From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4024EFCB604 for ; Fri, 6 Mar 2026 14:49:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 895936B008C; Fri, 6 Mar 2026 09:49:11 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8666D6B0092; Fri, 6 Mar 2026 09:49:11 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 73E7C6B0093; Fri, 6 Mar 2026 09:49:11 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 62DB86B008C for ; Fri, 6 Mar 2026 09:49:11 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id F16DEBA18B for ; Fri, 6 Mar 2026 14:49:10 +0000 (UTC) X-FDA: 84515920860.29.33BE5B0 Received: from fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com [3.74.81.189]) by imf29.hostedemail.com (Postfix) with ESMTP id 88C7E120004 for ; Fri, 6 Mar 2026 14:49:08 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amazon.com header.s=amazoncorp2 header.b=XTIQ460r; dmarc=pass (policy=quarantine) header.from=amazon.com; spf=pass (imf29.hostedemail.com: domain of "prvs=518a0fcdf=kalyazin@amazon.co.uk" designates 3.74.81.189 as permitted sender) smtp.mailfrom="prvs=518a0fcdf=kalyazin@amazon.co.uk" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1772808548; h=from:from:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Jal/VdxlygY/Jp/VACbX2II5K9b9pb+hAy31tgKOGlo=; b=kPpoTmeEW8foStYFM2wbCw0Nt9d5A92Myhb9vlPfixz/bJFDBqzKerZrUmH1AY2JN738jc IA4FJRhpANGuMpXUiucx5N05rHxykPJdyJ5z8VUKdyiZVJ0FvSJOlPVxkrgoAppYZQQFF3 qEcSag21ZacO0gqWBxom79sn7DBrUVM= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=amazon.com header.s=amazoncorp2 header.b=XTIQ460r; dmarc=pass (policy=quarantine) header.from=amazon.com; spf=pass (imf29.hostedemail.com: domain of "prvs=518a0fcdf=kalyazin@amazon.co.uk" designates 3.74.81.189 as permitted sender) smtp.mailfrom="prvs=518a0fcdf=kalyazin@amazon.co.uk" ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1772808548; a=rsa-sha256; cv=none; b=ZbeBRvj5NXAabj/SC2UtHJ12LVBYJENEuGVzESFprAP/hicOvX3/FEcsnCDUe1JqA76F0X See0vuUX/19+00BJfMk3H35pY3GUnNjore8p8Dme9F15vsMDHRR4apT9xEM+Lw7LGb3E6H eNX2jNNQ/eu6BSVEWevEjbE6y0sNqgo= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazoncorp2; t=1772808548; x=1804344548; h=message-id:date:mime-version:reply-to:subject:to:cc: references:from:in-reply-to:content-transfer-encoding; bh=Jal/VdxlygY/Jp/VACbX2II5K9b9pb+hAy31tgKOGlo=; b=XTIQ460roSQlZTj2aozy0zZ1kXR8KQm9T8tqEL1CT3SRCEArrz0i00md TRrVKh7nG9F1ZRW8DpWERTbHG6M6yG4e/qRjthGY6RTEd05e8M8HzP2fG s5INF0mqhmeM41mcmAoUfTO9amIrmb4QvkW5/gtqNrWNcHEZqW2Ne+hZq BeXceX2Fix/3xjhGPLOGn4c83Pgk0azfAYLYX6thQ3Xe9LK0ZVql0xuTf XE51dBeBW5hh5qhFdnBbuK045kLilo/8/I/ZeN0uyYrJzEKrplXTQU1hG CERrN+28cAeozGY/ArY7oNTSReRM2HPNUWUT6FAr+dnZz/ST6U+cfHxIm A==; X-CSE-ConnectionGUID: ljHSVQB7TzG5jw32RYNa5w== X-CSE-MsgGUID: OUQPopD9QXKeR6PpigJL3Q== X-IronPort-AV: E=Sophos;i="6.23,105,1770595200"; d="scan'208";a="10442482" Received: from ip-10-6-11-83.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.11.83]) by internal-fra-out-004.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Mar 2026 14:49:04 +0000 Received: from EX19MTAEUB001.ant.amazon.com [54.240.197.234:10240] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.46.96:2525] with esmtp (Farcaster) id 785449e4-4a3c-45cd-8b65-b1aa1ddf183f; Fri, 6 Mar 2026 14:49:04 +0000 (UTC) X-Farcaster-Flow-ID: 785449e4-4a3c-45cd-8b65-b1aa1ddf183f Received: from EX19D005EUB003.ant.amazon.com (10.252.51.31) by EX19MTAEUB001.ant.amazon.com (10.252.51.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Fri, 6 Mar 2026 14:49:04 +0000 Received: from [192.168.2.180] (10.106.83.26) by EX19D005EUB003.ant.amazon.com (10.252.51.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Fri, 6 Mar 2026 14:48:58 +0000 Message-ID: <38deb26a-918c-4743-b35f-92a1330dbf40@amazon.com> Date: Fri, 6 Mar 2026 14:48:57 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: Subject: Re: [PATCH v10 02/15] set_memory: add folio_{zap, restore}_direct_map helpers To: "David Hildenbrand (Arm)" , "Kalyazin, Nikita" , "kvm@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "kvmarm@lists.linux.dev" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "bpf@vger.kernel.org" , "linux-kselftest@vger.kernel.org" , "kernel@xen0n.name" , "linux-riscv@lists.infradead.org" , "linux-s390@vger.kernel.org" , "loongarch@lists.linux.dev" CC: "pbonzini@redhat.com" , "corbet@lwn.net" , "maz@kernel.org" , "oupton@kernel.org" , "joey.gouly@arm.com" , "suzuki.poulose@arm.com" , "yuzenghui@huawei.com" , "catalin.marinas@arm.com" , "will@kernel.org" , "seanjc@google.com" , "tglx@kernel.org" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "x86@kernel.org" , "hpa@zytor.com" , "luto@kernel.org" , "peterz@infradead.org" , "willy@infradead.org" , "akpm@linux-foundation.org" , "lorenzo.stoakes@oracle.com" , "vbabka@suse.cz" , "rppt@kernel.org" , "surenb@google.com" , "mhocko@suse.com" , "ast@kernel.org" , "daniel@iogearbox.net" , "andrii@kernel.org" , "martin.lau@linux.dev" , "eddyz87@gmail.com" , "song@kernel.org" , "yonghong.song@linux.dev" , "john.fastabend@gmail.com" , "kpsingh@kernel.org" , "sdf@fomichev.me" , "haoluo@google.com" , "jolsa@kernel.org" , "jgg@ziepe.ca" , "jhubbard@nvidia.com" , "peterx@redhat.com" , "jannh@google.com" , "pfalcato@suse.de" , "shuah@kernel.org" , "riel@surriel.com" , "ryan.roberts@arm.com" , "jgross@suse.com" , "yu-cheng.yu@intel.com" , "kas@kernel.org" , "coxu@redhat.com" , "kevin.brodsky@arm.com" , "ackerleytng@google.com" , "maobibo@loongson.cn" , "prsampat@amd.com" , "mlevitsk@redhat.com" , "jmattson@google.com" , "jthoughton@google.com" , "agordeev@linux.ibm.com" , "alex@ghiti.fr" , "aou@eecs.berkeley.edu" , "borntraeger@linux.ibm.com" , "chenhuacai@kernel.org" , "dev.jain@arm.com" , "gor@linux.ibm.com" , "hca@linux.ibm.com" , "palmer@dabbelt.com" , "pjw@kernel.org" , "shijie@os.amperecomputing.com" , "svens@linux.ibm.com" , "thuth@redhat.com" , "wyihan@google.com" , "yang@os.amperecomputing.com" , "Jonathan.Cameron@huawei.com" , "Liam.Howlett@oracle.com" , "urezki@gmail.com" , "zhengqi.arch@bytedance.com" , "gerald.schaefer@linux.ibm.com" , "jiayuan.chen@shopee.com" , "lenb@kernel.org" , "osalvador@suse.de" , "pavel@kernel.org" , "rafael@kernel.org" , "vannapurve@google.com" , "jackmanb@google.com" , "aneesh.kumar@kernel.org" , "patrick.roy@linux.dev" , "Thomson, Jack" , "Itazuri, Takahiro" , "Manwaring, Derek" , "Cali, Marco" References: <20260126164445.11867-1-kalyazin@amazon.com> <20260126164445.11867-3-kalyazin@amazon.com> <40bd6f9b-d5c0-4844-81bc-d221cd9b058f@kernel.org> Content-Language: en-US From: Nikita Kalyazin In-Reply-To: <40bd6f9b-d5c0-4844-81bc-d221cd9b058f@kernel.org> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [10.106.83.26] X-ClientProxiedBy: EX19D005EUB004.ant.amazon.com (10.252.51.126) To EX19D005EUB003.ant.amazon.com (10.252.51.31) X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 88C7E120004 X-Stat-Signature: e6bicqns99rh371gdc4in1xq5xccee38 X-Rspam-User: X-HE-Tag: 1772808548-546252 X-HE-Meta: U2FsdGVkX1+R1x+LfdnHbwRnaXPBylZz/HDGty2LA8g/gKZQlt2VfEhJgJzIXqmTHyb2l/MB/RIAWYW0F4VD8xpEItUUnxnSmy/HeBaHn+VecPtK186tf75MxQgTEl92D4Phkl7G7NJX6iopFRr/YQkYI7uJQ4Ri/YZQNRRzzRFQ83DROmWAzFcSDq5fSV/sPS5NdLKUAwck1QLvhb8qVKx8mWn7LjQMfvdgrxoj5oolHzYCNwfSdA01WMCVFeTwRYCAnoMVCW28b9qsXzSK0fVZSZb+5uy9esduC75mvNnafZd3hBBnxrWR7FiioWIDxQvZAacgHi4EPXMQlv0XK/g6zjM2t3tpGzILJKs7YiUBunNOt0lL+8UYxclYGF8If2EqcutJmfmdySj7MW5uGIubBJuEZG3hMqvq272S1+7p8NqQLrO+fElLdPE88WbDiAy6PVPPTfhOUrVPvsDVnXrnqQleABl/4jpcBs5miGg/uuznUYO4zp0OplqawH1j3u7KWt1BiRUSovf8wce5NGO79HRtvMTdwh/y1v0Ay0CTZIq4sAeertwSE0bceFOx82oJ71MLK9Apb0rS1/MpEbYH0Yc4x2Hj1k94cqWrUQwoMHSAlV8InJ7URFLxkzGcSLG/ruK3pAJgpQt96CK8E0wyC1CJTaKFJEiYvU3Bfu/hNEDbwbh4kXVYr+TohV909KRl2kS2+NKwtYvAU7cb/7gr+QuSMXaZ/J86m8fAwoO2i+z72OVVAJcb/ETRAoywEFCZzTKxnp2FWtwDRO6iB+seEfgu5ez/UmVko7ar7GLlASWXDx7X26x0V5Wb5cRGtvuq+WheyVrpI7DSwVzgbhVO1U26Zz5gRlptezFAw7RcjSsicZeGzFqxt7nFUQNKsn93G5qU74hqnMafTImRHQNQZdGlJhPe7lM45g5JotEFnGI9NrEtRrZwGYEWfdwOZuZLGiG5qKnPpJOT/QD fJLJqZzn 41BjrilB7Shh+NrxwZlvsB9wyuTAyRmYXMr1k2dyNwN+l1KG/AixTqVEwm2sNXjsU4OgwC+xX+H39BgwCAPy32rGTMiIP/Jl32hiq1Gg1TFFwAolw0TnFpEgXSJLwjQOx9leF2sSADLbswksnAbHWzoJQuqNdmjNaXunxMIGVWJ1q8lwM+b0oR9zhh+vqgT8iHNu+IL1OaW+iPcdldYQmdHxBJL/eSlXtTNo360C47/Hxgku+jzosb3iQarbIWJmHuEwbhAS2crUcQ8RYrhEdLM0Pwx8sAJ155/Uzko9P1n1RPf5AMuyPrQhwNUmfBUB4qNpDw8PQx+dtdWeL+khql6OlhCiJVTExmUrXW1D8SgLRiU6/aT8+AtTRS4nhm/9bmb0rUtPWg7EQhkwBY+8q4p+MCdUg6ZxvOpCqmQ+6QlqWcMYPLohBDVrXqD5fhedmaGt50P7A2Fk/rJsNZzEYUsafJJokRb6tQYYvlpTNi8+J5NNcqBPT/7XB4Jgv6bDidh53fzIgI2ceKLyYDI+zNntq+JSSpos3QSheleGYFkt6fhdjpFM40hjI6LxNUh2UPSKmKAlL7bcuXP/awDa2oCOpuE6R3+nuSVMrGpCzZ3UVN5W35b1NJ3gJc28LPmbXr/ndZwr3phnMVYqJk+EpNxzOo+GyO04CB2fCdOuw5cxeJ5gwWWFYjHeNTH3M+5bGPrM2B4BoMLfEfHyZIrusUH0rDxIyF4rzPwJEPU0lTFjyIvZ47g0QIrEzP31Hlz25qaj/xz7chT/ObudZZII5xOLPukZEyvyRzmsnC1jfOyzIUTbjzJMg8SHAzPtGhub/tikI6peHulmXTDUChM7USoZmby5ccQV4Lz5dOv1IkswbsE8teJB7I5CH2b4SdUiLTHCc7CALysgmQRbq4Avo7W9MduNTr2xdYBnRXslJ+CkwEi29/Rh6FY3qm4ZhfDwJ9stIKnFyYL5o/ASCz8tUireKcByq 0zVXu89E f0LhyaLB/vqMK55w8U+EcRjnl4OJsuFWX0QMXQjlPEExePXMoPOTMDSntrfgyK4E+CMk0Qe6gOvnC5x8/GTYUU+Yap6yKM6hOY57/cZphMkc/PeBavanjfcsI8qXZOCP2hDFDoxtXwJgHwLn6TCWjpeFXhxTfkvg Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 06/03/2026 14:17, David Hildenbrand (Arm) wrote: > On 3/6/26 13:48, Nikita Kalyazin wrote: >> >> >> On 05/03/2026 17:34, David Hildenbrand (Arm) wrote: >>> On 1/26/26 17:47, Kalyazin, Nikita wrote: >>>> From: Nikita Kalyazin >>>> >>>> These allow guest_memfd to remove its memory from the direct map. >>>> Only implement them for architectures that have direct map. >>>> In folio_zap_direct_map(), flush TLB on architectures where >>>> set_direct_map_valid_noflush() does not flush it internally. >>> >>> "Let's provide folio_{zap,restore}_direct_map helpers as preparation for >>> supporting removal of the direct map for guest_memfd folios. ... >> >> Will update, thanks. >> >>> >>>> >>>> The new helpers need to be accessible to KVM on architectures that >>>> support guest_memfd (x86 and arm64). Since arm64 does not support >>>> building KVM as a module, only export them on x86. >>>> >>>> Direct map removal gives guest_memfd the same protection that >>>> memfd_secret does, such as hardening against Spectre-like attacks >>>> through in-kernel gadgets. >>> >>> Would it be possible to convert mm/secretmem.c as well? >>> >>> There, we use >>> >>> set_direct_map_invalid_noflush(folio_page(folio, 0)); >>> >>> and >>> >>> set_direct_map_default_noflush(folio_page(folio, 0)); >>> >>> Which is a bit different to below code. At least looking at the x86 >>> variants, I wonder why we don't simply use >>> set_direct_map_valid_noflush(). >>> >>> >>> If so, can you add a patch to do the conversion, pleeeeassse ? :) >> >> Absolutely! >> >>> >>>> >>>> Reviewed-by: Ackerley Tng >>>> Signed-off-by: Nikita Kalyazin >>>> --- >>>> arch/arm64/include/asm/set_memory.h |  2 ++ >>>> arch/arm64/mm/pageattr.c | 12 ++++++++++++ >>>> arch/loongarch/include/asm/set_memory.h |  2 ++ >>>> arch/loongarch/mm/pageattr.c | 12 ++++++++++++ >>>> arch/riscv/include/asm/set_memory.h |  2 ++ >>>> arch/riscv/mm/pageattr.c | 12 ++++++++++++ >>>> arch/s390/include/asm/set_memory.h |  2 ++ >>>> arch/s390/mm/pageattr.c | 12 ++++++++++++ >>>> arch/x86/include/asm/set_memory.h |  2 ++ >>>> arch/x86/mm/pat/set_memory.c | 20 ++++++++++++++++++++ >>>> include/linux/set_memory.h | 10 ++++++++++ >>>> 11 files changed, 88 insertions(+) >>>> >>>> diff --git a/arch/arm64/include/asm/set_memory.h b/arch/arm64/ >>>> include/asm/set_memory.h >>>> index c71a2a6812c4..49fd54f3c265 100644 >>>> --- a/arch/arm64/include/asm/set_memory.h >>>> +++ b/arch/arm64/include/asm/set_memory.h >>>> @@ -15,6 +15,8 @@ int set_direct_map_invalid_noflush(const void *addr); >>>> int set_direct_map_default_noflush(const void *addr); >>>> int set_direct_map_valid_noflush(const void *addr, unsigned long >>>> numpages, >>>> bool valid); >>>> +int folio_zap_direct_map(struct folio *folio); >>>> +int folio_restore_direct_map(struct folio *folio); >>>> bool kernel_page_present(struct page *page); >>>> >>>> int set_memory_encrypted(unsigned long addr, int numpages); >>>> diff --git a/arch/arm64/mm/pageattr.c b/arch/arm64/mm/pageattr.c >>>> index e2bdc3c1f992..0b88b0344499 100644 >>>> --- a/arch/arm64/mm/pageattr.c >>>> +++ b/arch/arm64/mm/pageattr.c >>>> @@ -356,6 +356,18 @@ int set_direct_map_valid_noflush(const void >>>> *addr, unsigned long numpages, >>>> return set_memory_valid((unsigned long)addr, numpages, valid); >>>> } >>>> >>>> +int folio_zap_direct_map(struct folio *folio) >>>> +{ >>>> + return set_direct_map_valid_noflush(folio_address(folio), >>>> + folio_nr_pages(folio), false); >>>> +} >>>> + >>>> +int folio_restore_direct_map(struct folio *folio) >>>> +{ >>>> + return set_direct_map_valid_noflush(folio_address(folio), >>>> + folio_nr_pages(folio), true); >>>> +} >>> >>> Is there a good reason why we cannot have two generic inline functions >>> that simply call set_direct_map_valid_noflush() ? >>> >>> Is it because of some flushing behavior? (which we could figure out) >> >> Yes, on x86 we need an explicit flush. Other architectures deal with it >> internally. > > So, we call a _noflush function and it performs a ... flush. What. Yeah, that's unfortunately the status quo as pointed by Aneesh [1] [1] https://lore.kernel.org/kvm/yq5ajz07czvz.fsf@kernel.org/ > > Take a look at secretmem_fault(), where we do an unconditional > flush_tlb_kernel_range(). > > Do we end up double-flushing in that case? Yes, looks like that. I'll remove the explicit flush and rely on folio_zap_direct_map(). > >> Do you propose a bespoke implementation for x86 and a >> "generic" one for others? > > We have to find a way to have a single set of functions for all archs > that support directmap removal. I believe Dave meant to address that with folio_{zap,restore}_direct_map() [2]. [2] https://lore.kernel.org/kvm/9409531b-589b-4a54-b122-06a3cf0846f3@intel.com/ > > One option might be to have some indication from the architecture that > no flush_tlb_kernel_range() is required. > > Could be a config option or some simple helper function. I'd be inclined to know what arch maintainers think because I don't have a strong opinion on that. > > -- > Cheers, > > David