From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80857C5AD49 for ; Thu, 29 May 2025 20:38:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D5AC26B0085; Thu, 29 May 2025 16:38:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D0BE16B0088; Thu, 29 May 2025 16:38:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BD5536B0089; Thu, 29 May 2025 16:38:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 973AE6B0085 for ; Thu, 29 May 2025 16:38:03 -0400 (EDT) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 354C416138B for ; Thu, 29 May 2025 20:38:03 +0000 (UTC) X-FDA: 83497107246.16.C093F14 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) by imf30.hostedemail.com (Postfix) with ESMTP id 61E4F8000A for ; Thu, 29 May 2025 20:38:01 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=MC8oMBFF; spf=pass (imf30.hostedemail.com: domain of 3p8U4aAsKCF468GANHAUPJCCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--ackerleytng.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3p8U4aAsKCF468GANHAUPJCCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748551081; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8V0aEgZlDdaEbVhQ7MZDJBQiQ6ReHKrQ1z+MrifNuLA=; b=OMdyFBT6tXeja+YHLqAXU0G48aPG4xwo3KjmjY20T4Q5hlJcINXdJB2Ew3aWjqLepTTIQ7 mS3LfvcQWSzn0sFFo+MbJzStqM+lpB1cc7PsPvlrld1yfa6+rqZHUJKjRblyYc9vcPyIY8 QUcmHxsYF3nnRdEvudf1HIlECjbPThY= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=MC8oMBFF; spf=pass (imf30.hostedemail.com: domain of 3p8U4aAsKCF468GANHAUPJCCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--ackerleytng.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3p8U4aAsKCF468GANHAUPJCCKKCHA.8KIHEJQT-IIGR68G.KNC@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748551081; a=rsa-sha256; cv=none; b=5jXqy76r5D/pa386v55ABvYO2ZJ+CQ9mJMBJ77mH+XBjOYLOK/+LBLI8I90UmAuBtb4u8+ cHRozLXXL+JelOsdxDL0SaMBoqa9XNOGovcJcS2la8hBk9FszB/esGuuI/tpxybDxd+9A9 lEftLS2U2lHf5saX+rr6LdGRohpnwDk= Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-74292762324so1044627b3a.0 for ; Thu, 29 May 2025 13:38:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1748551080; x=1749155880; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=8V0aEgZlDdaEbVhQ7MZDJBQiQ6ReHKrQ1z+MrifNuLA=; b=MC8oMBFF0E/CY3ofZbUYZa2SKhjuaFAJWSh0FaggMOelYmOzECKlr07QcG+f8V25Ac wSFCv0cNrz4KrlU44sRowCL4NIrva80ta9hBA4bio2ZGzaLQSKo0iAclFieK8C0QjxYK w1J1Abb/cGIaY/1ltIkUJKT4IGvGJerL5h0jixwO5C/6IWeDMsN84EZQj6CyhEd4/pp+ WoDk+moSAF305O0ylamqzXRk9eeboTFHOxmXR2OA52eUTnDeaQAx9N+N2qErSJBKqhWS G7sNzFhaXQ6+cWGo6wGZgJg/EwJIZbNss1ti/1Gg00owDSOCz+GF7hwFat9Le/Zg1/Bp yj1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748551080; x=1749155880; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8V0aEgZlDdaEbVhQ7MZDJBQiQ6ReHKrQ1z+MrifNuLA=; b=I1E+/iaS9LfMLiGT7DGdznJpOI5dbtSbFeWLVQdWTuUsa794d/yniVh733D3cBH86s OsgMRPpP2zE86nXJIFlvVp5maH1G30BNtEfL42485uhKnL3eSSPfvhAjSgJCZEiiTpjh IE2H6xabKpY8wYN67FXcngyXPSZjxVPyl6F/1ulIPiYrnJ6oKx/ylNwK/77aKBTq7fs1 D/s7/WU/Wx4KAArhx4K3snxF/mbDkceN4K6hmeSrMO75fcVkpRokFlBY9qk1A6oy7jpe IqDz8agXMrUkjkzcAhxTsATkpu7AidHub0Ti3kr6NF7gU3KEXj8vqIIvHHnebGPj61L5 33nw== X-Forwarded-Encrypted: i=1; AJvYcCVYr/CQ7/qIYOFqQG4+nt51o2Psnhqd6Y2AiNn4bh9vvybHaTGuSIvrrHQeUnstTWXf7/ZPt/u9VQ==@kvack.org X-Gm-Message-State: AOJu0YzA2tQNAe1jL4DauDlNvbZzyTxW1xjfWmFiZUBmQN2uKvOHI/kh RwLfZ37l5nmaX9+X5YUDvgNu7OnuQ8R7QILieK9sYC05bcwlU4+ioqhxNBX1tHFs8Gfp+1xslHP E+TY/uYWKHLiklOdPe8qk0A30PA== X-Google-Smtp-Source: AGHT+IFjOdk4yT4NM/QaqhOJD4gsMe2ihRDu+Gs7HGOAnaMlSmAglIltMP37EmZjJc9BSmEgYJS63ATu0p6hhP84/w== X-Received: from pfuw1.prod.google.com ([2002:a05:6a00:14c1:b0:746:32ae:99d5]) (user=ackerleytng job=prod-delivery.src-stubby-dispatcher) by 2002:aa7:8882:0:b0:742:3fb4:f992 with SMTP id d2e1a72fcca58-747bd97408amr1069146b3a.10.1748551079940; Thu, 29 May 2025 13:37:59 -0700 (PDT) Date: Thu, 29 May 2025 13:37:58 -0700 In-Reply-To: Mime-Version: 1.0 References: <9483e9e3-9b29-49c6-adcc-04fe45ac28fd@linux.intel.com> Message-ID: Subject: Re: [RFC PATCH v2 02/51] KVM: guest_memfd: Introduce and use shareability to guard faulting From: Ackerley Tng To: Binbin Wu Cc: kvm@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, x86@kernel.org, linux-fsdevel@vger.kernel.org, aik@amd.com, ajones@ventanamicro.com, akpm@linux-foundation.org, amoorthy@google.com, anthony.yznaga@oracle.com, anup@brainfault.org, aou@eecs.berkeley.edu, bfoster@redhat.com, brauner@kernel.org, catalin.marinas@arm.com, chao.p.peng@intel.com, chenhuacai@kernel.org, dave.hansen@intel.com, david@redhat.com, dmatlack@google.com, dwmw@amazon.co.uk, erdemaktas@google.com, fan.du@intel.com, fvdl@google.com, graf@amazon.com, haibo1.xu@intel.com, hch@infradead.org, hughd@google.com, ira.weiny@intel.com, isaku.yamahata@intel.com, jack@suse.cz, james.morse@arm.com, jarkko@kernel.org, jgg@ziepe.ca, jgowans@amazon.com, jhubbard@nvidia.com, jroedel@suse.de, jthoughton@google.com, jun.miao@intel.com, kai.huang@intel.com, keirf@google.com, kent.overstreet@linux.dev, kirill.shutemov@intel.com, liam.merwick@oracle.com, maciej.wieczor-retman@intel.com, mail@maciej.szmigiero.name, maz@kernel.org, mic@digikod.net, michael.roth@amd.com, mpe@ellerman.id.au, muchun.song@linux.dev, nikunj@amd.com, nsaenz@amazon.es, oliver.upton@linux.dev, palmer@dabbelt.com, pankaj.gupta@amd.com, paul.walmsley@sifive.com, pbonzini@redhat.com, pdurrant@amazon.co.uk, peterx@redhat.com, pgonda@google.com, pvorel@suse.cz, qperret@google.com, quic_cvanscha@quicinc.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, quic_svaddagi@quicinc.com, quic_tsoni@quicinc.com, richard.weiyang@gmail.com, rick.p.edgecombe@intel.com, rientjes@google.com, roypat@amazon.co.uk, rppt@kernel.org, seanjc@google.com, shuah@kernel.org, steven.price@arm.com, steven.sistare@oracle.com, suzuki.poulose@arm.com, tabba@google.com, thomas.lendacky@amd.com, vannapurve@google.com, vbabka@suse.cz, viro@zeniv.linux.org.uk, vkuznets@redhat.com, wei.w.wang@intel.com, will@kernel.org, willy@infradead.org, xiaoyao.li@intel.com, yan.y.zhao@intel.com, yilun.xu@intel.com, yuzenghui@huawei.com, zhiquan1.li@intel.com Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 61E4F8000A X-Stat-Signature: isnpe5aztrniz5qqmkrhh73ysj6bqj7t X-Rspam-User: X-Rspamd-Server: rspam07 X-HE-Tag: 1748551081-66394 X-HE-Meta: U2FsdGVkX1/oqcV+p3heobCmxLOJUsfYIOl3m1DdkJsG0+yWuX7+9+E5DYPRwFOzSisrPBMTsbOrJI9RG3wGAY8dUbirB9ghfn8MCfMgM/lUrpmI6Q91+v1OR8frChr7lRUzm3cTnuS4fNEszT2TOtaMVgy1/Dijj13KQbI7wmrslnxFTXeQVNiK79sHOR/uUbQdIQ5nbTRRbyi3apmkUoJSIH4pLu6CnlAJH5yWx0l+NfqUjekUjsjOadYl+PkbCALtmvU/iUerxc51g7pALRk5IzrMg0a1TkKPN4tX+zHxGc4PdJHwa3n8N+WNbSuDNT9aJDrqcBdNLQ9VYMeuTGJt1QcayBh+qdciKcoojivRvVfYRO7wkFM8MzW72mAa23t0MC4pUA8Rp8Zj/3qXzgiPWKnJDIYjCnhAeVwwMz6f/IjzqAToKAFyHiDzGLclEY77+Ybp351aqyjIL5zIr40P4kJkFWyqLeYPl1wh5YtOnCRsYE+jkTJRjoW/zZixQvhEy0gsO7rzxUzGy8nK4VJnAj9rjVnNNGK63Tsxfn1rsv1UL+cTKYs8qns1r1vBu2lGgMWcw4zleHZ7nojODz2hnkL+ZTUaxGv7LwU2Jx1OG1N5Ey9TVNEFgWI/GzNVwRxttXPMeoM6SE1UR7Gf1mfhwMkRgMnMxKSFK0mKBzIh5/dNbmTwlDbGsccntNKG5u3hTj6iviVjsSNGZ54pO9ihtgAh4cT7uH6WkdOGaqi8YpRFpdhDqwWBplu1zyO++3isaY4JumDPvIDEW+I0u3wVvO/L2IjaYDumRBn4vOwNCBtEAwGnVnVT1GcabbiwMxvPoVFQj3qL2ErafgYwdCfGsYmE5ChJooM+KvAjfhdJqfgYqq97T4z9xOLjpC0fI652IZ/Zv0Yis45MJ1ZkoWYs+TFACHibpGv0qOtWZ/8MHd2Vlo0s8ReiQh0AMHbxU+MbUPHOKXq/YssT338 FuFVKux3 46Xw/ZRnESbx+pgOsDkyK1gY14KxD9Ik60zyDdQejZ0ze8IQiVVLXbl4OIJdbTpHFy9DTVi9p/nyLeKirU8EiyaW6ebs/Tdgi86L7Gli8sdwykNpfEGarW3XNLpEXLA/9cJRFgroLjgPC3tyhLphrZuzqNxVHXc0tTThSW5nD2DJgBxT1koibX6iGp8D3sgXhCPyjgUetk9WpWj2hLAE+mXV0E5gkmG4UKL6rI6aRZF59eMRpGHN01U3uSLNj8cJv4aND2P/0ssoyPwm1m2b6lnIj+jB4H//14B65XEqyITPu9c7DX9E1M9AWA8hrk9GbRhn4XE05vDgo0yLC0HMeVGhbJ8zRJ3qsVPJQowyj3uUJviVBZV2q9P8r3k1J8SJ0AxG9tF48ZZ8A7R29Tyhb/mJFh+iswNSf6Xp8JdMI/qpk4bfkRELdx17LdCUV+KK02lMYOidN0fHf8la6gG1aymqY6nfHlmSSplQ9cXiSqWw76wMunjCUiXwx/m9P+tOjx0nFFBJ4B8oymmY4PM5+eDH3QWJj6n1eFE87FyoxOKHjJQwTAlj7qM+Ksmv6ca69A9X/qw3/cJPR3trTfjpjo8u2pqybUrF3IOIgTL1d7c60+4C29X69Wtq7LZ+XzJgUIz9u7ZZEDY38tKluCim9XdsYIx5BVzD3RQ9XlM3Gq/Z5g14dzYIhr0tT85r8V8J0lo09rGsIOZyONg0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Ackerley Tng writes: > Binbin Wu writes: > >> On 5/15/2025 7:41 AM, Ackerley Tng wrote: >>> Track guest_memfd memory's shareability status within the inode as >>> opposed to the file, since it is property of the guest_memfd's memory >>> contents. >>> >>> Shareability is a property of the memory and is indexed using the >>> page's index in the inode. Because shareability is the memory's >>> property, it is stored within guest_memfd instead of within KVM, like >>> in kvm->mem_attr_array. >>> >>> KVM_MEMORY_ATTRIBUTE_PRIVATE in kvm->mem_attr_array must still be >>> retained to allow VMs to only use guest_memfd for private memory and >>> some other memory for shared memory. >>> >>> Not all use cases require guest_memfd() to be shared with the host >>> when first created. Add a new flag, GUEST_MEMFD_FLAG_INIT_PRIVATE, >>> which when set on KVM_CREATE_GUEST_MEMFD, initializes the memory as >>> private to the guest, and therefore not mappable by the >>> host. Otherwise, memory is shared until explicitly converted to >>> private. >>> >>> Signed-off-by: Ackerley Tng >>> Co-developed-by: Vishal Annapurve >>> Signed-off-by: Vishal Annapurve >>> Co-developed-by: Fuad Tabba >>> Signed-off-by: Fuad Tabba >>> Change-Id: If03609cbab3ad1564685c85bdba6dcbb6b240c0f >>> --- >>> Documentation/virt/kvm/api.rst | 5 ++ >>> include/uapi/linux/kvm.h | 2 + >>> virt/kvm/guest_memfd.c | 124 ++++++++++++++++++++++++++++++++- >>> 3 files changed, 129 insertions(+), 2 deletions(-) >>> >>> diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst >>> index 86f74ce7f12a..f609337ae1c2 100644 >>> --- a/Documentation/virt/kvm/api.rst >>> +++ b/Documentation/virt/kvm/api.rst >>> @@ -6408,6 +6408,11 @@ belonging to the slot via its userspace_addr. >>> The use of GUEST_MEMFD_FLAG_SUPPORT_SHARED will not be allowed for CoCo VMs. >>> This is validated when the guest_memfd instance is bound to the VM. >>> >>> +If the capability KVM_CAP_GMEM_CONVERSIONS is supported, then the 'flags' field >>> +supports GUEST_MEMFD_FLAG_INIT_PRIVATE. >> >> It seems that the sentence is stale? >> Didn't find the definition of KVM_CAP_GMEM_CONVERSIONS. >> > > Thanks. This should read > > If the capability KVM_CAP_GMEM_SHARED_MEM is supported, and > GUEST_MEMFD_FLAG_SUPPORT_SHARED is specified, then the 'flags' field > supports GUEST_MEMFD_FLAG_INIT_PRIVATE. > My bad, saw your other email. Fixing the above: If the capability KVM_CAP_GMEM_CONVERSION is supported, and GUEST_MEMFD_FLAG_SUPPORT_SHARED is specified, then the 'flags' field supports GUEST_MEMFD_FLAG_INIT_PRIVATE. >>> Setting GUEST_MEMFD_FLAG_INIT_PRIVATE >>> +will initialize the memory for the guest_memfd as guest-only and not faultable >>> +by the host. >>> + >> [...] >>> >>> static int kvm_gmem_init_fs_context(struct fs_context *fc) >>> @@ -549,12 +645,26 @@ static const struct inode_operations kvm_gmem_iops = { >>> static struct inode *kvm_gmem_inode_make_secure_inode(const char *name, >>> loff_t size, u64 flags) >>> { >>> + struct kvm_gmem_inode_private *private; >>> struct inode *inode; >>> + int err; >>> >>> inode = alloc_anon_secure_inode(kvm_gmem_mnt->mnt_sb, name); >>> if (IS_ERR(inode)) >>> return inode; >>> >>> + err = -ENOMEM; >>> + private = kzalloc(sizeof(*private), GFP_KERNEL); >>> + if (!private) >>> + goto out; >>> + >>> + mt_init(&private->shareability); >> >> shareability is defined only when CONFIG_KVM_GMEM_SHARED_MEM enabled, should be done within CONFIG_KVM_GMEM_SHARED_MEM . >> >> > > Yes, thank you! Will also update this to only initialize shareability if > (flags & GUEST_MEMFD_FLAG_SUPPORT_SHARED). > >>> + inode->i_mapping->i_private_data = private; >>> + >>> + err = kvm_gmem_shareability_setup(private, size, flags); >>> + if (err) >>> + goto out; >>> + >>> inode->i_private = (void *)(unsigned long)flags; >>> inode->i_op = &kvm_gmem_iops; >>> inode->i_mapping->a_ops = &kvm_gmem_aops; >>> @@ -566,6 +676,11 @@ static struct inode *kvm_gmem_inode_make_secure_inode(const char *name, >>> WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); >>> >>> return inode; >>> + >>> +out: >>> + iput(inode); >>> + >>> + return ERR_PTR(err); >>> } >>> >>> >> [...]