From: Vishal Annapurve <vannapurve@google.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"kalyazin@amazon.co.uk" <kalyazin@amazon.co.uk>,
"kernel@xen0n.name" <kernel@xen0n.name>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"loongarch@lists.linux.dev" <loongarch@lists.linux.dev>,
"david@kernel.org" <david@kernel.org>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"svens@linux.ibm.com" <svens@linux.ibm.com>,
"jgross@suse.com" <jgross@suse.com>,
"surenb@google.com" <surenb@google.com>,
"riel@surriel.com" <riel@surriel.com>,
"pfalcato@suse.de" <pfalcato@suse.de>,
"peterx@redhat.com" <peterx@redhat.com>,
"x86@kernel.org" <x86@kernel.org>,
"rppt@kernel.org" <rppt@kernel.org>,
"thuth@redhat.com" <thuth@redhat.com>,
"maz@kernel.org" <maz@kernel.org>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"ast@kernel.org" <ast@kernel.org>,
"vbabka@suse.cz" <vbabka@suse.cz>,
"borntraeger@linux.ibm.com" <borntraeger@linux.ibm.com>,
"alex@ghiti.fr" <alex@ghiti.fr>,
"pjw@kernel.org" <pjw@kernel.org>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"willy@infradead.org" <willy@infradead.org>,
"hca@linux.ibm.com" <hca@linux.ibm.com>,
"wyihan@google.com" <wyihan@google.com>,
"ryan.roberts@arm.com" <ryan.roberts@arm.com>,
"jolsa@kernel.org" <jolsa@kernel.org>,
"yang@os.amperecomputing.com" <yang@os.amperecomputing.com>,
"jmattson@google.com" <jmattson@google.com>,
"luto@kernel.org" <luto@kernel.org>,
"aneesh.kumar@kernel.org" <aneesh.kumar@kernel.org>,
"haoluo@google.com" <haoluo@google.com>,
"patrick.roy@linux.dev" <patrick.roy@linux.dev>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"coxu@redhat.com" <coxu@redhat.com>,
"mhocko@suse.com" <mhocko@suse.com>,
"mlevitsk@redhat.com" <mlevitsk@redhat.com>,
"jgg@ziepe.ca" <jgg@ziepe.ca>, "hpa@zytor.com" <hpa@zytor.com>,
"song@kernel.org" <song@kernel.org>,
"oupton@kernel.org" <oupton@kernel.org>,
"peterz@infradead.org" <peterz@infradead.org>,
"maobibo@loongson.cn" <maobibo@loongson.cn>,
"lorenzo.stoakes@oracle.com" <lorenzo.stoakes@oracle.com>,
"Liam.Howlett@oracle.com" <Liam.Howlett@oracle.com>,
"jthoughton@google.com" <jthoughton@google.com>,
"martin.lau@linux.dev" <martin.lau@linux.dev>,
"jhubbard@nvidia.com" <jhubbard@nvidia.com>,
"Yu, Yu-cheng" <yu-cheng.yu@intel.com>,
"Jonathan.Cameron@huawei.com" <Jonathan.Cameron@huawei.com>,
"eddyz87@gmail.com" <eddyz87@gmail.com>,
"yonghong.song@linux.dev" <yonghong.song@linux.dev>,
"chenhuacai@kernel.org" <chenhuacai@kernel.org>,
"shuah@kernel.org" <shuah@kernel.org>,
"prsampat@amd.com" <prsampat@amd.com>,
"kevin.brodsky@arm.com" <kevin.brodsky@arm.com>,
"shijie@os.amperecomputing.com" <shijie@os.amperecomputing.com>,
"suzuki.poulose@arm.com" <suzuki.poulose@arm.com>,
"itazur@amazon.co.uk" <itazur@amazon.co.uk>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"yuzenghui@huawei.com" <yuzenghui@huawei.com>,
"dev.jain@arm.com" <dev.jain@arm.com>,
"gor@linux.ibm.com" <gor@linux.ibm.com>,
"jackabt@amazon.co.uk" <jackabt@amazon.co.uk>,
"daniel@iogearbox.net" <daniel@iogearbox.net>,
"agordeev@linux.ibm.com" <agordeev@linux.ibm.com>,
"andrii@kernel.org" <andrii@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"joey.gouly@arm.com" <joey.gouly@arm.com>,
"derekmn@amazon.com" <derekmn@amazon.com>,
"xmarcalx@amazon.co.uk" <xmarcalx@amazon.co.uk>,
"kpsingh@kernel.org" <kpsingh@kernel.org>,
"sdf@fomichev.me" <sdf@fomichev.me>,
"jackmanb@google.com" <jackmanb@google.com>,
"bp@alien8.de" <bp@alien8.de>, "corbet@lwn.net" <corbet@lwn.net>,
"ackerleytng@google.com" <ackerleytng@google.com>,
"jannh@google.com" <jannh@google.com>,
"john.fastabend@gmail.com" <john.fastabend@gmail.com>,
"kas@kernel.org" <kas@kernel.org>,
"will@kernel.org" <will@kernel.org>,
"seanjc@google.com" <seanjc@google.com>
Subject: Re: [PATCH v9 07/13] KVM: guest_memfd: Add flag to remove from direct map
Date: Fri, 16 Jan 2026 09:30:02 -0800 [thread overview]
Message-ID: <CAGtprH_qGGRvk3uT74-wWXDiQyY1N1ua+_P2i-0UMmGWovaZuw@mail.gmail.com> (raw)
In-Reply-To: <ed01838830679880d3eadaf6f11c539b9c72c22d.camel@intel.com>
On Thu, Jan 15, 2026 at 3:04 PM Edgecombe, Rick P
<rick.p.edgecombe@intel.com> wrote:
>
> On Wed, 2026-01-14 at 13:46 +0000, Kalyazin, Nikita wrote:
> > Add GUEST_MEMFD_FLAG_NO_DIRECT_MAP flag for KVM_CREATE_GUEST_MEMFD()
> > ioctl. When set, guest_memfd folios will be removed from the direct map
> > after preparation, with direct map entries only restored when the folios
> > are freed.
> >
> > To ensure these folios do not end up in places where the kernel cannot
> > deal with them, set AS_NO_DIRECT_MAP on the guest_memfd's struct
> > address_space if GUEST_MEMFD_FLAG_NO_DIRECT_MAP is requested.
> >
> > Note that this flag causes removal of direct map entries for all
> > guest_memfd folios independent of whether they are "shared" or "private"
> > (although current guest_memfd only supports either all folios in the
> > "shared" state, or all folios in the "private" state if
> > GUEST_MEMFD_FLAG_MMAP is not set). The usecase for removing direct map
> > entries of also the shared parts of guest_memfd are a special type of
> > non-CoCo VM where, host userspace is trusted to have access to all of
> > guest memory, but where Spectre-style transient execution attacks
> > through the host kernel's direct map should still be mitigated. In this
> > setup, KVM retains access to guest memory via userspace mappings of
> > guest_memfd, which are reflected back into KVM's memslots via
> > userspace_addr. This is needed for things like MMIO emulation on x86_64
> > to work.
>
> TDX does some clearing at the direct map mapping for pages that comes from gmem,
> using a special instruction. It also does some clflushing at the direct map
> address for these pages. So I think we need to make sure TDs don't pull from
> gmem fds with this flag.
Disabling this feature for TDX VMs for now seems ok. I assume TDX code
can establish temporary mappings to the physical memory and therefore
doesn't necessarily have to rely on direct map.
Is it safe to say that we can remove direct map for guest memory for
TDX VMs (and ideally other CC VMs as well) in future as needed?
