From: David Hildenbrand <david@redhat.com>
To: Fuad Tabba <tabba@google.com>,
kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-mm@kvack.org
Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au,
anup@brainfault.org, paul.walmsley@sifive.com,
palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com,
viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org,
akpm@linux-foundation.org, xiaoyao.li@intel.com,
yilun.xu@intel.com, chao.p.peng@linux.intel.com,
jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com,
isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz,
vannapurve@google.com, ackerleytng@google.com,
mail@maciej.szmigiero.name, michael.roth@amd.com,
wei.w.wang@intel.com, liam.merwick@oracle.com,
isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com,
suzuki.poulose@arm.com, steven.price@arm.com,
quic_eberman@quicinc.com, quic_mnalajal@quicinc.com,
quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com,
quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com,
quic_pheragu@quicinc.com, catalin.marinas@arm.com,
james.morse@arm.com, yuzenghui@huawei.com,
oliver.upton@linux.dev, maz@kernel.org, will@kernel.org,
qperret@google.com, keirf@google.com, roypat@amazon.co.uk,
shuah@kernel.org, hch@infradead.org, jgg@nvidia.com,
rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com,
hughd@google.com, jthoughton@google.com, peterx@redhat.com
Subject: Re: [PATCH v7 4/9] KVM: guest_memfd: Handle in-place shared memory as guest_memfd backed memory
Date: Mon, 14 Apr 2025 13:51:41 +0200 [thread overview]
Message-ID: <8ebc66ae-5f37-44c0-884b-564a65467fe4@redhat.com> (raw)
In-Reply-To: <20250318161823.4005529-5-tabba@google.com>
On 18.03.25 17:18, Fuad Tabba wrote:
> For VMs that allow sharing guest_memfd backed memory in-place,
> handle that memory the same as "private" guest_memfd memory. This
> means that faulting that memory in the host or in the guest will
> go through the guest_memfd subsystem.
>
> Note that the word "private" in the name of the function
> kvm_mem_is_private() doesn't necessarily indicate that the memory
> isn't shared, but is due to the history and evolution of
> guest_memfd and the various names it has received. In effect,
> this function is used to multiplex between the path of a normal
> page fault and the path of a guest_memfd backed page fault.
>
> Signed-off-by: Fuad Tabba <tabba@google.com>
> ---
> include/linux/kvm_host.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index 601bbcaa5e41..3d5595a71a2a 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -2521,7 +2521,8 @@ static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn)
> #else
> static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn)
> {
> - return false;
> + return kvm_arch_gmem_supports_shared_mem(kvm) &&
> + kvm_slot_can_be_private(gfn_to_memslot(kvm, gfn));
> }
> #endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */
>
I've been thinking long about this, and was wondering if we should instead
clean up the code to decouple the "private" from gmem handling first.
I know, this was already discussed a couple of times, but faking that
shared memory is private looks odd.
I played with the code to star cleaning this up. I ended up with the following
gmem-terminology cleanup patches (not even compile tested)
KVM: rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_KVM_GENERIC_GMEM_POPULATE
KVM: rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM
KVM: rename kvm_arch_has_private_mem() to kvm_arch_supports_gmem()
KVM: x86: rename kvm->arch.has_private_mem to kvm->arch.supports_gmem
KVM: rename kvm_slot_can_be_private() to kvm_slot_has_gmem()
KVM: x86: generalize private fault lookups to "gmem" fault lookups
https://github.com/davidhildenbrand/linux/tree/gmem_shared_prep
On top of that, I was wondering if we could look into doing something like
the following. It would also allow for pulling pages out of gmem for
existing SW-protected VMs once they enable shared memory for GMEM IIUC.
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
index 08eebd24a0e18..6f878cab0f466 100644
--- a/arch/x86/kvm/mmu/mmu.c
+++ b/arch/x86/kvm/mmu/mmu.c
@@ -4495,11 +4495,6 @@ static int kvm_mmu_faultin_pfn_gmem(struct kvm_vcpu *vcpu,
{
int max_order, r;
- if (!kvm_slot_has_gmem(fault->slot)) {
- kvm_mmu_prepare_memory_fault_exit(vcpu, fault);
- return -EFAULT;
- }
-
r = kvm_gmem_get_pfn(vcpu->kvm, fault->slot, fault->gfn, &fault->pfn,
&fault->refcounted_page, &max_order);
if (r) {
@@ -4518,8 +4513,19 @@ static int __kvm_mmu_faultin_pfn(struct kvm_vcpu *vcpu,
struct kvm_page_fault *fault)
{
unsigned int foll = fault->write ? FOLL_WRITE : 0;
+ bool use_gmem = false;
+
+ if (fault->is_private) {
+ if (!kvm_slot_has_gmem(fault->slot)) {
+ kvm_mmu_prepare_memory_fault_exit(vcpu, fault);
+ return -EFAULT;
+ }
+ use_gmem = true;
+ } else if (kvm_slot_has_gmem_with_shared(fault->slot)) {
+ use_gmem = true;
+ }
- if (fault->is_private)
+ if (use_gmem)
return kvm_mmu_faultin_pfn_gmem(vcpu, fault);
foll |= FOLL_NOWAIT;
That is, we'd not claim that things are private when they are not, but instead
teach the code about shared memory coming from gmem.
There might be some more missing, just throwing it out there if I am completely off.
--
Cheers,
David / dhildenb
next prev parent reply other threads:[~2025-04-14 11:51 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-18 16:18 [PATCH v7 0/9] KVM: Mapping guest_memfd backed memory at the host for software protected VMs Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 1/9] mm: Consolidate freeing of typed folios on final folio_put() Fuad Tabba
2025-04-14 10:00 ` David Hildenbrand
2025-04-14 10:15 ` Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 2/9] KVM: guest_memfd: Handle final folio_put() of guest_memfd pages Fuad Tabba
2025-04-14 10:01 ` David Hildenbrand
2025-03-18 16:18 ` [PATCH v7 3/9] KVM: guest_memfd: Allow host to map guest_memfd() pages Fuad Tabba
2025-04-08 12:04 ` Shivank Garg
2025-04-08 13:17 ` Fuad Tabba
2025-04-08 16:58 ` Ackerley Tng
2025-04-09 7:17 ` Shivank Garg
2025-04-10 22:44 ` Ackerley Tng
2025-04-11 10:34 ` Shivank Garg
2025-04-14 10:06 ` David Hildenbrand
2025-04-14 10:15 ` Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 4/9] KVM: guest_memfd: Handle in-place shared memory as guest_memfd backed memory Fuad Tabba
2025-04-14 11:51 ` David Hildenbrand [this message]
2025-04-14 16:03 ` Fuad Tabba
2025-04-14 19:42 ` David Hildenbrand
2025-04-15 13:51 ` Fuad Tabba
2025-04-15 17:23 ` David Hildenbrand
2025-04-14 18:07 ` Ackerley Tng
2025-04-14 20:06 ` David Hildenbrand
2025-04-15 21:50 ` Ackerley Tng
2025-04-16 12:53 ` David Hildenbrand
2025-04-16 12:30 ` Patrick Roy
2025-04-16 12:41 ` David Hildenbrand
2025-03-18 16:18 ` [PATCH v7 5/9] KVM: x86: Mark KVM_X86_SW_PROTECTED_VM as supporting guest_memfd shared memory Fuad Tabba
2025-03-26 14:42 ` kernel test robot
2025-03-18 16:18 ` [PATCH v7 6/9] KVM: arm64: Refactor user_mem_abort() calculation of force_pte Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 7/9] KVM: arm64: Handle guest_memfd()-backed guest page faults Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 8/9] KVM: arm64: Enable mapping guest_memfd in arm64 Fuad Tabba
2025-03-18 16:18 ` [PATCH v7 9/9] KVM: guest_memfd: selftests: guest_memfd mmap() test when mapping is allowed Fuad Tabba
2025-04-01 17:25 ` Ackerley Tng
2025-04-02 8:56 ` Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8ebc66ae-5f37-44c0-884b-564a65467fe4@redhat.com \
--to=david@redhat.com \
--cc=ackerleytng@google.com \
--cc=akpm@linux-foundation.org \
--cc=amoorthy@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chenhuacai@kernel.org \
--cc=dmatlack@google.com \
--cc=fvdl@google.com \
--cc=hch@infradead.org \
--cc=hughd@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=james.morse@arm.com \
--cc=jarkko@kernel.org \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=jthoughton@google.com \
--cc=keirf@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mail@maciej.szmigiero.name \
--cc=maz@kernel.org \
--cc=mic@digikod.net \
--cc=michael.roth@amd.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qperret@google.com \
--cc=quic_cvanscha@quicinc.com \
--cc=quic_eberman@quicinc.com \
--cc=quic_mnalajal@quicinc.com \
--cc=quic_pderrin@quicinc.com \
--cc=quic_pheragu@quicinc.com \
--cc=quic_svaddagi@quicinc.com \
--cc=quic_tsoni@quicinc.com \
--cc=rientjes@google.com \
--cc=roypat@amazon.co.uk \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=wei.w.wang@intel.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox