From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59C5EC25B10 for ; Mon, 13 May 2024 15:39:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C7B528D0007; Mon, 13 May 2024 11:39:57 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C04768D0001; Mon, 13 May 2024 11:39:57 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AA4748D0007; Mon, 13 May 2024 11:39:57 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8C4088D0001 for ; Mon, 13 May 2024 11:39:57 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 22C1A140CB2 for ; Mon, 13 May 2024 15:39:57 +0000 (UTC) X-FDA: 82113783234.10.B0EA26E Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) by imf29.hostedemail.com (Postfix) with ESMTP id 59153120003 for ; Mon, 13 May 2024 15:39:55 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=fZoRUoSU; spf=pass (imf29.hostedemail.com: domain of 3SjRCZgYKCPMnZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com designates 209.85.219.201 as permitted sender) smtp.mailfrom=3SjRCZgYKCPMnZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715614795; a=rsa-sha256; cv=none; b=ewJs1fZxu/BEGVTaQpgSE6ZDYdOQlDdD+sxXpNYvuHW/VvZSlY8qXd1NS7a69u2PsQ7xBr 3F3UEmJB0fxMrNQqp7oEFNCdlfQlMmYghQgbik+IBsX+VOLVty1vYj6xK0ZRKX7foTY//N Z94uA+SUgjMkUCn8+7EMoHd8kH51WDI= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=fZoRUoSU; spf=pass (imf29.hostedemail.com: domain of 3SjRCZgYKCPMnZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com designates 209.85.219.201 as permitted sender) smtp.mailfrom=3SjRCZgYKCPMnZVieXbjjbgZ.Xjhgdips-hhfqVXf.jmb@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715614795; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=n3Z5PYvhEmOWZdAv2mF8wgraFReVMHPpsbJyP0PVGQk=; b=fw/Zk5ArSUDcynm/0OmZ6VOK68ZpMKE/w+9BjtNYDAny57xXpXRlZ7Wpef03P8sG0jOAWX QjO+u5WO/QhTX1xvVeWmVVNj22mQF4G2+0bp2m0Xkx+OgLoGq2AlyGGH768MoqUTR25yOX NF6Zd8vDePXvXCBj+aGm65b8WUzSfdY= Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-dee5f035dd6so4973093276.0 for ; Mon, 13 May 2024 08:39:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1715614794; x=1716219594; darn=kvack.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=n3Z5PYvhEmOWZdAv2mF8wgraFReVMHPpsbJyP0PVGQk=; b=fZoRUoSU5jA8tGYzzjrOxLXie0Hwvju4g0wIRVaa622YjAq2fE+2bE7Fmmgzj2rv7O bzUEUgMCBUcKsnFMTgBbH8GouPuyE2+9ouDDxzDxZ0yQUe5eaZCHPD0+HF+X/Sz8DGq5 u26Xg+ei/2Fey22a+ALf1vVb2N5m5HW7qTo99/3hw/KWe4Z60cQmswMGpuWOZlfL0KFn CQ+qDFY1mk2m7n1AwvGq2/OH+l7M0mvrWDysE/3Y9ImE0nP+KsaEHO12bYTi8ZZWIUMm 7HjXvedQC0z0NzSelizzH7h3D9lWE9zJnzK5m+y09sL5UvtDQYVO7TXvAor9GH1U5AwM Mt5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715614794; x=1716219594; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=n3Z5PYvhEmOWZdAv2mF8wgraFReVMHPpsbJyP0PVGQk=; b=AxfcTXF7Ux/PPLgMHZ0Xx0sEd4ErEaALvTZZgx3/6jYqTp2FaZEVI1kIgI6calH6vy rLx/TqquYNhnXwpw4X/gDiGIFpb4K3kF8lMPv365n63rQ7CdrhOKNdi16q7gFWv8XiW2 Idqukgxkg6smg8HwvVpAypvcipLhuHrokd7O4BIYllZTnZPo59AtigbY2v4p0NRfa+Dq xIUTWiIqoqreq1x0/LuG6FXHpNaMxafeAJYr0wSiHsdg5dTBSrc3ZSqGkr7Z6+1Jq7G3 jy89ZnYriUiwdXwptc38LkFAHtkoWX+vc+wue6PCJw6V57MCXPQvKGahwr6fjdGXhaqs O3rw== X-Forwarded-Encrypted: i=1; AJvYcCVstvI2mzwG6zQudIZif+3dNjpCQpewfe58vDumYxW0dJmQnVpl92pfi1sTIr13eyeJi2jdHhdma3eYkkShhY4Cypg= X-Gm-Message-State: AOJu0YxY5SAYj3ntB6b4jZCeewOfbs3BRfSyjBswcko+y+SldbxxuDYT M3LnDYfty7/1nclBR2audpEeKvtM/xssqtTQlhdPCb5OxQP4t4pvv6TDogGUhVJNmZQmOlHw1zJ UpQ== X-Google-Smtp-Source: AGHT+IHuwIc8fyCnlatjoe9Q2CYS4eVJOdzUScq69lTq3aH08Ut4sGUdSzstpLDLmLZVgoWu5DLZoOTvNRM= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:fe0f:0:b0:de4:7be7:1c2d with SMTP id 3f1490d57ef6-dee4f31fb93mr2560099276.11.1715614794264; Mon, 13 May 2024 08:39:54 -0700 (PDT) Date: Mon, 13 May 2024 08:39:52 -0700 In-Reply-To: <58f39f23-0314-4e34-a8c7-30c3a1ae4777@amazon.co.uk> Mime-Version: 1.0 References: <58f39f23-0314-4e34-a8c7-30c3a1ae4777@amazon.co.uk> Message-ID: Subject: Re: Unmapping KVM Guest Memory from Host Kernel From: Sean Christopherson To: Patrick Roy Cc: Mike Rapoport , James Gowans , "akpm@linux-foundation.org" , "chao.p.peng@linux.intel.com" , Derek Manwaring , "pbonzini@redhat.com" , David Woodhouse , Nikita Kalyazin , "lstoakes@gmail.com" , "Liam.Howlett@oracle.com" , "linux-mm@kvack.org" , "qemu-devel@nongnu.org" , "kirill.shutemov@linux.intel.com" , "vbabka@suse.cz" , "mst@redhat.com" , "somlo@cmu.edu" , Alexander Graf , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 59153120003 X-Rspam-User: X-Rspamd-Server: rspam12 X-Stat-Signature: wryeh5pxmenj1qnq7brbzrbfozeuxf8r X-HE-Tag: 1715614795-703420 X-HE-Meta: U2FsdGVkX1/vF9Gjoh5J391jq0rhDZhmeiV8Oq42Hlhj5dNmge3Dkcov07oMxXnv/7UbXS1ePNlmhgRTthc61wF2htNE+3JmLjaL5UxDX4a8AROzsOzNmIx1f8WCxyzmoGbUf0J+lT7+GWI8PCqBkWiwYbYzk3sipcxjmV/DuozDPtM4zHhsCmuvHDoWGsyNCzMNkNVBlUgjbgChMBA45C4VhVi+sWNd7SpZ1NDzRuJ3oeQGuIt4okovOfZQPvlH4FuqNqs60mz/j98Fg8KV3rBSzY+OqEB9Qsjc6NrB8oAuDDocIP4+5nw4shlb41oor6VAXXTWd4T1ynwv2SvfCt3GepElWIxgNxOZLY4KmlorJsgn34n1ZXcWF8icUsMbmd9hGUiz/2qpxc8X7MSmoEbw+Y85997AQadtCh64U44ABY2hP8NeL9hhhVMbvd7n3f1rsXgGCfUQ8ZcavjZ51vo9W+en6w7j2wxkO1qBLzFL3oxBcv8ixsZjmzcxt8L+3IRL8lHvMrPuDoXt95x2uUx4ZU6RyixgTKB8vNyaT4EoPCDGPyVkqJiPrchNYjU/DhQc5h0vi4lgAd1vkUaRfVkRNUyxwSV+/VewOJEhkf0nfX6VGz+tSTzt4rIXBgRbnMQnQznle/OLnAiOgrKNW9ihj/XjAl20+XhFP90JFk8arImgwCym/Ki7v5kyc+ibUfWfP30KZosEYjS71NtfawGdrI7OK2px8llmrAYQS2NO9KqTa31fME0PzKRRRIXtddakwUWwvcHhNX8uRqiB9Az5Ho0zz9irrCji+d3Mgn+XA1pWUFDs+dofwtHYFmlVWzXp43oTwMUK2FqzbBCH92Ve+G9RIVaxs2ZYyQ/kbLr4iQO2YjwOiTUYD5ZGCERq5McPSJdj+pfKbt74dc4f2AkwMfYuP2k3RMAAb1lapPxh/Simxcfh2QoChv00hrb4VBYK3wPJbDXkbJIWesX ip5ncccN cEqvLiTTYwa3R9l0mMW4UoVS6dDIitltWrAaYvU5ODWZExFNtws++tQCaJMlikSN2j1RLYXSs/bOJjDWSmsWd48SbyzlJXWN+sc38xF+PLZx8XiycyrI+VMhSBncKW+8ISzqFqLbrv+juEC1rnSFlO+VJtuoCgUoRpXWIOKbwuq/2wA0Mp6jEqXRwMtqyYislQS31kzLKQ6T3Uz9/Pbfj8hvaUsfbna3ig2HBKNkuXAK9+v+0oiGr/obZ4pFXkonJbOC7uf46qisiohGW1x12nlLCdpLWMuUq0Agn1E6XQ1Umur+sUqB+JEbuDrrbaDws/lbrZvJuVWPGCZ7iPAfo54p+EHtGStwV8kIzq2B80v7gv4WYNPO3bhIkVFdly40fyG0oCD3FwLzxW4ka4NB7rGSEcqh08X7mufjTO5jh+llaQY50X0uZ1HSM/rJin9wTn+VolUwUkdgdB7KEXuuUCoAHG+SBmBcPFZn/CyLkWWNaVPnF5WhwKuWWrcPGyGUF43snJ4bQ/NCKjx7dEg4UXwsCDGNKNXnYhCilbUWfYZSEzSmXyhA1xUVgzi79BXXB8THoJE7IMyyxcc1kX+Ztuh0FHtXQXaW4H2zv+rKAGHyNLRh39ff8KGiFGw0oUbsIA9kCOS104bMXt3byt8XJoOjjbICbW+i8646VWYFWsno1zE/I4nmP2+RoRvGELDS3DcUkBldihKmCas5AXHeTjJJ5KWPdmUCPkjYJ+IwndPUfwXFlp4ce2YHd6w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000102, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, May 13, 2024, Patrick Roy wrote: > For non-CoCo VMs, where memory is not encrypted, and the threat model ass= umes a > trusted host userspace, we would like to avoid changing the VM model so > completely. If we adopt CoCo=E2=80=99s approaches where KVM / Userspace t= ouches guest > memory we would get all the complexity, yet none of the encryption. > Particularly the complexity on the MMIO path seems nasty, but x86 does no= t Uber nit, modern AMD CPUs do provide the byte stream, though there is at le= ast one related erratum. Intel CPUs don't provide the byte stream or pre-decod= e in any way. > pre-decode instructions on MMIO exits (which are just EPT_VIOLATIONs) lik= e it > does for PIO exits, so I also don=E2=80=99t really see a way around it in= the > guest_memfd model. ... > Sean, you mentioned that you envision guest_memfd also supporting non-CoC= o VMs. > Do you have some thoughts about how to make the above cases work in the > guest_memfd context? Yes. The hand-wavy plan is to allow selectively mmap()ing guest_memfd(). = There is a long thread[*] discussing how exactly we want to do that. The TL;DR i= s that the basic functionality is also straightforward; the bulk of the discussion= is around gup(), reclaim, page migration, etc. [*] https://lore.kernel.org/all/ZdfoR3nCEP3HTtm1@casper.infradead.org