>
> Not that there would be any expected use of the flag for TDs, but it could cause
> a crash.
next prev parent reply other threads:[~2026-01-16 17:30 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-14 13:45 [PATCH v9 00/13] Direct Map Removal Support for guest_memfd Kalyazin, Nikita
2026-01-14 13:45 ` [PATCH v9 01/13] set_memory: add folio_{zap,restore}_direct_map helpers Kalyazin, Nikita
2026-01-15 10:54 ` Huacai Chen
2026-01-15 11:03 ` [PATCH v9 01/13] set_memory: add folio_{zap, restore}_direct_map helpers Nikita Kalyazin
2026-01-15 12:12 ` [PATCH v9 01/13] set_memory: add folio_{zap,restore}_direct_map helpers Heiko Carstens
2026-01-15 15:25 ` [PATCH v9 01/13] set_memory: add folio_{zap, restore}_direct_map helpers Nikita Kalyazin
2026-01-15 15:55 ` [PATCH v9 01/13] set_memory: add folio_{zap,restore}_direct_map helpers Matthew Wilcox
2026-01-15 17:45 ` [PATCH v9 01/13] set_memory: add folio_{zap, restore}_direct_map helpers Nikita Kalyazin
2026-01-15 20:05 ` David Hildenbrand (Red Hat)
2026-01-15 21:07 ` [PATCH v9 01/13] set_memory: add folio_{zap,restore}_direct_map helpers Ackerley Tng
2026-01-14 13:45 ` [PATCH v9 02/13] mm/gup: drop secretmem optimization from gup_fast_folio_allowed Kalyazin, Nikita
2026-01-15 20:04 ` David Hildenbrand (Red Hat)
2026-01-15 21:40 ` Ackerley Tng
2026-01-16 14:55 ` Nikita Kalyazin
2026-01-22 0:20 ` Ackerley Tng
2026-01-14 13:45 ` [PATCH v9 03/13] mm: introduce AS_NO_DIRECT_MAP Kalyazin, Nikita
2026-01-15 21:42 ` Ackerley Tng
2026-01-14 13:45 ` [PATCH v9 04/13] KVM: guest_memfd: Add stub for kvm_arch_gmem_invalidate Kalyazin, Nikita
2026-01-15 21:47 ` Ackerley Tng
2026-01-14 13:46 ` [PATCH v9 05/13] KVM: x86: define kvm_arch_gmem_supports_no_direct_map() Kalyazin, Nikita
2026-01-15 21:48 ` Ackerley Tng
2026-01-14 13:46 ` [PATCH v9 06/13] KVM: arm64: " Kalyazin, Nikita
2026-01-14 13:46 ` [PATCH v9 07/13] KVM: guest_memfd: Add flag to remove from direct map Kalyazin, Nikita
2026-01-15 20:00 ` Ackerley Tng
2026-01-16 14:56 ` Nikita Kalyazin
2026-01-22 16:34 ` Ackerley Tng
2026-01-22 18:04 ` Nikita Kalyazin
2026-01-22 20:30 ` Ackerley Tng
2026-01-22 20:40 ` Nikita Kalyazin
2026-01-15 23:04 ` Edgecombe, Rick P
2026-01-16 15:02 ` Nikita Kalyazin
2026-01-16 15:35 ` Edgecombe, Rick P
2026-01-16 15:41 ` Sean Christopherson
2026-01-16 17:32 ` Nikita Kalyazin
2026-01-16 17:51 ` Edgecombe, Rick P
2026-01-16 17:30 ` Vishal Annapurve [this message]
2026-01-16 17:51 ` Edgecombe, Rick P
2026-01-22 16:44 ` Ackerley Tng
2026-01-22 17:35 ` Edgecombe, Rick P
2026-01-22 22:47 ` Ackerley Tng
2026-01-23 0:01 ` Edgecombe, Rick P
2026-01-28 0:29 ` Ackerley Tng
2026-01-16 0:00 ` Edgecombe, Rick P
2026-01-16 15:00 ` Nikita Kalyazin
2026-01-16 15:34 ` Edgecombe, Rick P
2026-01-16 17:28 ` Nikita Kalyazin
2026-01-16 17:36 ` Edgecombe, Rick P
2026-01-16 17:51 ` Nikita Kalyazin
2026-01-16 18:10 ` Edgecombe, Rick P
2026-01-16 18:16 ` Nikita Kalyazin
2026-01-22 18:37 ` Ackerley Tng
2026-01-22 18:47 ` Nikita Kalyazin
2026-01-26 16:56 ` Nikita Kalyazin
2026-01-28 0:21 ` Ackerley Tng
2026-01-14 13:46 ` [PATCH v9 08/13] KVM: selftests: load elf via bounce buffer Kalyazin, Nikita
2026-01-14 13:46 ` [PATCH v9 09/13] KVM: selftests: set KVM_MEM_GUEST_MEMFD in vm_mem_add() if guest_memfd != -1 Kalyazin, Nikita
2026-01-15 19:39 ` Ackerley Tng
2026-01-16 15:00 ` Nikita Kalyazin
2026-01-14 13:47 ` [PATCH v9 10/13] KVM: selftests: Add guest_memfd based vm_mem_backing_src_types Kalyazin, Nikita
2026-01-14 13:47 ` [PATCH v9 11/13] KVM: selftests: cover GUEST_MEMFD_FLAG_NO_DIRECT_MAP in existing selftests Kalyazin, Nikita
2026-01-14 13:47 ` [PATCH v9 12/13] KVM: selftests: stuff vm_mem_backing_src_type into vm_shape Kalyazin, Nikita
2026-01-14 13:47 ` [PATCH v9 13/13] KVM: selftests: Test guest execution from direct map removed gmem Kalyazin, Nikita
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGtprH_qGGRvk3uT74-wWXDiQyY1N1ua+_P2i-0UMmGWovaZuw@mail.gmail.com \
--to=vannapurve@google.com \
--cc=Jonathan.Cameron@huawei.com \
--cc=Liam.Howlett@oracle.com \
--cc=ackerleytng@google.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=alex@ghiti.fr \
--cc=andrii@kernel.org \
--cc=aneesh.kumar@kernel.org \
--cc=aou@eecs.berkeley.edu \
--cc=ast@kernel.org \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=corbet@lwn.net \
--cc=coxu@redhat.com \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=david@kernel.org \
--cc=derekmn@amazon.com \
--cc=dev.jain@arm.com \
--cc=eddyz87@gmail.com \
--cc=gor@linux.ibm.com \
--cc=haoluo@google.com \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=itazur@amazon.co.uk \
--cc=jackabt@amazon.co.uk \
--cc=jackmanb@google.com \
--cc=jannh@google.com \
--cc=jgg@ziepe.ca \
--cc=jgross@suse.com \
--cc=jhubbard@nvidia.com \
--cc=jmattson@google.com \
--cc=joey.gouly@arm.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=jthoughton@google.com \
--cc=kalyazin@amazon.co.uk \
--cc=kas@kernel.org \
--cc=kernel@xen0n.name \
--cc=kevin.brodsky@arm.com \
--cc=kpsingh@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=loongarch@lists.linux.dev \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=maobibo@loongson.cn \
--cc=martin.lau@linux.dev \
--cc=maz@kernel.org \
--cc=mhocko@suse.com \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=oupton@kernel.org \
--cc=palmer@dabbelt.com \
--cc=patrick.roy@linux.dev \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=peterz@infradead.org \
--cc=pfalcato@suse.de \
--cc=pjw@kernel.org \
--cc=prsampat@amd.com \
--cc=rick.p.edgecombe@intel.com \
--cc=riel@surriel.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=sdf@fomichev.me \
--cc=seanjc@google.com \
--cc=shijie@os.amperecomputing.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=surenb@google.com \
--cc=suzuki.poulose@arm.com \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=thuth@redhat.com \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=wyihan@google.com \
--cc=x86@kernel.org \
--cc=xmarcalx@amazon.co.uk \
--cc=yang@os.amperecomputing.com \
--cc=yonghong.song@linux.dev \
--cc=yu-cheng.yu@intel.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox