From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A0E7C54E41 for ; Fri, 8 Mar 2024 22:47:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0540F6B03F7; Fri, 8 Mar 2024 17:47:41 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 003EE6B03F8; Fri, 8 Mar 2024 17:47:40 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E0DA46B03F9; Fri, 8 Mar 2024 17:47:40 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id D1C496B03F7 for ; Fri, 8 Mar 2024 17:47:40 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 82FDF140D20 for ; Fri, 8 Mar 2024 22:47:40 +0000 (UTC) X-FDA: 81875360280.18.01FC842 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf12.hostedemail.com (Postfix) with ESMTP id E839540009 for ; Fri, 8 Mar 2024 22:47:38 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=l0b8QFSF; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of 3ipXrZQYKCJkL73GC59HH9E7.5HFEBGNQ-FFDO35D.HK9@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3ipXrZQYKCJkL73GC59HH9E7.5HFEBGNQ-FFDO35D.HK9@flex--seanjc.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1709938059; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=SKmvQ5PcWXT/71cgvqMhhqx5Wzq7n7WsxYjGNYsq8ec=; b=P/QTRTxBXKIUOvNvFjjpmfnnh8YuK9P/3Q7s9c9ZUjmmzYZ4qs97NQYv5KVKCQ1qm7GUhS HrfXJtV0ZZzzVpPnJkyCb8gOsayhfciS9FDflYoY0hm+y2PliF934ckVNQpxULZx7PoD7C nNHfzyoQm8INj1dfX4RWzUXl57DI/zg= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=l0b8QFSF; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of 3ipXrZQYKCJkL73GC59HH9E7.5HFEBGNQ-FFDO35D.HK9@flex--seanjc.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3ipXrZQYKCJkL73GC59HH9E7.5HFEBGNQ-FFDO35D.HK9@flex--seanjc.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1709938059; a=rsa-sha256; cv=none; b=Xmm+GZbIaIE/JbN/GPfJLBsCAaRwJSMukekQFumLQo8OCVBfopx+gQDiezZSLhCSTPcFdg BImfmcDlGyVM4AaQ7m1W1NJh/1owVS+q7veB0o9ngMZSbWeBYrb/+4qfXRIi8Jl80AkQsq f1Ds3NzGQXf2nTWLCdqwvwNJQ7IMBkw= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-60832a48684so41428107b3.1 for ; Fri, 08 Mar 2024 14:47:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1709938058; x=1710542858; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SKmvQ5PcWXT/71cgvqMhhqx5Wzq7n7WsxYjGNYsq8ec=; b=l0b8QFSF8M7iE7sTVZMF1Py3I43DeoyWxOqhm8AYIaIjHCqOJeqL0+7r6IJCdoZtl/ pfM5BGhqXAIPhXrAftMpz15gGyTcQuuU01qXuduuaMhdHK4ox+prxe07MEv++M8gi5m+ 9mzdNCPPwZtso7aNHJgv9W2vI1QdDa86yQqYv712SXE40ode0IKBe4nowpZUSKMXhZps GzaML+HxcpZBvx/V7QMKw+SOHch6w4jL1kYQkHq6yx9Uel+cUt2FtKObaJhXG9Alu2ZH Z3ioiuXyTOYDsInIJd3JgT6m0aHUtrtc4XiCVSgV6bOxzuQ2ZMGqhfkX/zg4joenZb+q a3Kg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709938058; x=1710542858; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SKmvQ5PcWXT/71cgvqMhhqx5Wzq7n7WsxYjGNYsq8ec=; b=q/80gEr+vQGKHoq85F89epfkgnfIpDAcHx4gASzaxZT3BhiHTnHWJf5g2//J5oaCrQ e7YiiAlpdF7IkEvg7ec5UrppceBhFLg5P8bGSXFlz+N+DuJYiWmJH7qywT/1DDZFAkJo zrc41hawZPyHubUoUrNA7BPU7yOcvJ5WsC7D+ohsIKUh7ynSnaPu3RYIJB9w11+XEe08 Q1eal1Ciiuuizh65MMXISD//g4KTf0dsPUghKL92sgt+3p4JhtLoWeadD0g1jhT05mWw B4yIEGNcEoVFvq6kt2Bj9z8t5YZszmnaoIlYHESV9FXQLLC25KbyNAuhtHXBvvvfvHHr 9Sng== X-Forwarded-Encrypted: i=1; AJvYcCV5QrGAUNLN90H2iBnV0zRMnXuBN9S3KmizDk9aeOWaOhVEqALJ3n8JjZKZAKfQdo2hubMxq6xM6P8JjysKLNmGuYA= X-Gm-Message-State: AOJu0YzPnwLAeltDU4nzyTERUy9NUuqIVfRTuV2VNUfjEeSC+nSHC5uG YVSTrxWdDA1ArR1n7q/0tWutagoaYvq/YUBMG3+jDNIR1rRJvKrPawzCWYWWs505bvo1xEAJp12 U8w== X-Google-Smtp-Source: AGHT+IFqRwVOtamqH/NKTy0aNd2o9IZB1qaPOD/2a3NruNRdmlhFTn+MhqozJICSJlnbYsW/c2VqgNYGi+8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:5201:0:b0:608:ecf3:ef8 with SMTP id g1-20020a815201000000b00608ecf30ef8mr124505ywb.0.1709938058024; Fri, 08 Mar 2024 14:47:38 -0800 (PST) Date: Fri, 8 Mar 2024 14:47:36 -0800 In-Reply-To: Mime-Version: 1.0 References: Message-ID: Subject: Re: Unmapping KVM Guest Memory from Host Kernel From: Sean Christopherson To: David Woodhouse Cc: David Matlack , Brendan Jackman , James Gowans , "akpm@linux-foundation.org" , Patrick Roy , "chao.p.peng@linux.intel.com" , Derek Manwaring , "rppt@kernel.org" , "pbonzini@redhat.com" , Nikita Kalyazin , "lstoakes@gmail.com" , "Liam.Howlett@oracle.com" , "linux-mm@kvack.org" , "qemu-devel@nongnu.org" , "kirill.shutemov@linux.intel.com" , "vbabka@suse.cz" , "mst@redhat.com" , "somlo@cmu.edu" , Alexander Graf , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" Content-Type: text/plain; charset="us-ascii" X-Rspam-User: X-Stat-Signature: tz8aazad53o1kbnixjpz6ruh1jcdkr9e X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E839540009 X-HE-Tag: 1709938058-171756 X-HE-Meta: U2FsdGVkX18TfZsJLFwRraECCgt7wMgAzDM8rEeJyl4Qj+YFvIYHE7deuo+I2e0PbPKC4LoGe89cvqbTRyy5YrPPqSl8Z200ZOoogka16Q+Zr3FbVbIhNdPaJZQJ+Jr9ddwSB0NK0c7oOg1A00jiLPIfoqhkQeFHHEsOhgnU934XjumreTDqXFOEqMFmXLeihsQTi9q+FOYcrXRUw2egD6pbfgutKSwGh1PXpmq9LG6LHwDsXLnoNo6xAeZPphXk7PpREUBitB+YRqRLO0ZgrU/a20m+Ua/Ljszg0kCDmPmO+ZVnCIIuadoT4DHOuCRw8YdQvhQFapVL43mZGUzMnm0VfRhLwPP0bMAxaqGAGYX8gz4jGaT/XPIcc0kDoSvfRa6ezBRBSKdsmz/tyhJkHRurLP06Lauky/0+YtFeyQrsqebC/+iEx41IoRThNayYHVGG0veU9IrpmlrL46WXnSb2vQWa8U5mkwy2y1Xrw2h9NySCDBcTD5PveO1P/y1aimmMdKml8BJdvRmupG8dNjPVa32lMhPz9KsGezf8+c75rGADmYOnxIFmE0v6AH3SCz0A4ZfkNVegRUGxBM0ayVHSL3YmYorbdDs3PFHYGwODpNgafO9UiS2X6LMu4t8YvX72BkPWzEYD9s5c3oPxjBIPGPr3jplvO46sb0qhkDo/UgHhKT030FOFBiBGwvcIhHJOzqpkndIQitOTKSER0j2aIuO96ak0D1XvXJ1ITIr99uN56jC7/ZCf8R77a6zGxNtf7GxiL0alAkCFS9NrYeOzqrKG2HuD7vnSYTeGy83DpNQX0xglpwe1rVP+/JZ3LQyU+F3neXAxF24lWOh/BfyLaQibzHfeo6DPAVmScO1WkQdXTQH7qSu55i9bysP/RIwQpPhewqtsZPTOvKMrdi8bOm0GJIwprbOWMNFIXW+ldXir+D6FWoGz13zL4ovkkk1EElUTTTLeBc3KAh6 lodXRG17 ejs7Y6twEtqPedbASvupD1qEdy00bxUXd5u7G94kkZ26cn/6zXNTsOThyu7EKtZkQrSMWUYD0vbFl/HorNaxHUQ3PTPxfOOu/pUmGa89bC7yNzWn0aaEnz3rq4E+LxJOUQN793dtFhDdlYTMzwcwry0GzIFw92/tc4rZuCjNJQydKy95gA6NEgYML5Xhu3N11zQHWCThHyMdHhsDsy30/c6bBCiMEc6nlR1mns+3zp2h9lJ55N+CZUmoRaAJ5QX2QHAL26Q9d3U4gtugEX7aV8ITqwt8FdLLrXpo2bdM4yTh5NZSU9M8hjfC/xhI825jrw49wjIBcLo0zP8tPZMjvKU5XTPCWbJs66qFBnp6SjTlN6Rpxep6PLkmVfC3vJW+CqQsa6cpUGN3Ka08= X-Bogosity: Ham, tests=bogofilter, spamicity=0.004050, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Mar 08, 2024, David Woodhouse wrote: > On Fri, 2024-03-08 at 09:35 -0800, David Matlack wrote: > > I think what James is looking for (and what we are also interested > > in), is _eliminating_ the ability to access guest memory from the > > direct map entirely. And in general, eliminate the ability to access > > guest memory in as many ways as possible. > > Well, pKVM does that... Out-of-tree :-) I'm not just being snarky; when pKVM lands this functionality upstream, I fully expect zapping direct map entries to be generic guest_memfd functionality that would be opt-in, either by the in-kernel technology, e.g. pKVM, or by userspace, or by some combination of the two, e.g. I can see making it optional to nuke the direct map when using guest_memfd for TDX guests so that rogue accesses from the host generate synchronous #PFs instead of latent #MCs.