From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD529C83F1A for ; Fri, 18 Jul 2025 06:11:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5CD566B00BF; Fri, 18 Jul 2025 02:11:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A4E86B00C0; Fri, 18 Jul 2025 02:11:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4E1E46B00C1; Fri, 18 Jul 2025 02:11:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 423E46B00BF for ; Fri, 18 Jul 2025 02:11:12 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id AEAE410E50F for ; Fri, 18 Jul 2025 06:11:11 +0000 (UTC) X-FDA: 83676362742.18.15CAF3C Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.17]) by imf23.hostedemail.com (Postfix) with ESMTP id 90816140003 for ; Fri, 18 Jul 2025 06:11:09 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=A4HzCY8n; spf=pass (imf23.hostedemail.com: domain of xiaoyao.li@intel.com designates 192.198.163.17 as permitted sender) smtp.mailfrom=xiaoyao.li@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752819069; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=i2bNMngXdAbsIOXNYN8J7REcrb8CSWlMrJknkbj6wmc=; b=IgQQz5MPRp8wEFmpnpuD+cdYFAvVRuQdwPJogDk1oDOt/oxYNMpQQ6pljxWvnLRw2pGzZp NWTl836syPi02uko4i37T1FDg84uB8YiLULA0XL8J1S1uS7sznoJfPGF9QpUHpaHI4sxw0 3iz9jta9PtSHJBr1ZZau76k/KtID0lY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752819069; a=rsa-sha256; cv=none; b=xDcAUr798QYhNKTsGn+g7o3OsbsYSpCPvUMMMZV9uxNNMZkaVPRe8tWo5+hA/BwxXswpAf 1Qp/4/6BqJhg3FVkxn++m6p4kaxvH9PWm4VcEnjLLUvB+JUhrWSuiVcchu/fxfKxujUl9b 38slk8U3/0h7pThR2IwNuldxLdZ1NaI= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=A4HzCY8n; spf=pass (imf23.hostedemail.com: domain of xiaoyao.li@intel.com designates 192.198.163.17 as permitted sender) smtp.mailfrom=xiaoyao.li@intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1752819069; x=1784355069; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=MUDYFfWZtE5SRJTEHysqovvMYxw7yMedHOfGB0dOsQg=; b=A4HzCY8nClu6jZk5NmRvdXuppnEuo91i9GpRSmN0UAtrJPyemvtLtvdo DuohfwojFiRNVSsTw+IfRCKBGGfPtLIbmM769swGVBNRHqyu2cyGx6V1b Mif1uHmd8DTPZG4wzQXb/8lSuh54+0wcMzqrd6y/dF2dh75+UaFIxWB9a uIJWZHjUGT2mUJjUHUo3fyQNosIS3p7TPDejdKfGyGr4eRwGpz3yjist9 bQqXrYUeU8yG8qvGT1kvHpnFLdRfbgankiWZR+C6XUun7nqSrG+9csVah +TPNlIHsC2Uc/r9AzvBuN8IUt+NGUEGBPkl5erL6BXvp1STuTAGzxq9Wm A==; X-CSE-ConnectionGUID: Nalhs4H6QveXWi4PayCORA== X-CSE-MsgGUID: SL3LMrC1SDyVr+5y91mr9g== X-IronPort-AV: E=McAfee;i="6800,10657,11495"; a="55047834" X-IronPort-AV: E=Sophos;i="6.16,320,1744095600"; d="scan'208";a="55047834" Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jul 2025 23:11:08 -0700 X-CSE-ConnectionGUID: suLoPW0jRu6qTo6awwoYtg== X-CSE-MsgGUID: VMK2N62LTaahlHPocZSdbw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.16,320,1744095600"; d="scan'208";a="162280252" Received: from xiaoyaol-hp-g830.ccr.corp.intel.com (HELO [10.124.247.1]) ([10.124.247.1]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 17 Jul 2025 23:10:54 -0700 Message-ID: <7e70c7b9-294b-4e39-a4b6-8357a146dc78@intel.com> Date: Fri, 18 Jul 2025 14:10:51 +0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v15 14/21] KVM: x86: Enable guest_memfd mmap for default VM type To: Fuad Tabba , kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org, kvmarm@lists.linux.dev Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, peterx@redhat.com, pankaj.gupta@amd.com, ira.weiny@intel.com References: <20250717162731.446579-1-tabba@google.com> <20250717162731.446579-15-tabba@google.com> Content-Language: en-US From: Xiaoyao Li In-Reply-To: <20250717162731.446579-15-tabba@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 90816140003 X-Stat-Signature: 871yzr9o3qma5mbjaue5oqg7bi6sy39g X-Rspam-User: X-HE-Tag: 1752819069-750676 X-HE-Meta: U2FsdGVkX18UjpfesIV2bjFVi02LHI1cfOhBG0vbfVe8Daz8UxYqGUwR7fwU0f8MurmV16TVKaWy1ZsYj3okkorkZyv0iaZnmrRziKY+qTDfiwqakSIvrLvvbWm1xa7FdATvQ6LQrZ4B37lnAsSb4dz5t670A8o34Wlu60Jf1Dfm0yhM41fbzLZObgvj9SAvcwEDxNa8wZBR53GDLVCBekTjxeTUfDFkcxv0u+hk/0MoWwSMjmzxNa+RjtFFCZz7I1XF3byLIZvpTJhc3/do7EkBD2O/p+W+Bh2a7EBFLnuarZf8tTdlrIbuLKGYIUJm42xVCwX0T0jhDW++UFuruZFMn90CiAx/F0f0g7xcHPNf6Og1imaJo3XhodFvirRrJx/g5GXSzbsziBUpXuucHVdRGJLryXGWFlRLnWDfXhGM3z+1Uc541diNgwe1Tfdc1NUgyUi14dl2lc1T9Ij3ZJ+2qghRmmHas4zI0eeiONhgKUudLkn1nSr9q4noNTr8s9umpLrc1m6CKSyCmoTFmuPW3wCaHlVmQBsihn6VWcWd0/cUorhx2SdGKOk9hoxKVvEKx9We4nKupXRfXvTk07A7nK0nfrZqJAi2GnDKAQEaZBwbu9GwKJ2XdB0i/OwvxraCzLCL3v3ioo9E6wGDyXbMzJnTD/sYUEfGdT39lIjuRS+Toku6y84A0Cvf4HQqoVWAkI5xNbwlRq39wWIdnUMq2ffpzNDHPOfY2mlaYJXY9dsvQRRct4KjtGOJknEXfFS/gSqidTrmsuqO2/P18TstL7XLTETwHnFKFZT73MYvJ1JRDT1qzj3y65k9s9bse1oUEFAL0irh8uwIl+rpgs/g70SZ2QNJ8xID+8Of60VeoVSEVh2HIFt1Ohh7FSWw6ADYvLYNJXV5VPDzHCMNDDCOi1AjNQsd4RRmzl/EEKs3lmMTE7SPgI4y3LgYWqnBwIVs3/d5Lx0IbNBcfcL UuXfkHx+ SNL/bqEA4E4PxeYosWnlVEsFm5g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 7/18/2025 12:27 AM, Fuad Tabba wrote: > Enable host userspace mmap support for guest_memfd-backed memory when > running KVM with the KVM_X86_DEFAULT_VM type: > > * Define kvm_arch_supports_gmem_mmap() for KVM_X86_DEFAULT_VM: Introduce > the architecture-specific kvm_arch_supports_gmem_mmap() macro, > specifically enabling mmap support for KVM_X86_DEFAULT_VM instances. > This macro, gated by CONFIG_KVM_GMEM_SUPPORTS_MMAP, ensures that only > the default VM type can leverage guest_memfd mmap functionality on > x86. This explicit enablement prevents CoCo VMs, which use guest_memfd > primarily for private memory and rely on hardware-enforced privacy, > from accidentally exposing guest memory via host userspace mappings. > > * Select CONFIG_KVM_GMEM_SUPPORTS_MMAP in KVM_X86: Enable the > CONFIG_KVM_GMEM_SUPPORTS_MMAP Kconfig option when KVM_X86 is selected. > This ensures that the necessary code for guest_memfd mmap support > (introduced earlier) is compiled into the kernel for x86. This Kconfig > option acts as a system-wide gate for the guest_memfd mmap capability. > It implicitly enables CONFIG_KVM_GMEM, making guest_memfd available, > and then layers the mmap capability on top specifically for the > default VM. > > These changes make guest_memfd a more versatile memory backing for > standard KVM guests, allowing VMMs to use a unified guest_memfd model > for both private (CoCo) and non-private (default) VMs. This is a > prerequisite for use cases such as running Firecracker guests entirely > backed by guest_memfd and implementing direct map removal for non-CoCo > VMs. > > Acked-by: David Hildenbrand > Co-developed-by: Ackerley Tng > Signed-off-by: Ackerley Tng > Signed-off-by: Fuad Tabba Reviewed-by: Xiaoyao Li