From: Ackerley Tng <ackerleytng@google.com>
To: Fuad Tabba <tabba@google.com>
Cc: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-mm@kvack.org, pbonzini@redhat.com, chenhuacai@kernel.org,
mpe@ellerman.id.au, anup@brainfault.org,
paul.walmsley@sifive.com, palmer@dabbelt.com,
aou@eecs.berkeley.edu, seanjc@google.com,
viro@zeniv.linux.org.uk, brauner@kernel.org,
willy@infradead.org, akpm@linux-foundation.org,
xiaoyao.li@intel.com, yilun.xu@intel.com,
chao.p.peng@linux.intel.com, jarkko@kernel.org,
amoorthy@google.com, dmatlack@google.com,
yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com,
mic@digikod.net, vbabka@suse.cz, vannapurve@google.com,
mail@maciej.szmigiero.name, david@redhat.com,
michael.roth@amd.com, wei.w.wang@intel.com,
liam.merwick@oracle.com, isaku.yamahata@gmail.com,
kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com,
steven.price@arm.com, quic_eberman@quicinc.com,
quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com,
quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com,
quic_pderrin@quicinc.com, quic_pheragu@quicinc.com,
catalin.marinas@arm.com, james.morse@arm.com,
yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org,
will@kernel.org, qperret@google.com, keirf@google.com,
roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org,
jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com,
fvdl@google.com, hughd@google.com, jthoughton@google.com,
tabba@google.com
Subject: Re: [PATCH v3 03/11] KVM: guest_memfd: Allow host to map guest_memfd() pages
Date: Wed, 12 Feb 2025 05:07:52 +0000 [thread overview]
Message-ID: <diqzed0392dz.fsf@ackerleytng-ctop.c.googlers.com> (raw)
In-Reply-To: <20250211121128.703390-4-tabba@google.com> (message from Fuad Tabba on Tue, 11 Feb 2025 12:11:19 +0000)
Fuad Tabba <tabba@google.com> writes:
> Add support for mmap() and fault() for guest_memfd backed memory
> in the host for VMs that support in-place conversion between
> shared and private (shared memory). To that end, this patch adds
> the ability to check whether the VM type has that support, and
> only allows mapping its memory if that's the case.
>
> Additionally, this behavior is gated with a new configuration
> option, CONFIG_KVM_GMEM_SHARED_MEM.
>
> Signed-off-by: Fuad Tabba <tabba@google.com>
>
> ---
>
> This patch series will allow shared memory support for software
> VMs in x86. It will also introduce a similar VM type for arm64
> and allow shared memory support for that. In the future, pKVM
> will also support shared memory.
Thanks, I agree that introducing mmap this way could help in having it
merged earlier, independently of conversion support, to support testing.
I'll adopt this patch in the next revision of 1G page support for
guest_memfd.
> ---
> include/linux/kvm_host.h | 11 +++++
> virt/kvm/Kconfig | 4 ++
> virt/kvm/guest_memfd.c | 93 ++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 108 insertions(+)
>
> diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
> index 8b5f28f6efff..438aa3df3175 100644
> --- a/include/linux/kvm_host.h
> +++ b/include/linux/kvm_host.h
> @@ -728,6 +728,17 @@ static inline bool kvm_arch_has_private_mem(struct kvm *kvm)
> }
> #endif
>
> +/*
> + * Arch code must define kvm_arch_gmem_supports_shared_mem if support for
> + * private memory is enabled and it supports in-place shared/private conversion.
> + */
> +#if !defined(kvm_arch_gmem_supports_shared_mem) && !IS_ENABLED(CONFIG_KVM_PRIVATE_MEM)
> +static inline bool kvm_arch_gmem_supports_shared_mem(struct kvm *kvm)
> +{
> + return false;
> +}
> +#endif
Perhaps this could be declared in the #ifdef CONFIG_KVM_PRIVATE_MEM
block?
Could this be defined as a __weak symbol for architectures to override?
Or perhaps that can be done once guest_memfd gets refactored separately
since now the entire guest_memfd.c isn't even compiled if
CONFIG_KVM_PRIVATE_MEM is not set.
> +
> #ifndef kvm_arch_has_readonly_mem
> static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm)
> {
> diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig
> index 54e959e7d68f..4e759e8020c5 100644
> --- a/virt/kvm/Kconfig
> +++ b/virt/kvm/Kconfig
> @@ -124,3 +124,7 @@ config HAVE_KVM_ARCH_GMEM_PREPARE
> config HAVE_KVM_ARCH_GMEM_INVALIDATE
> bool
> depends on KVM_PRIVATE_MEM
> +
> +config KVM_GMEM_SHARED_MEM
> + select KVM_PRIVATE_MEM
> + bool
> diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
> index c6f6792bec2a..85467a3ef8ea 100644
> --- a/virt/kvm/guest_memfd.c
> +++ b/virt/kvm/guest_memfd.c
> @@ -317,9 +317,102 @@ void kvm_gmem_handle_folio_put(struct folio *folio)
> {
> WARN_ONCE(1, "A placeholder that shouldn't trigger. Work in progress.");
> }
> +
> +static bool kvm_gmem_offset_is_shared(struct file *file, pgoff_t index)
> +{
> + struct kvm_gmem *gmem = file->private_data;
> +
> + /* For now, VMs that support shared memory share all their memory. */
> + return kvm_arch_gmem_supports_shared_mem(gmem->kvm);
> +}
> +
> +static vm_fault_t kvm_gmem_fault(struct vm_fault *vmf)
> +{
> + struct inode *inode = file_inode(vmf->vma->vm_file);
> + struct folio *folio;
> + vm_fault_t ret = VM_FAULT_LOCKED;
> +
> + filemap_invalidate_lock_shared(inode->i_mapping);
> +
> + folio = kvm_gmem_get_folio(inode, vmf->pgoff);
> + if (IS_ERR(folio)) {
> + ret = VM_FAULT_SIGBUS;
Will it always be a SIGBUS if there is some error getting a folio?
> + goto out_filemap;
> + }
> +
> + if (folio_test_hwpoison(folio)) {
> + ret = VM_FAULT_HWPOISON;
> + goto out_folio;
> + }
> +
> + /* Must be called with folio lock held, i.e., after kvm_gmem_get_folio() */
> + if (!kvm_gmem_offset_is_shared(vmf->vma->vm_file, vmf->pgoff)) {
> + ret = VM_FAULT_SIGBUS;
> + goto out_folio;
> + }
> +
> + /*
> + * Only private folios are marked as "guestmem" so far, and we never
> + * expect private folios at this point.
> + */
Proposal - rephrase this comment as: before typed folios can be mapped,
PGTY_guestmem is only tagged on folios so that guest_memfd will receive
the kvm_gmem_handle_folio_put() callback. The tag is definitely not
expected when a folio is about to be faulted in.
I propose the above because I think technically when mappability is NONE
the folio isn't private? Not sure if others see this differently.
> + if (WARN_ON_ONCE(folio_test_guestmem(folio))) {
> + ret = VM_FAULT_SIGBUS;
> + goto out_folio;
> + }
> +
> + /* No support for huge pages. */
> + if (WARN_ON_ONCE(folio_test_large(folio))) {
> + ret = VM_FAULT_SIGBUS;
> + goto out_folio;
> + }
> +
> + if (!folio_test_uptodate(folio)) {
> + clear_highpage(folio_page(folio, 0));
> + kvm_gmem_mark_prepared(folio);
> + }
> +
> + vmf->page = folio_file_page(folio, vmf->pgoff);
> +
> +out_folio:
> + if (ret != VM_FAULT_LOCKED) {
> + folio_unlock(folio);
> + folio_put(folio);
> + }
> +
> +out_filemap:
> + filemap_invalidate_unlock_shared(inode->i_mapping);
> +
> + return ret;
> +}
> +
> +static const struct vm_operations_struct kvm_gmem_vm_ops = {
> + .fault = kvm_gmem_fault,
> +};
> +
> +static int kvm_gmem_mmap(struct file *file, struct vm_area_struct *vma)
> +{
> + struct kvm_gmem *gmem = file->private_data;
> +
> + if (!kvm_arch_gmem_supports_shared_mem(gmem->kvm))
> + return -ENODEV;
> +
> + if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) !=
> + (VM_SHARED | VM_MAYSHARE)) {
> + return -EINVAL;
> + }
> +
> + file_accessed(file);
> + vm_flags_set(vma, VM_DONTDUMP);
> + vma->vm_ops = &kvm_gmem_vm_ops;
> +
> + return 0;
> +}
> +#else
> +#define kvm_gmem_mmap NULL
> #endif /* CONFIG_KVM_GMEM_SHARED_MEM */
>
> static struct file_operations kvm_gmem_fops = {
> + .mmap = kvm_gmem_mmap,
I think it's better to surround this with #ifdef
CONFIG_KVM_GMEM_SHARED_MEM so that when more code gets inserted between
the struct declaration and the definition of kvm_gmem_mmap() it is more
obvious that .mmap is only overridden when CONFIG_KVM_GMEM_SHARED_MEM is
set.
> .open = generic_file_open,
> .release = kvm_gmem_release,
> .fallocate = kvm_gmem_fallocate,
next prev parent reply other threads:[~2025-02-12 5:07 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-11 12:11 [PATCH v3 00/11] KVM: Mapping guest_memfd backed memory at the host for software protected VMs Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 01/11] mm: Consolidate freeing of typed folios on final folio_put() Fuad Tabba
2025-02-17 9:33 ` Vlastimil Babka
2025-02-20 11:17 ` David Hildenbrand
2025-02-11 12:11 ` [PATCH v3 02/11] KVM: guest_memfd: Handle final folio_put() of guest_memfd pages Fuad Tabba
2025-02-12 18:19 ` Peter Xu
2025-02-13 8:29 ` Fuad Tabba
2025-02-17 9:49 ` Vlastimil Babka
2025-02-17 10:12 ` Fuad Tabba
2025-02-17 11:21 ` Vlastimil Babka
2025-02-17 11:21 ` Fuad Tabba
2025-02-20 11:22 ` David Hildenbrand
2025-02-20 11:19 ` David Hildenbrand
2025-02-20 11:25 ` David Hildenbrand
2025-02-20 11:28 ` Vlastimil Babka
2025-02-20 11:32 ` David Hildenbrand
2025-02-20 11:38 ` Fuad Tabba
2025-02-20 11:44 ` David Hildenbrand
2025-02-11 12:11 ` [PATCH v3 03/11] KVM: guest_memfd: Allow host to map guest_memfd() pages Fuad Tabba
2025-02-12 5:07 ` Ackerley Tng [this message]
2025-02-12 9:21 ` Fuad Tabba
2025-02-12 21:23 ` Peter Xu
2025-02-13 8:24 ` Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 04/11] KVM: guest_memfd: Add KVM capability to check if guest_memfd is shared Fuad Tabba
2025-02-20 11:37 ` David Hildenbrand
2025-02-20 11:39 ` David Hildenbrand
2025-02-20 11:39 ` Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 05/11] KVM: guest_memfd: Handle in-place shared memory as guest_memfd backed memory Fuad Tabba
2025-02-12 0:15 ` Ackerley Tng
2025-02-12 9:23 ` Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 06/11] KVM: x86: Mark KVM_X86_SW_PROTECTED_VM as supporting guest_memfd shared memory Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 07/11] KVM: arm64: Refactor user_mem_abort() calculation of force_pte Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 08/11] KVM: arm64: Handle guest_memfd()-backed guest page faults Fuad Tabba
2025-02-11 15:57 ` Quentin Perret
2025-02-11 16:13 ` Fuad Tabba
2025-02-11 16:25 ` Quentin Perret
2025-02-11 16:34 ` Fuad Tabba
2025-02-11 16:57 ` Quentin Perret
2025-02-11 17:04 ` Fuad Tabba
2025-02-11 17:19 ` Quentin Perret
2025-02-11 12:11 ` [PATCH v3 09/11] KVM: arm64: Introduce KVM_VM_TYPE_ARM_SW_PROTECTED machine type Fuad Tabba
2025-02-11 16:12 ` Quentin Perret
2025-02-11 16:17 ` Fuad Tabba
2025-02-11 16:29 ` Quentin Perret
2025-02-11 16:32 ` Patrick Roy
2025-02-11 17:09 ` Quentin Perret
2025-02-14 11:13 ` Quentin Perret
2025-02-14 11:33 ` Fuad Tabba
2025-02-14 12:37 ` Patrick Roy
2025-02-14 13:11 ` Fuad Tabba
2025-02-14 13:18 ` Patrick Roy
2025-02-14 15:12 ` Sean Christopherson
2025-02-11 12:11 ` [PATCH v3 10/11] KVM: arm64: Enable mapping guest_memfd in arm64 Fuad Tabba
2025-02-11 12:11 ` [PATCH v3 11/11] KVM: guest_memfd: selftests: guest_memfd mmap() test when mapping is allowed Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=diqzed0392dz.fsf@ackerleytng-ctop.c.googlers.com \
--to=ackerleytng@google.com \
--cc=akpm@linux-foundation.org \
--cc=amoorthy@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chenhuacai@kernel.org \
--cc=david@redhat.com \
--cc=dmatlack@google.com \
--cc=fvdl@google.com \
--cc=hch@infradead.org \
--cc=hughd@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=james.morse@arm.com \
--cc=jarkko@kernel.org \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=jthoughton@google.com \
--cc=keirf@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mail@maciej.szmigiero.name \
--cc=maz@kernel.org \
--cc=mic@digikod.net \
--cc=michael.roth@amd.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=qperret@google.com \
--cc=quic_cvanscha@quicinc.com \
--cc=quic_eberman@quicinc.com \
--cc=quic_mnalajal@quicinc.com \
--cc=quic_pderrin@quicinc.com \
--cc=quic_pheragu@quicinc.com \
--cc=quic_svaddagi@quicinc.com \
--cc=quic_tsoni@quicinc.com \
--cc=rientjes@google.com \
--cc=roypat@amazon.co.uk \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=wei.w.wang@intel.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yu.c.zhang@linux.intel.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox