From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96D7EC3ABDA for ; Wed, 14 May 2025 23:43:26 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 17A456B00CD; Wed, 14 May 2025 19:43:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 10C856B00CF; Wed, 14 May 2025 19:43:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D3F0B6B00CD; Wed, 14 May 2025 19:43:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id AFE186B00CC for ; Wed, 14 May 2025 19:43:11 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 26805805B9 for ; Wed, 14 May 2025 23:43:11 +0000 (UTC) X-FDA: 83443141782.29.4549205 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) by imf17.hostedemail.com (Postfix) with ESMTP id 738CA40003 for ; Wed, 14 May 2025 23:43:09 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=b5R39Pvq; spf=pass (imf17.hostedemail.com: domain of 3jColaAsKCL0dfnhuoh1wqjjrrjoh.frpolqx0-ppnydfn.ruj@flex--ackerleytng.bounces.google.com designates 209.85.215.201 as permitted sender) smtp.mailfrom=3jColaAsKCL0dfnhuoh1wqjjrrjoh.frpolqx0-ppnydfn.ruj@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=b5R39Pvq; spf=pass (imf17.hostedemail.com: domain of 3jColaAsKCL0dfnhuoh1wqjjrrjoh.frpolqx0-ppnydfn.ruj@flex--ackerleytng.bounces.google.com designates 209.85.215.201 as permitted sender) smtp.mailfrom=3jColaAsKCL0dfnhuoh1wqjjrrjoh.frpolqx0-ppnydfn.ruj@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1747266189; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=duQaEMPI/+/8EJ+OqflXscIYsMBaL2tMJ4wppFAcdZo=; b=Cyc8r+LKR8gb5JOrI7Lxeag9EKqY9jqN4F4kHmt/48QWd66LyEPtIaaH9KVxsvyIgnNEKO bfBd0FqXi39qTMSuLsrt4esTUQCf/H290r860A9V2D3jwIgFDahsir1cr9xCfOiartG1SZ 253yiswN9VDO1oCGkQezk+1xxnTsBF4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747266189; a=rsa-sha256; cv=none; b=oFHAQE6sp+IIXeeyTgxRP7JNY8eGfJWdiHrjYijk7lKNFXoW32sI7HTT7RPTX+EnsC3/lL VSunn45Xk8fgoufN8FSE4/Lfrj+fpcPRSOIDwnXeQRlERppeanjY6klb68hxLC1VJVLOU7 KFFJag1IMN53eDl94/mDSvwqnJ9e2Tg= Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-b115fb801bcso221377a12.3 for ; Wed, 14 May 2025 16:43:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1747266188; x=1747870988; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=duQaEMPI/+/8EJ+OqflXscIYsMBaL2tMJ4wppFAcdZo=; b=b5R39Pvqq4CNE3kAj+qZusQczMYUhvVvxKAcX21IgafCFoZi7CnP5KAQm3oRRXYOnl 6AmqPDJdXkmINfCYDO4YChMjNpr72H/OBIfrt87ml/Ev1vXc8GkcQvGLsMzjdlEqtssn A/4/7PIrlQSwD4hOP4wDYqHQ1za5LW9GF3JzL8D9eu+0I4cbRcUvXZ32+CrvMzRrykfD cLkCAeCXS7Ehqz2da/HueIHd530g3thTG+ZaGcC6ECJbkZ+M4mvHpv+UpztIWPW/y3F/ jeNHDCdleLfOL3fPEAOXjSDd9TUTtzfhubLkRGq1Ux/mUbaubA9iQtWsF38P9hGnNlVJ eMnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1747266188; x=1747870988; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=duQaEMPI/+/8EJ+OqflXscIYsMBaL2tMJ4wppFAcdZo=; b=EWkrBYJbfi65dJDjwTjQevyuYHwHjdKL3WmlzmTpA4VtH4PAaNCd0YocwbdnfAwPPQ p39ESdsXEtKQJn4jNHxAyUDPumBwcgIMuW+e/C2BImBf3zAssnbZCytVI2BhuJITHnPN 9LMRdsmsafPUZv7RfUgORZ9THQLLS93eJ0wZrqBoSbpCUB1NDSn3Chi7q6/oMJEDwXe9 0Wd5oko2VE9NVfHKpheD+IWBUy7hA8eLgTVRT94Rji8UdDNdpsjje4X2cvDHvPgxBXgY A/dlU46tJbSEZ6c21oTSwJUKFQVEGp2ycKwlTFEcJOs3FIa+ElRxqjxbNg36bBMfjxTf 7LMQ== X-Forwarded-Encrypted: i=1; AJvYcCXa/Q4rgGIXAupshsgns1PUqXGo9FJbYxcsnKdXuYkP5he3iIOrFYf92z4FAq5Nvahm2Jikga2gnw==@kvack.org X-Gm-Message-State: AOJu0YxllMfAi79bjTI/Vtk0oT4TObaBH2IAbl2ZEiGpX8CfzsvybHKg QGOruqprxBvss4eV4uM2+Kj2GfOIMAZLNzRyP1vEXS/smaP0wFYJA2u2zeFXOB9a3Ij36rFU2d8 FLCQwgMxtsoSTEunPOX2hFA== X-Google-Smtp-Source: AGHT+IFrb+gsGiHZc/e64qLljrrwwFd5Rm0IiKqEVIeKNMAq/DWkzMG2AbDLdjpl7ubUiMkSYyuQC33P/I6kwzCn8Q== X-Received: from pjbee11.prod.google.com ([2002:a17:90a:fc4b:b0:30a:3021:c1af]) (user=ackerleytng job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:520f:b0:306:b65e:13a8 with SMTP id 98e67ed59e1d1-30e2e5ba382mr8485187a91.8.1747266188231; Wed, 14 May 2025 16:43:08 -0700 (PDT) Date: Wed, 14 May 2025 16:41:46 -0700 In-Reply-To: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.49.0.1045.g170613ef41-goog Message-ID: <59d0c13258bea1caec2d3eeed54bc8cb78783399.1747264138.git.ackerleytng@google.com> Subject: [RFC PATCH v2 07/51] KVM: guest_memfd: Add CAP KVM_CAP_GMEM_CONVERSION From: Ackerley Tng To: kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org Cc: ackerleytng@google.com, aik@amd.com, ajones@ventanamicro.com, akpm@linux-foundation.org, amoorthy@google.com, anthony.yznaga@oracle.com, anup@brainfault.org, aou@eecs.berkeley.edu, bfoster@redhat.com, binbin.wu@linux.intel.com, brauner@kernel.org, catalin.marinas@arm.com, chao.p.peng@intel.com, chenhuacai@kernel.org, dave.hansen@intel.com, david@redhat.com, dmatlack@google.com, dwmw@amazon.co.uk, erdemaktas@google.com, fan.du@intel.com, fvdl@google.com, graf@amazon.com, haibo1.xu@intel.com, hch@infradead.org, hughd@google.com, ira.weiny@intel.com, isaku.yamahata@intel.com, jack@suse.cz, james.morse@arm.com, jarkko@kernel.org, jgg@ziepe.ca, jgowans@amazon.com, jhubbard@nvidia.com, jroedel@suse.de, jthoughton@google.com, jun.miao@intel.com, kai.huang@intel.com, keirf@google.com, kent.overstreet@linux.dev, kirill.shutemov@intel.com, liam.merwick@oracle.com, maciej.wieczor-retman@intel.com, mail@maciej.szmigiero.name, maz@kernel.org, mic@digikod.net, michael.roth@amd.com, mpe@ellerman.id.au, muchun.song@linux.dev, nikunj@amd.com, nsaenz@amazon.es, oliver.upton@linux.dev, palmer@dabbelt.com, pankaj.gupta@amd.com, paul.walmsley@sifive.com, pbonzini@redhat.com, pdurrant@amazon.co.uk, peterx@redhat.com, pgonda@google.com, pvorel@suse.cz, qperret@google.com, quic_cvanscha@quicinc.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, quic_svaddagi@quicinc.com, quic_tsoni@quicinc.com, richard.weiyang@gmail.com, rick.p.edgecombe@intel.com, rientjes@google.com, roypat@amazon.co.uk, rppt@kernel.org, seanjc@google.com, shuah@kernel.org, steven.price@arm.com, steven.sistare@oracle.com, suzuki.poulose@arm.com, tabba@google.com, thomas.lendacky@amd.com, usama.arif@bytedance.com, vannapurve@google.com, vbabka@suse.cz, viro@zeniv.linux.org.uk, vkuznets@redhat.com, wei.w.wang@intel.com, will@kernel.org, willy@infradead.org, xiaoyao.li@intel.com, yan.y.zhao@intel.com, yilun.xu@intel.com, yuzenghui@huawei.com, zhiquan1.li@intel.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 738CA40003 X-Stat-Signature: k4f4totohc9fp3x9qq48tz8xiudwkw4s X-Rspam-User: X-HE-Tag: 1747266189-56734 X-HE-Meta: U2FsdGVkX18s54oL6vClTZ9njGGFJu78jN+PaKawopxTLzsCqF7NZg1j+xvKd6RyNH63rDD+MpRwVSXXDkqPvwHOTRmaf1fe+vV4WWfAc3PfTVO0XlNnIrHSSVfLf4oI84+AG+WVq1D4uXKny0vSCOqMvsJwYH75gYU8UES8cp4oz5CnXbLmfB+wZLCfLEpCR84Rf2JQGbwMqsZwMkzp/xIdKpG17dqbAF21ZJaujL0g/XWJOYQOuKPuq8qthzj3GPLuDY0+FwLbhjdplskGGNCD1bJpg3bVLyEyHy9F0Psci7stBN8wYITEfkFAiCtOFQ8c+zX7cKZtASWZxqpQrKO9xg3AmWBBDZjRxQwgx2FovnAV/PovpSZXreYHu7a593s0aWv947zgcYbkV/uw56V2a+D/ufpKXdfgkghCwWLfgS6fKyDvmuBu3Ebe4Wg/N1ZnpDBgOdP88YG2SZmCVoSZ6QlcUlhDQGM48BpbbdV+IrVXMCOSqsPbNF8MYuTy8q3/j+5QkfzoHvvEm/E7rHiKi1YzOSsIpudM3D99vIxfIrF/ZgwXJPcVwkgLCozhYMw0HsyjWjt6b8iRhXyS92Jy3yckKMM2Pr9U/FRfwJgIyZI3BXjUphcuRr8QwKN3MWcDuVJGaoyqanIgZ/AiIuGCUwrom0PCAa4u0Upo6qrQnGGXvnX9Wt24O4PIRm53oaYcauB+HMijgEiEd1BivfhsOryfdSGQIOwsAVAJGo2L9Pu0cgpu3IgwtlYgoCFKjCjjs+HoAfeTElXsJmkEPFw/J+q/T705f1BuKRq60BiOd/Fp+nxMG3KEPXSPEJnCfDjdEF/YZhR4ooNwCycWgRrAStE9INDdNY9ivbeNCcODx3qNmFCDhC5WHr5rxFnbIrX5jr5JEKk2wrvPAwGwmlQPdhYXytnPfe8BOG1+mvYjBVV2PCRhjWJmgCEqNupQlNdd/WR0I4WooA0MuoB Xr7eMSiT 6/hZWa9NYQnAio2xXdVCojFkliMyoyseYjF5P8gNb0tIsprfiozVspJQWcl+FNsDRUnGolKD9nf4XnM/8wTWD+bOtEU3gG9Mnhznw19HOJK6xQvvJ39M2X5J6v+ilSd4pUAc5bSuu54pj99WV0g8CkKs7FLzFkwfEUr64v+U4eL41Rs174SzpafPcoaBtNQ9KQ9b9yrGWs818wa7aBRbn8TaKYFCi+JnE9oJ2OjOwh8CcGSoAW9ZEanOVAVm51NkGlE1J0Y/z8psCoDqRSe6viqYTFTVWuMTUI6YvUouNccJwT1jWUa7vzY96v3AdvhQqhI5haHFlxNoQqUeILERzeYDv7bcXtFEqu6wEfJjfbEEET+i5LCcF0825T9nRpEhw+suUZ5707xYJz7PnCmtyHwVJ9GyfhL52RS/Q X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: KVM_CAP_GMEM_CONVERSION indicates that guest_memfd supports conversion. With this patch, as long as guest_memfd supports shared memory, it also supports conversion. With conversion support comes tracking of private/shared memory within guest_memfd, hence now all VM types support shared memory in guest_memfd. Before this patch, Coco VMs did not support shared memory because that would allow private memory to be accessible to the host. Coco VMs now support shared memory because with private/shared status tracked in guest_memfd, private memory will not be allowed to be mapped into the host. Change-Id: I057b7bd267dd84a93fdee2e95cceb88cd9dfc647 Signed-off-by: Ackerley Tng --- arch/arm64/include/asm/kvm_host.h | 5 ----- arch/x86/include/asm/kvm_host.h | 10 ---------- include/linux/kvm_host.h | 13 ------------- include/uapi/linux/kvm.h | 1 + virt/kvm/guest_memfd.c | 12 ++++-------- virt/kvm/kvm_main.c | 3 ++- 6 files changed, 7 insertions(+), 37 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index 2514779f5131..7df673a71ade 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1598,9 +1598,4 @@ static inline bool kvm_arch_supports_gmem(struct kvm *kvm) return IS_ENABLED(CONFIG_KVM_GMEM); } -static inline bool kvm_arch_vm_supports_gmem_shared_mem(struct kvm *kvm) -{ - return IS_ENABLED(CONFIG_KVM_GMEM_SHARED_MEM); -} - #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index f72722949cae..709cc2a7ba66 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2255,18 +2255,8 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level, #ifdef CONFIG_KVM_GMEM #define kvm_arch_supports_gmem(kvm) ((kvm)->arch.supports_gmem) - -/* - * CoCo VMs with hardware support that use guest_memfd only for backing private - * memory, e.g., TDX, cannot use guest_memfd with userspace mapping enabled. - */ -#define kvm_arch_vm_supports_gmem_shared_mem(kvm) \ - (IS_ENABLED(CONFIG_KVM_GMEM_SHARED_MEM) && \ - ((kvm)->arch.vm_type == KVM_X86_SW_PROTECTED_VM || \ - (kvm)->arch.vm_type == KVM_X86_DEFAULT_VM)) #else #define kvm_arch_supports_gmem(kvm) false -#define kvm_arch_vm_supports_gmem_shared_mem(kvm) false #endif #define kvm_arch_has_readonly_mem(kvm) (!(kvm)->arch.has_protected_state) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 91279e05e010..d703f291f467 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -729,19 +729,6 @@ static inline bool kvm_arch_supports_gmem(struct kvm *kvm) } #endif -/* - * Returns true if this VM supports shared mem in guest_memfd. - * - * Arch code must define kvm_arch_vm_supports_gmem_shared_mem if support for - * guest_memfd is enabled. - */ -#if !defined(kvm_arch_vm_supports_gmem_shared_mem) && !IS_ENABLED(CONFIG_KVM_GMEM) -static inline bool kvm_arch_vm_supports_gmem_shared_mem(struct kvm *kvm) -{ - return false; -} -#endif - #ifndef kvm_arch_has_readonly_mem static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm) { diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 5b28e17f6f14..433e184f83ea 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -931,6 +931,7 @@ struct kvm_enable_cap { #define KVM_CAP_X86_GUEST_MODE 238 #define KVM_CAP_ARM_WRITABLE_IMP_ID_REGS 239 #define KVM_CAP_GMEM_SHARED_MEM 240 +#define KVM_CAP_GMEM_CONVERSION 241 struct kvm_irq_routing_irqchip { __u32 irqchip; diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 853e989bdcb2..8c9c9e54616b 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -1216,7 +1216,7 @@ int kvm_gmem_create(struct kvm *kvm, struct kvm_create_guest_memfd *args) u64 flags = args->flags; u64 valid_flags = 0; - if (kvm_arch_vm_supports_gmem_shared_mem(kvm)) + if (IS_ENABLED(CONFIG_KVM_GMEM_SHARED_MEM)) valid_flags |= GUEST_MEMFD_FLAG_SUPPORT_SHARED; if (flags & GUEST_MEMFD_FLAG_SUPPORT_SHARED) @@ -1286,13 +1286,9 @@ int kvm_gmem_bind(struct kvm *kvm, struct kvm_memory_slot *slot, offset + size > i_size_read(inode)) goto err; - if (kvm_gmem_supports_shared(inode)) { - if (!kvm_arch_vm_supports_gmem_shared_mem(kvm)) - goto err; - - if (slot->userspace_addr && - !kvm_gmem_is_same_range(kvm, slot, file, offset)) - goto err; + if (kvm_gmem_supports_shared(inode) && slot->userspace_addr && + !kvm_gmem_is_same_range(kvm, slot, file, offset)) { + goto err; } filemap_invalidate_lock(inode->i_mapping); diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 66dfdafbb3b6..92054b1bbd3f 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4843,7 +4843,8 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg) #endif #ifdef CONFIG_KVM_GMEM_SHARED_MEM case KVM_CAP_GMEM_SHARED_MEM: - return !kvm || kvm_arch_vm_supports_gmem_shared_mem(kvm); + case KVM_CAP_GMEM_CONVERSION: + return true; #endif default: break; -- 2.49.0.1045.g170613ef41-goog