove from direct map Kalyazin, Nikita
` (6 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:50 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Support for GUEST_MEMFD_FLAG_NO_DIRECT_MAP on arm64 depends on 1) direct
map manipulations at 4k granularity being possible, and 2) FEAT_S2FWB.
1) is met whenever the direct map is set up at 4k granularity (e.g. not
with huge/gigantic pages) at boottime, as due to ARM's
break-before-make semantics, breaking huge mappings into 4k mappings in
the direct map is not possible (BBM would require temporary invalidation
of the entire huge mapping, even if only a 4k subrange should be zapped,
which will probably crash the kernel). However, the current default for
rodata_full is true, which forces a 4k direct map.
2) is required to allow KVM to elide cache coherency operations when
installing stage 2 page tables, which require the direct map to be
entry for the newly mapped memory to be present (which it will not be,
as guest_memfd would have removed direct map entries in
kvm_gmem_get_pfn()).
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
arch/arm64/include/asm/kvm_host.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
index ac7f970c7883..d431ca7d4fc9 100644
--- a/arch/arm64/include/asm/kvm_host.h
+++ b/arch/arm64/include/asm/kvm_host.h
@@ -19,6 +19,7 @@
#include <linux/maple_tree.h>
#include <linux/percpu.h>
#include <linux/psci.h>
+#include <linux/set_memory.h>
#include <asm/arch_gicv3.h>
#include <asm/barrier.h>
#include <asm/cpufeature.h>
@@ -1654,5 +1655,17 @@ static __always_inline enum fgt_group_id __fgt_reg_to_group_id(enum vcpu_sysreg
\
p; \
})
+#ifdef CONFIG_KVM_GUEST_MEMFD
+static inline bool kvm_arch_gmem_supports_no_direct_map(void)
+{
+ /*
+ * Without FWB, direct map access is needed in kvm_pgtable_stage2_map(),
+ * as it calls dcache_clean_inval_poc().
+ */
+ return can_set_direct_map() && cpus_have_final_cap(ARM64_HAS_STAGE2_FWB);
+}
+#define kvm_arch_gmem_supports_no_direct_map kvm_arch_gmem_supports_no_direct_map
+#endif /* CONFIG_KVM_GUEST_MEMFD */
+
#endif /* __ARM64_KVM_HOST_H__ */
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 09/15] KVM: guest_memfd: Add flag to remove from direct map
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (7 preceding siblings ...)
2026-01-26 16:50 ` [PATCH v10 08/15] KVM: arm64: " Kalyazin, Nikita
@ 2026-01-26 16:50 ` Kalyazin, Nikita
2026-01-26 16:50 ` [PATCH v10 10/15] KVM: selftests: load elf via bounce buffer Kalyazin, Nikita
` (5 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:50 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Add GUEST_MEMFD_FLAG_NO_DIRECT_MAP flag for KVM_CREATE_GUEST_MEMFD()
ioctl. When set, guest_memfd folios will be removed from the direct map
after preparation, with direct map entries only restored when the folios
are freed.
To ensure these folios do not end up in places where the kernel cannot
deal with them, set AS_NO_DIRECT_MAP on the guest_memfd's struct
address_space if GUEST_MEMFD_FLAG_NO_DIRECT_MAP is requested.
Note that this flag causes removal of direct map entries for all
guest_memfd folios independent of whether they are "shared" or "private"
(although current guest_memfd only supports either all folios in the
"shared" state, or all folios in the "private" state if
GUEST_MEMFD_FLAG_MMAP is not set). The usecase for removing direct map
entries of also the shared parts of guest_memfd are a special type of
non-CoCo VM where, host userspace is trusted to have access to all of
guest memory, but where Spectre-style transient execution attacks
through the host kernel's direct map should still be mitigated. In this
setup, KVM retains access to guest memory via userspace mappings of
guest_memfd, which are reflected back into KVM's memslots via
userspace_addr. This is needed for things like MMIO emulation on x86_64
to work.
Direct map entries are zapped right before guest or userspace mappings
of gmem folios are set up, e.g. in kvm_gmem_fault_user_mapping() or
kvm_gmem_get_pfn() [called from the KVM MMU code]. The only place where
a gmem folio can be allocated without being mapped anywhere is
kvm_gmem_populate(), where handling potential failures of direct map
removal is not possible (by the time direct map removal is attempted,
the folio is already marked as prepared, meaning attempting to re-try
kvm_gmem_populate() would just result in -EEXIST without fixing up the
direct map state). These folios are then removed form the direct map
upon kvm_gmem_get_pfn(), e.g. when they are mapped into the guest later.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
Documentation/virt/kvm/api.rst | 21 +++++----
arch/x86/include/asm/kvm_host.h | 5 +--
arch/x86/kvm/x86.c | 5 +++
include/linux/kvm_host.h | 12 +++++
include/uapi/linux/kvm.h | 1 +
virt/kvm/guest_memfd.c | 80 ++++++++++++++++++++++++++++++---
6 files changed, 106 insertions(+), 18 deletions(-)
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 01a3abef8abb..c5ee43904bca 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -6440,15 +6440,18 @@ a single guest_memfd file, but the bound ranges must not overlap).
The capability KVM_CAP_GUEST_MEMFD_FLAGS enumerates the `flags` that can be
specified via KVM_CREATE_GUEST_MEMFD. Currently defined flags:
- ============================ ================================================
- GUEST_MEMFD_FLAG_MMAP Enable using mmap() on the guest_memfd file
- descriptor.
- GUEST_MEMFD_FLAG_INIT_SHARED Make all memory in the file shared during
- KVM_CREATE_GUEST_MEMFD (memory files created
- without INIT_SHARED will be marked private).
- Shared memory can be faulted into host userspace
- page tables. Private memory cannot.
- ============================ ================================================
+ ============================== ================================================
+ GUEST_MEMFD_FLAG_MMAP Enable using mmap() on the guest_memfd file
+ descriptor.
+ GUEST_MEMFD_FLAG_INIT_SHARED Make all memory in the file shared during
+ KVM_CREATE_GUEST_MEMFD (memory files created
+ without INIT_SHARED will be marked private).
+ Shared memory can be faulted into host userspace
+ page tables. Private memory cannot.
+ GUEST_MEMFD_FLAG_NO_DIRECT_MAP The guest_memfd instance will unmap the memory
+ backing it from the kernel's address space
+ before passing it off to userspace or the guest.
+ ============================== ================================================
When the KVM MMU performs a PFN lookup to service a guest fault and the backing
guest_memfd has the GUEST_MEMFD_FLAG_MMAP set, then the fault will always be
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
index 68bd29a52f24..6de1c3a6344f 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -2483,10 +2483,7 @@ static inline bool kvm_arch_has_irq_bypass(void)
}
#ifdef CONFIG_KVM_GUEST_MEMFD
-static inline bool kvm_arch_gmem_supports_no_direct_map(void)
-{
- return can_set_direct_map();
-}
+bool kvm_arch_gmem_supports_no_direct_map(struct kvm *kvm);
#define kvm_arch_gmem_supports_no_direct_map kvm_arch_gmem_supports_no_direct_map
#endif /* CONFIG_KVM_GUEST_MEMFD */
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index ff8812f3a129..13b3576ffb9a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -14007,6 +14007,11 @@ void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end)
kvm_x86_call(gmem_invalidate)(start, end);
}
#endif
+
+bool kvm_arch_gmem_supports_no_direct_map(struct kvm *kvm)
+{
+ return can_set_direct_map() && kvm->arch.vm_type != KVM_X86_TDX_VM;
+}
#endif
int kvm_spec_ctrl_test_value(u64 value)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 27796a09d29b..febc6b9ea714 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -738,10 +738,22 @@ static inline u64 kvm_gmem_get_supported_flags(struct kvm *kvm)
if (!kvm || kvm_arch_supports_gmem_init_shared(kvm))
flags |= GUEST_MEMFD_FLAG_INIT_SHARED;
+ if (!kvm || kvm_arch_gmem_supports_no_direct_map(kvm))
+ flags |= GUEST_MEMFD_FLAG_NO_DIRECT_MAP;
+
return flags;
}
#endif
+#ifdef CONFIG_KVM_GUEST_MEMFD
+#ifndef kvm_arch_gmem_supports_no_direct_map
+static inline bool kvm_arch_gmem_supports_no_direct_map(struct kvm *kvm)
+{
+ return false;
+}
+#endif
+#endif /* CONFIG_KVM_GUEST_MEMFD */
+
#ifndef kvm_arch_has_readonly_mem
static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm)
{
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index dddb781b0507..60341e1ba1be 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -1612,6 +1612,7 @@ struct kvm_memory_attributes {
#define KVM_CREATE_GUEST_MEMFD _IOWR(KVMIO, 0xd4, struct kvm_create_guest_memfd)
#define GUEST_MEMFD_FLAG_MMAP (1ULL << 0)
#define GUEST_MEMFD_FLAG_INIT_SHARED (1ULL << 1)
+#define GUEST_MEMFD_FLAG_NO_DIRECT_MAP (1ULL << 2)
struct kvm_create_guest_memfd {
__u64 size;
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 92e7f8c1f303..168338287db6 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -7,6 +7,9 @@
#include <linux/mempolicy.h>
#include <linux/pseudo_fs.h>
#include <linux/pagemap.h>
+#include <linux/set_memory.h>
+
+#include <asm/tlbflush.h>
#include "kvm_mm.h"
@@ -76,6 +79,43 @@ static int __kvm_gmem_prepare_folio(struct kvm *kvm, struct kvm_memory_slot *slo
return 0;
}
+#define KVM_GMEM_FOLIO_NO_DIRECT_MAP BIT(0)
+
+static bool kvm_gmem_folio_no_direct_map(struct folio *folio)
+{
+ return ((u64)folio->private) & KVM_GMEM_FOLIO_NO_DIRECT_MAP;
+}
+
+static int kvm_gmem_folio_zap_direct_map(struct folio *folio)
+{
+ u64 gmem_flags = GMEM_I(folio_inode(folio))->flags;
+ int r = 0;
+
+ if (kvm_gmem_folio_no_direct_map(folio) || !(gmem_flags & GUEST_MEMFD_FLAG_NO_DIRECT_MAP))
+ goto out;
+
+ folio->private = (void *)((u64)folio->private | KVM_GMEM_FOLIO_NO_DIRECT_MAP);
+ r = folio_zap_direct_map(folio);
+
+out:
+ return r;
+}
+
+static void kvm_gmem_folio_restore_direct_map(struct folio *folio)
+{
+ /*
+ * Direct map restoration cannot fail, as the only error condition
+ * for direct map manipulation is failure to allocate page tables
+ * when splitting huge pages, but this split would have already
+ * happened in folio_zap_direct_map() in kvm_gmem_folio_zap_direct_map().
+ * Note that the splitting occurs always because guest_memfd
+ * currently supports only base pages.
+ * Thus folio_restore_direct_map() here only updates prot bits.
+ */
+ WARN_ON_ONCE(folio_restore_direct_map(folio));
+ folio->private = (void *)((u64)folio->private & ~KVM_GMEM_FOLIO_NO_DIRECT_MAP);
+}
+
static inline void kvm_gmem_mark_prepared(struct folio *folio)
{
folio_mark_uptodate(folio);
@@ -393,11 +433,17 @@ static bool kvm_gmem_supports_mmap(struct inode *inode)
return GMEM_I(inode)->flags & GUEST_MEMFD_FLAG_MMAP;
}
+static bool kvm_gmem_no_direct_map(struct inode *inode)
+{
+ return GMEM_I(inode)->flags & GUEST_MEMFD_FLAG_NO_DIRECT_MAP;
+}
+
static vm_fault_t kvm_gmem_fault_user_mapping(struct vm_fault *vmf)
{
struct inode *inode = file_inode(vmf->vma->vm_file);
struct folio *folio;
vm_fault_t ret = VM_FAULT_LOCKED;
+ int err;
if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode))
return VM_FAULT_SIGBUS;
@@ -423,6 +469,14 @@ static vm_fault_t kvm_gmem_fault_user_mapping(struct vm_fault *vmf)
kvm_gmem_mark_prepared(folio);
}
+ if (kvm_gmem_no_direct_map(folio_inode(folio))) {
+ err = kvm_gmem_folio_zap_direct_map(folio);
+ if (err) {
+ ret = vmf_error(err);
+ goto out_folio;
+ }
+ }
+
vmf->page = folio_file_page(folio, vmf->pgoff);
out_folio:
@@ -533,6 +587,9 @@ static void kvm_gmem_free_folio(struct folio *folio)
kvm_pfn_t pfn = page_to_pfn(page);
int order = folio_order(folio);
+ if (kvm_gmem_folio_no_direct_map(folio))
+ kvm_gmem_folio_restore_direct_map(folio);
+
kvm_arch_gmem_invalidate(pfn, pfn + (1ul << order));
}
@@ -596,6 +653,9 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
/* Unmovable mappings are supposed to be marked unevictable as well. */
WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping));
+ if (flags & GUEST_MEMFD_FLAG_NO_DIRECT_MAP)
+ mapping_set_no_direct_map(inode->i_mapping);
+
GMEM_I(inode)->flags = flags;
file = alloc_file_pseudo(inode, kvm_gmem_mnt, name, O_RDWR, &kvm_gmem_fops);
@@ -804,15 +864,25 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot,
if (IS_ERR(folio))
return PTR_ERR(folio);
- if (!is_prepared)
+ if (!is_prepared) {
r = kvm_gmem_prepare_folio(kvm, slot, gfn, folio);
+ if (r)
+ goto out_unlock;
+ }
+
+ if (kvm_gmem_no_direct_map(folio_inode(folio))) {
+ r = kvm_gmem_folio_zap_direct_map(folio);
+ if (r)
+ goto out_unlock;
+ }
+ *page = folio_file_page(folio, index);
folio_unlock(folio);
+ return 0;
- if (!r)
- *page = folio_file_page(folio, index);
- else
- folio_put(folio);
+out_unlock:
+ folio_unlock(folio);
+ folio_put(folio);
return r;
}
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 10/15] KVM: selftests: load elf via bounce buffer
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (8 preceding siblings ...)
2026-01-26 16:50 ` [PATCH v10 09/15] KVM: guest_memfd: Add flag to remove from direct map Kalyazin, Nikita
@ 2026-01-26 16:50 ` Kalyazin, Nikita
2026-01-26 16:50 ` [PATCH v10 11/15] KVM: selftests: set KVM_MEM_GUEST_MEMFD in vm_mem_add() if guest_memfd != -1 Kalyazin, Nikita
` (4 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:50 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
If guest memory is backed using a VMA that does not allow GUP (e.g. a
userspace mapping of guest_memfd when the fd was allocated using
GUEST_MEMFD_FLAG_NO_DIRECT_MAP), then directly loading the test ELF
binary into it via read(2) potentially does not work. To nevertheless
support loading binaries in this cases, do the read(2) syscall using a
bounce buffer, and then memcpy from the bounce buffer into guest memory.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
.../testing/selftests/kvm/include/test_util.h | 1 +
tools/testing/selftests/kvm/lib/elf.c | 8 +++----
tools/testing/selftests/kvm/lib/io.c | 23 +++++++++++++++++++
3 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/kvm/include/test_util.h b/tools/testing/selftests/kvm/include/test_util.h
index b4872ba8ed12..8140e59b59e5 100644
--- a/tools/testing/selftests/kvm/include/test_util.h
+++ b/tools/testing/selftests/kvm/include/test_util.h
@@ -48,6 +48,7 @@ do { \
ssize_t test_write(int fd, const void *buf, size_t count);
ssize_t test_read(int fd, void *buf, size_t count);
+ssize_t test_read_bounce(int fd, void *buf, size_t count);
int test_seq_read(const char *path, char **bufp, size_t *sizep);
void __printf(5, 6) test_assert(bool exp, const char *exp_str,
diff --git a/tools/testing/selftests/kvm/lib/elf.c b/tools/testing/selftests/kvm/lib/elf.c
index f34d926d9735..e829fbe0a11e 100644
--- a/tools/testing/selftests/kvm/lib/elf.c
+++ b/tools/testing/selftests/kvm/lib/elf.c
@@ -31,7 +31,7 @@ static void elfhdr_get(const char *filename, Elf64_Ehdr *hdrp)
* the real size of the ELF header.
*/
unsigned char ident[EI_NIDENT];
- test_read(fd, ident, sizeof(ident));
+ test_read_bounce(fd, ident, sizeof(ident));
TEST_ASSERT((ident[EI_MAG0] == ELFMAG0) && (ident[EI_MAG1] == ELFMAG1)
&& (ident[EI_MAG2] == ELFMAG2) && (ident[EI_MAG3] == ELFMAG3),
"ELF MAGIC Mismatch,\n"
@@ -79,7 +79,7 @@ static void elfhdr_get(const char *filename, Elf64_Ehdr *hdrp)
offset_rv = lseek(fd, 0, SEEK_SET);
TEST_ASSERT(offset_rv == 0, "Seek to ELF header failed,\n"
" rv: %zi expected: %i", offset_rv, 0);
- test_read(fd, hdrp, sizeof(*hdrp));
+ test_read_bounce(fd, hdrp, sizeof(*hdrp));
TEST_ASSERT(hdrp->e_phentsize == sizeof(Elf64_Phdr),
"Unexpected physical header size,\n"
" hdrp->e_phentsize: %x\n"
@@ -146,7 +146,7 @@ void kvm_vm_elf_load(struct kvm_vm *vm, const char *filename)
/* Read in the program header. */
Elf64_Phdr phdr;
- test_read(fd, &phdr, sizeof(phdr));
+ test_read_bounce(fd, &phdr, sizeof(phdr));
/* Skip if this header doesn't describe a loadable segment. */
if (phdr.p_type != PT_LOAD)
@@ -187,7 +187,7 @@ void kvm_vm_elf_load(struct kvm_vm *vm, const char *filename)
" expected: 0x%jx",
n1, errno, (intmax_t) offset_rv,
(intmax_t) phdr.p_offset);
- test_read(fd, addr_gva2hva(vm, phdr.p_vaddr),
+ test_read_bounce(fd, addr_gva2hva(vm, phdr.p_vaddr),
phdr.p_filesz);
}
}
diff --git a/tools/testing/selftests/kvm/lib/io.c b/tools/testing/selftests/kvm/lib/io.c
index fedb2a741f0b..74419becc8bc 100644
--- a/tools/testing/selftests/kvm/lib/io.c
+++ b/tools/testing/selftests/kvm/lib/io.c
@@ -155,3 +155,26 @@ ssize_t test_read(int fd, void *buf, size_t count)
return num_read;
}
+
+/* Test read via intermediary buffer
+ *
+ * Same as test_read, except read(2)s happen into a bounce buffer that is memcpy'd
+ * to buf. For use with buffers that cannot be GUP'd (e.g. guest_memfd VMAs if
+ * guest_memfd was created with GUEST_MEMFD_FLAG_NO_DIRECT_MAP).
+ */
+ssize_t test_read_bounce(int fd, void *buf, size_t count)
+{
+ void *bounce_buffer;
+ ssize_t num_read;
+
+ TEST_ASSERT(count >= 0, "Unexpected count, count: %li", count);
+
+ bounce_buffer = malloc(count);
+ TEST_ASSERT(bounce_buffer != NULL, "Failed to allocate bounce buffer");
+
+ num_read = test_read(fd, bounce_buffer, count);
+ memcpy(buf, bounce_buffer, num_read);
+ free(bounce_buffer);
+
+ return num_read;
+}
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 11/15] KVM: selftests: set KVM_MEM_GUEST_MEMFD in vm_mem_add() if guest_memfd != -1
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (9 preceding siblings ...)
2026-01-26 16:50 ` [PATCH v10 10/15] KVM: selftests: load elf via bounce buffer Kalyazin, Nikita
@ 2026-01-26 16:50 ` Kalyazin, Nikita
2026-01-26 16:53 ` [PATCH v10 12/15] KVM: selftests: Add guest_memfd based vm_mem_backing_src_types Kalyazin, Nikita
` (3 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:50 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Have vm_mem_add() always set KVM_MEM_GUEST_MEMFD in the memslot flags if
a guest_memfd is passed in as an argument. This eliminates the
possibility where a guest_memfd instance is passed to vm_mem_add(), but
it ends up being ignored because the flags argument does not specify
KVM_MEM_GUEST_MEMFD at the same time.
This makes it easy to support more scenarios in which no vm_mem_add() is
not passed a guest_memfd instance, but is expected to allocate one.
Currently, this only happens if guest_memfd == -1 but flags &
KVM_MEM_GUEST_MEMFD != 0, but later vm_mem_add() will gain support for
loading the test code itself into guest_memfd (via
GUEST_MEMFD_FLAG_MMAP) if requested via a special
vm_mem_backing_src_type, at which point having to make sure the src_type
and flags are in-sync becomes cumbersome.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
tools/testing/selftests/kvm/lib/kvm_util.c | 24 +++++++++++++---------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
index 8279b6ced8d2..0a2999d8ef47 100644
--- a/tools/testing/selftests/kvm/lib/kvm_util.c
+++ b/tools/testing/selftests/kvm/lib/kvm_util.c
@@ -1057,21 +1057,25 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type,
region->backing_src_type = src_type;
- if (flags & KVM_MEM_GUEST_MEMFD) {
- if (guest_memfd < 0) {
+ if (guest_memfd < 0) {
+ if (flags & KVM_MEM_GUEST_MEMFD) {
uint32_t guest_memfd_flags = 0;
TEST_ASSERT(!guest_memfd_offset,
"Offset must be zero when creating new guest_memfd");
guest_memfd = vm_create_guest_memfd(vm, mem_size, guest_memfd_flags);
- } else {
- /*
- * Install a unique fd for each memslot so that the fd
- * can be closed when the region is deleted without
- * needing to track if the fd is owned by the framework
- * or by the caller.
- */
- guest_memfd = kvm_dup(guest_memfd);
}
+ } else {
+ /*
+ * Install a unique fd for each memslot so that the fd
+ * can be closed when the region is deleted without
+ * needing to track if the fd is owned by the framework
+ * or by the caller.
+ */
+ guest_memfd = kvm_dup(guest_memfd);
+ }
+
+ if (guest_memfd >= 0) {
+ flags |= KVM_MEM_GUEST_MEMFD;
region->region.guest_memfd = guest_memfd;
region->region.guest_memfd_offset = guest_memfd_offset;
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 12/15] KVM: selftests: Add guest_memfd based vm_mem_backing_src_types
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (10 preceding siblings ...)
2026-01-26 16:50 ` [PATCH v10 11/15] KVM: selftests: set KVM_MEM_GUEST_MEMFD in vm_mem_add() if guest_memfd != -1 Kalyazin, Nikita
@ 2026-01-26 16:53 ` Kalyazin, Nikita
2026-01-26 16:53 ` [PATCH v10 13/15] KVM: selftests: cover GUEST_MEMFD_FLAG_NO_DIRECT_MAP in existing selftests Kalyazin, Nikita
` (2 subsequent siblings)
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:53 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Allow selftests to configure their memslots such that userspace_addr is
set to a MAP_SHARED mapping of the guest_memfd that's associated with
the memslot. This setup is the configuration for non-CoCo VMs, where all
guest memory is backed by a guest_memfd whose folios are all marked
shared, but KVM is still able to access guest memory to provide
functionality such as MMIO emulation on x86.
Add backing types for normal guest_memfd, as well as direct map removed
guest_memfd.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
.../testing/selftests/kvm/include/kvm_util.h | 18 ++++++
.../testing/selftests/kvm/include/test_util.h | 7 +++
tools/testing/selftests/kvm/lib/kvm_util.c | 61 ++++++++++---------
tools/testing/selftests/kvm/lib/test_util.c | 8 +++
4 files changed, 65 insertions(+), 29 deletions(-)
diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h
index 81f4355ff28a..6689b43810c1 100644
--- a/tools/testing/selftests/kvm/include/kvm_util.h
+++ b/tools/testing/selftests/kvm/include/kvm_util.h
@@ -641,6 +641,24 @@ static inline bool is_smt_on(void)
void vm_create_irqchip(struct kvm_vm *vm);
+static inline uint32_t backing_src_guest_memfd_flags(enum vm_mem_backing_src_type t)
+{
+ uint32_t flags = 0;
+
+ switch (t) {
+ case VM_MEM_SRC_GUEST_MEMFD_NO_DIRECT_MAP:
+ flags |= GUEST_MEMFD_FLAG_NO_DIRECT_MAP;
+ fallthrough;
+ case VM_MEM_SRC_GUEST_MEMFD:
+ flags |= GUEST_MEMFD_FLAG_MMAP | GUEST_MEMFD_FLAG_INIT_SHARED;
+ break;
+ default:
+ break;
+ }
+
+ return flags;
+}
+
static inline int __vm_create_guest_memfd(struct kvm_vm *vm, uint64_t size,
uint64_t flags)
{
diff --git a/tools/testing/selftests/kvm/include/test_util.h b/tools/testing/selftests/kvm/include/test_util.h
index 8140e59b59e5..ea6de20ce8ef 100644
--- a/tools/testing/selftests/kvm/include/test_util.h
+++ b/tools/testing/selftests/kvm/include/test_util.h
@@ -152,6 +152,8 @@ enum vm_mem_backing_src_type {
VM_MEM_SRC_ANONYMOUS_HUGETLB_16GB,
VM_MEM_SRC_SHMEM,
VM_MEM_SRC_SHARED_HUGETLB,
+ VM_MEM_SRC_GUEST_MEMFD,
+ VM_MEM_SRC_GUEST_MEMFD_NO_DIRECT_MAP,
NUM_SRC_TYPES,
};
@@ -184,6 +186,11 @@ static inline bool backing_src_is_shared(enum vm_mem_backing_src_type t)
return vm_mem_backing_src_alias(t)->flag & MAP_SHARED;
}
+static inline bool backing_src_is_guest_memfd(enum vm_mem_backing_src_type t)
+{
+ return t == VM_MEM_SRC_GUEST_MEMFD || t == VM_MEM_SRC_GUEST_MEMFD_NO_DIRECT_MAP;
+}
+
static inline bool backing_src_can_be_huge(enum vm_mem_backing_src_type t)
{
return t != VM_MEM_SRC_ANONYMOUS && t != VM_MEM_SRC_SHMEM;
diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
index 0a2999d8ef47..28ee51253909 100644
--- a/tools/testing/selftests/kvm/lib/kvm_util.c
+++ b/tools/testing/selftests/kvm/lib/kvm_util.c
@@ -1013,6 +1013,33 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type,
alignment = 1;
#endif
+ if (guest_memfd < 0) {
+ if ((flags & KVM_MEM_GUEST_MEMFD) || backing_src_is_guest_memfd(src_type)) {
+ uint32_t guest_memfd_flags = backing_src_guest_memfd_flags(src_type);
+
+ TEST_ASSERT(!guest_memfd_offset,
+ "Offset must be zero when creating new guest_memfd");
+ guest_memfd = vm_create_guest_memfd(vm, mem_size, guest_memfd_flags);
+ }
+ } else {
+ /*
+ * Install a unique fd for each memslot so that the fd
+ * can be closed when the region is deleted without
+ * needing to track if the fd is owned by the framework
+ * or by the caller.
+ */
+ guest_memfd = kvm_dup(guest_memfd);
+ }
+
+ if (guest_memfd > 0) {
+ flags |= KVM_MEM_GUEST_MEMFD;
+
+ region->region.guest_memfd = guest_memfd;
+ region->region.guest_memfd_offset = guest_memfd_offset;
+ } else {
+ region->region.guest_memfd = -1;
+ }
+
/*
* When using THP mmap is not guaranteed to returned a hugepage aligned
* address so we have to pad the mmap. Padding is not needed for HugeTLB
@@ -1028,10 +1055,13 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type,
if (alignment > 1)
region->mmap_size += alignment;
- region->fd = -1;
- if (backing_src_is_shared(src_type))
+ if (backing_src_is_guest_memfd(src_type))
+ region->fd = guest_memfd;
+ else if (backing_src_is_shared(src_type))
region->fd = kvm_memfd_alloc(region->mmap_size,
src_type == VM_MEM_SRC_SHARED_HUGETLB);
+ else
+ region->fd = -1;
region->mmap_start = kvm_mmap(region->mmap_size, PROT_READ | PROT_WRITE,
vm_mem_backing_src_alias(src_type)->flag,
@@ -1056,33 +1086,6 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type,
}
region->backing_src_type = src_type;
-
- if (guest_memfd < 0) {
- if (flags & KVM_MEM_GUEST_MEMFD) {
- uint32_t guest_memfd_flags = 0;
- TEST_ASSERT(!guest_memfd_offset,
- "Offset must be zero when creating new guest_memfd");
- guest_memfd = vm_create_guest_memfd(vm, mem_size, guest_memfd_flags);
- }
- } else {
- /*
- * Install a unique fd for each memslot so that the fd
- * can be closed when the region is deleted without
- * needing to track if the fd is owned by the framework
- * or by the caller.
- */
- guest_memfd = kvm_dup(guest_memfd);
- }
-
- if (guest_memfd >= 0) {
- flags |= KVM_MEM_GUEST_MEMFD;
-
- region->region.guest_memfd = guest_memfd;
- region->region.guest_memfd_offset = guest_memfd_offset;
- } else {
- region->region.guest_memfd = -1;
- }
-
region->unused_phy_pages = sparsebit_alloc();
if (vm_arch_has_protected_memory(vm))
region->protected_phy_pages = sparsebit_alloc();
diff --git a/tools/testing/selftests/kvm/lib/test_util.c b/tools/testing/selftests/kvm/lib/test_util.c
index 8a1848586a85..ce9fe0271515 100644
--- a/tools/testing/selftests/kvm/lib/test_util.c
+++ b/tools/testing/selftests/kvm/lib/test_util.c
@@ -306,6 +306,14 @@ const struct vm_mem_backing_src_alias *vm_mem_backing_src_alias(uint32_t i)
*/
.flag = MAP_SHARED,
},
+ [VM_MEM_SRC_GUEST_MEMFD] = {
+ .name = "guest_memfd",
+ .flag = MAP_SHARED,
+ },
+ [VM_MEM_SRC_GUEST_MEMFD_NO_DIRECT_MAP] = {
+ .name = "guest_memfd_no_direct_map",
+ .flag = MAP_SHARED,
+ }
};
_Static_assert(ARRAY_SIZE(aliases) == NUM_SRC_TYPES,
"Missing new backing src types?");
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 13/15] KVM: selftests: cover GUEST_MEMFD_FLAG_NO_DIRECT_MAP in existing selftests
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (11 preceding siblings ...)
2026-01-26 16:53 ` [PATCH v10 12/15] KVM: selftests: Add guest_memfd based vm_mem_backing_src_types Kalyazin, Nikita
@ 2026-01-26 16:53 ` Kalyazin, Nikita
2026-01-26 16:53 ` [PATCH v10 14/15] KVM: selftests: stuff vm_mem_backing_src_type into vm_shape Kalyazin, Nikita
2026-01-26 16:53 ` [PATCH v10 15/15] KVM: selftests: Test guest execution from direct map removed gmem Kalyazin, Nikita
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:53 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Extend mem conversion selftests to cover the scenario that the guest can
fault in and write gmem-backed guest memory even if its direct map
removed. Also cover the new flag in guest_memfd_test.c tests.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
tools/testing/selftests/kvm/guest_memfd_test.c | 17 ++++++++++++++++-
.../kvm/x86/private_mem_conversions_test.c | 7 ++++---
2 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/kvm/guest_memfd_test.c b/tools/testing/selftests/kvm/guest_memfd_test.c
index 618c937f3c90..9615018a1a67 100644
--- a/tools/testing/selftests/kvm/guest_memfd_test.c
+++ b/tools/testing/selftests/kvm/guest_memfd_test.c
@@ -403,6 +403,17 @@ static void test_guest_memfd(unsigned long vm_type)
__test_guest_memfd(vm, GUEST_MEMFD_FLAG_MMAP |
GUEST_MEMFD_FLAG_INIT_SHARED);
+ if (flags & GUEST_MEMFD_FLAG_NO_DIRECT_MAP) {
+ __test_guest_memfd(vm, GUEST_MEMFD_FLAG_NO_DIRECT_MAP);
+ if (flags & GUEST_MEMFD_FLAG_MMAP)
+ __test_guest_memfd(vm, GUEST_MEMFD_FLAG_NO_DIRECT_MAP |
+ GUEST_MEMFD_FLAG_MMAP);
+ if (flags & GUEST_MEMFD_FLAG_INIT_SHARED)
+ __test_guest_memfd(vm, GUEST_MEMFD_FLAG_NO_DIRECT_MAP |
+ GUEST_MEMFD_FLAG_MMAP |
+ GUEST_MEMFD_FLAG_INIT_SHARED);
+ }
+
kvm_vm_free(vm);
}
@@ -445,10 +456,14 @@ static void test_guest_memfd_guest(void)
TEST_ASSERT(vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_FLAGS) & GUEST_MEMFD_FLAG_INIT_SHARED,
"Default VM type should support INIT_SHARED, supported flags = 0x%x",
vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_FLAGS));
+ TEST_ASSERT(vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_FLAGS) & GUEST_MEMFD_FLAG_NO_DIRECT_MAP,
+ "Default VM type should support INIT_SHARED, supported flags = 0x%x",
+ vm_check_cap(vm, KVM_CAP_GUEST_MEMFD_FLAGS));
size = vm->page_size;
fd = vm_create_guest_memfd(vm, size, GUEST_MEMFD_FLAG_MMAP |
- GUEST_MEMFD_FLAG_INIT_SHARED);
+ GUEST_MEMFD_FLAG_INIT_SHARED |
+ GUEST_MEMFD_FLAG_NO_DIRECT_MAP);
vm_set_user_memory_region2(vm, slot, KVM_MEM_GUEST_MEMFD, gpa, size, NULL, fd, 0);
mem = kvm_mmap(size, PROT_READ | PROT_WRITE, MAP_SHARED, fd);
diff --git a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c
index 1969f4ab9b28..8767cb4a037e 100644
--- a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c
+++ b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c
@@ -367,7 +367,7 @@ static void *__test_mem_conversions(void *__vcpu)
}
static void test_mem_conversions(enum vm_mem_backing_src_type src_type, uint32_t nr_vcpus,
- uint32_t nr_memslots)
+ uint32_t nr_memslots, uint64_t gmem_flags)
{
/*
* Allocate enough memory so that each vCPU's chunk of memory can be
@@ -394,7 +394,7 @@ static void test_mem_conversions(enum vm_mem_backing_src_type src_type, uint32_t
vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE));
- memfd = vm_create_guest_memfd(vm, memfd_size, 0);
+ memfd = vm_create_guest_memfd(vm, memfd_size, gmem_flags);
for (i = 0; i < nr_memslots; i++)
vm_mem_add(vm, src_type, BASE_DATA_GPA + slot_size * i,
@@ -474,7 +474,8 @@ int main(int argc, char *argv[])
}
}
- test_mem_conversions(src_type, nr_vcpus, nr_memslots);
+ test_mem_conversions(src_type, nr_vcpus, nr_memslots, 0);
+ test_mem_conversions(src_type, nr_vcpus, nr_memslots, GUEST_MEMFD_FLAG_NO_DIRECT_MAP);
return 0;
}
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 14/15] KVM: selftests: stuff vm_mem_backing_src_type into vm_shape
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (12 preceding siblings ...)
2026-01-26 16:53 ` [PATCH v10 13/15] KVM: selftests: cover GUEST_MEMFD_FLAG_NO_DIRECT_MAP in existing selftests Kalyazin, Nikita
@ 2026-01-26 16:53 ` Kalyazin, Nikita
2026-01-26 16:53 ` [PATCH v10 15/15] KVM: selftests: Test guest execution from direct map removed gmem Kalyazin, Nikita
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:53 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Use one of the padding fields in struct vm_shape to carry an enum
vm_mem_backing_src_type value, to give the option to overwrite the
default of VM_MEM_SRC_ANONYMOUS in __vm_create().
Overwriting this default will allow tests to create VMs where the test
code is backed by mmap'd guest_memfd instead of anonymous memory.
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
.../testing/selftests/kvm/include/kvm_util.h | 19 ++++++++++---------
tools/testing/selftests/kvm/lib/kvm_util.c | 2 +-
tools/testing/selftests/kvm/lib/x86/sev.c | 1 +
.../selftests/kvm/pre_fault_memory_test.c | 1 +
4 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h
index 6689b43810c1..4bc4af9a40cf 100644
--- a/tools/testing/selftests/kvm/include/kvm_util.h
+++ b/tools/testing/selftests/kvm/include/kvm_util.h
@@ -192,7 +192,7 @@ enum vm_guest_mode {
struct vm_shape {
uint32_t type;
uint8_t mode;
- uint8_t pad0;
+ uint8_t src_type;
uint16_t pad1;
};
@@ -200,14 +200,15 @@ kvm_static_assert(sizeof(struct vm_shape) == sizeof(uint64_t));
#define VM_TYPE_DEFAULT 0
-#define VM_SHAPE(__mode) \
-({ \
- struct vm_shape shape = { \
- .mode = (__mode), \
- .type = VM_TYPE_DEFAULT \
- }; \
- \
- shape; \
+#define VM_SHAPE(__mode) \
+({ \
+ struct vm_shape shape = { \
+ .mode = (__mode), \
+ .type = VM_TYPE_DEFAULT, \
+ .src_type = VM_MEM_SRC_ANONYMOUS \
+ }; \
+ \
+ shape; \
})
#if defined(__aarch64__)
diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
index 28ee51253909..268a4520633b 100644
--- a/tools/testing/selftests/kvm/lib/kvm_util.c
+++ b/tools/testing/selftests/kvm/lib/kvm_util.c
@@ -467,7 +467,7 @@ struct kvm_vm *__vm_create(struct vm_shape shape, uint32_t nr_runnable_vcpus,
if (is_guest_memfd_required(shape))
flags |= KVM_MEM_GUEST_MEMFD;
- vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, 0, 0, nr_pages, flags);
+ vm_userspace_mem_region_add(vm, shape.src_type, 0, 0, nr_pages, flags);
for (i = 0; i < NR_MEM_REGIONS; i++)
vm->memslots[i] = 0;
diff --git a/tools/testing/selftests/kvm/lib/x86/sev.c b/tools/testing/selftests/kvm/lib/x86/sev.c
index c3a9838f4806..d920880e4fc0 100644
--- a/tools/testing/selftests/kvm/lib/x86/sev.c
+++ b/tools/testing/selftests/kvm/lib/x86/sev.c
@@ -164,6 +164,7 @@ struct kvm_vm *vm_sev_create_with_one_vcpu(uint32_t type, void *guest_code,
struct vm_shape shape = {
.mode = VM_MODE_DEFAULT,
.type = type,
+ .src_type = VM_MEM_SRC_ANONYMOUS,
};
struct kvm_vm *vm;
struct kvm_vcpu *cpus[1];
diff --git a/tools/testing/selftests/kvm/pre_fault_memory_test.c b/tools/testing/selftests/kvm/pre_fault_memory_test.c
index 93e603d91311..8a4d5af53fab 100644
--- a/tools/testing/selftests/kvm/pre_fault_memory_test.c
+++ b/tools/testing/selftests/kvm/pre_fault_memory_test.c
@@ -165,6 +165,7 @@ static void __test_pre_fault_memory(unsigned long vm_type, bool private)
const struct vm_shape shape = {
.mode = VM_MODE_DEFAULT,
.type = vm_type,
+ .src_type = VM_MEM_SRC_ANONYMOUS,
};
struct kvm_vcpu *vcpu;
struct kvm_run *run;
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread* [PATCH v10 15/15] KVM: selftests: Test guest execution from direct map removed gmem
2026-01-26 16:46 [PATCH v10 00/15] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
` (13 preceding siblings ...)
2026-01-26 16:53 ` [PATCH v10 14/15] KVM: selftests: stuff vm_mem_backing_src_type into vm_shape Kalyazin, Nikita
@ 2026-01-26 16:53 ` Kalyazin, Nikita
14 siblings, 0 replies; 17+ messages in thread
From: Kalyazin, Nikita @ 2026-01-26 16:53 UTC (permalink / raw)
To: kvm, linux-doc, linux-kernel, linux-arm-kernel, kvmarm,
linux-fsdevel, linux-mm, bpf, linux-kselftest, kernel,
linux-riscv, linux-s390, loongarch
Cc: pbonzini, corbet, maz, oupton, joey.gouly, suzuki.poulose,
yuzenghui, catalin.marinas, will, seanjc, tglx, mingo, bp,
dave.hansen, x86, hpa, luto, peterz, willy, akpm, david,
lorenzo.stoakes, vbabka, rppt, surenb, mhocko, ast, daniel,
andrii, martin.lau, eddyz87, song, yonghong.song, john.fastabend,
kpsingh, sdf, haoluo, jolsa, jgg, jhubbard, peterx, jannh,
pfalcato, shuah, riel, ryan.roberts, jgross, yu-cheng.yu, kas,
coxu, kevin.brodsky, ackerleytng, maobibo, prsampat, mlevitsk,
jmattson, jthoughton, agordeev, alex, aou, borntraeger,
chenhuacai, dev.jain, gor, hca, palmer, pjw, shijie, svens,
thuth, wyihan, yang, Jonathan.Cameron, Liam.Howlett, urezki,
zhengqi.arch, gerald.schaefer, jiayuan.chen, lenb, osalvador,
pavel, rafael, vannapurve, jackmanb, aneesh.kumar, patrick.roy,
Thomson, Jack, Itazuri, Takahiro, Manwaring, Derek, Cali, Marco,
Kalyazin, Nikita
From: Patrick Roy <patrick.roy@linux.dev>
Add a selftest that loads itself into guest_memfd (via
GUEST_MEMFD_FLAG_MMAP) and triggers an MMIO exit when executed. This
exercises x86 MMIO emulation code inside KVM for guest_memfd-backed
memslots where the guest_memfd folios are direct map removed.
Particularly, it validates that x86 MMIO emulation code (guest page
table walks + instruction fetch) correctly accesses gmem through the VMA
that's been reflected into the memslot's userspace_addr field (instead
of trying to do direct map accesses).
Signed-off-by: Patrick Roy <patrick.roy@linux.dev>
Signed-off-by: Nikita Kalyazin <kalyazin@amazon.com>
---
.../selftests/kvm/set_memory_region_test.c | 52 +++++++++++++++++--
1 file changed, 48 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/kvm/set_memory_region_test.c b/tools/testing/selftests/kvm/set_memory_region_test.c
index 7fe427ff9b38..6c57fb036b20 100644
--- a/tools/testing/selftests/kvm/set_memory_region_test.c
+++ b/tools/testing/selftests/kvm/set_memory_region_test.c
@@ -602,6 +602,41 @@ static void test_mmio_during_vectoring(void)
kvm_vm_free(vm);
}
+
+static void guest_code_trigger_mmio(void)
+{
+ /*
+ * Read some GPA that is not backed by a memslot. KVM consider this
+ * as MMIO and tell userspace to emulate the read.
+ */
+ READ_ONCE(*((uint64_t *)MEM_REGION_GPA));
+
+ GUEST_DONE();
+}
+
+static void test_guest_memfd_mmio(void)
+{
+ struct kvm_vm *vm;
+ struct kvm_vcpu *vcpu;
+ struct vm_shape shape = {
+ .mode = VM_MODE_DEFAULT,
+ .src_type = VM_MEM_SRC_GUEST_MEMFD_NO_DIRECT_MAP,
+ };
+ pthread_t vcpu_thread;
+
+ pr_info("Testing MMIO emulation for instructions in gmem\n");
+
+ vm = __vm_create_shape_with_one_vcpu(shape, &vcpu, 0, guest_code_trigger_mmio);
+
+ virt_map(vm, MEM_REGION_GPA, MEM_REGION_GPA, 1);
+
+ pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu);
+
+ /* If the MMIO read was successfully emulated, the vcpu thread will exit */
+ pthread_join(vcpu_thread, NULL);
+
+ kvm_vm_free(vm);
+}
#endif
int main(int argc, char *argv[])
@@ -625,10 +660,19 @@ int main(int argc, char *argv[])
test_add_max_memory_regions();
#ifdef __x86_64__
- if (kvm_has_cap(KVM_CAP_GUEST_MEMFD) &&
- (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))) {
- test_add_private_memory_region();
- test_add_overlapping_private_memory_regions();
+ if (kvm_has_cap(KVM_CAP_GUEST_MEMFD)) {
+ uint64_t valid_flags = kvm_check_cap(KVM_CAP_GUEST_MEMFD_FLAGS);
+
+ if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM)) {
+ test_add_private_memory_region();
+ test_add_overlapping_private_memory_regions();
+ }
+
+ if ((valid_flags & GUEST_MEMFD_FLAG_MMAP)
+ && (valid_flags & GUEST_MEMFD_FLAG_NO_DIRECT_MAP))
+ test_guest_memfd_mmio();
+ else
+ pr_info("Skipping tests requiring GUEST_MEMFD_FLAG_MMAP | GUEST_MEMFD_FLAG_NO_DIRECT_MAP");
} else {
pr_info("Skipping tests for KVM_MEM_GUEST_MEMFD memory regions\n");
}
--
2.50.1
^ permalink raw reply [flat|nested] 17+ messages in thread