From: Ackerley Tng <ackerleytng@google.com>
To: David Hildenbrand <david@redhat.com>
Cc: tabba@google.com, kvm@vger.kernel.org,
linux-arm-msm@vger.kernel.org, linux-mm@kvack.org,
pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au,
anup@brainfault.org, paul.walmsley@sifive.com,
palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com,
viro@zeniv.linux.org.uk, brauner@kernel.org,
willy@infradead.org, akpm@linux-foundation.org,
xiaoyao.li@intel.com, yilun.xu@intel.com,
chao.p.peng@linux.intel.com, jarkko@kernel.org,
amoorthy@google.com, dmatlack@google.com,
isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz,
vannapurve@google.com, mail@maciej.szmigiero.name,
michael.roth@amd.com, wei.w.wang@intel.com,
liam.merwick@oracle.com, isaku.yamahata@gmail.com,
kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com,
steven.price@arm.com, quic_eberman@quicinc.com,
quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com,
quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com,
quic_pderrin@quicinc.com, quic_pheragu@quicinc.com,
catalin.marinas@arm.com, james.morse@arm.com,
yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org,
will@kernel.org, qperret@google.com, keirf@google.com,
roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org,
jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com,
fvdl@google.com, hughd@google.com, jthoughton@google.com,
peterx@redhat.com, pankaj.gupta@amd.com, ira.weiny@intel.com
Subject: Re: [PATCH v9 09/17] KVM: x86/mmu: Handle guest page faults for guest_memfd with shared memory
Date: Wed, 21 May 2025 17:40:14 -0700 [thread overview]
Message-ID: <diqzfrgx8olt.fsf@ackerleytng-ctop.c.googlers.com> (raw)
In-Reply-To: <fc7d0849-35ab-411a-be23-03520ca4b314@redhat.com> (message from David Hildenbrand on Wed, 21 May 2025 09:48:41 +0200)
David Hildenbrand <david@redhat.com> writes:
> On 13.05.25 18:34, Fuad Tabba wrote:
>> From: Ackerley Tng <ackerleytng@google.com>
>>
>> For memslots backed by guest_memfd with shared mem support, the KVM MMU
>> always faults-in pages from guest_memfd, and not from the userspace_addr.
>> Towards this end, this patch also introduces a new guest_memfd flag,
>> GUEST_MEMFD_FLAG_SUPPORT_SHARED, which indicates that the guest_memfd
>> instance supports in-place shared memory.
>>
>> This flag is only supported if the VM creating the guest_memfd instance
>> belongs to certain types determined by architecture. Only non-CoCo VMs
>> are permitted to use guest_memfd with shared mem, for now.
>>
>> Function names have also been updated for accuracy -
>> kvm_mem_is_private() returns true only when the current private/shared
>> state (in the CoCo sense) of the memory is private, and returns false if
>> the current state is shared explicitly or impicitly, e.g., belongs to a
>> non-CoCo VM.
>>
>> kvm_mmu_faultin_pfn_gmem() is updated to indicate that it can be used
>> to fault in not just private memory, but more generally, from
>> guest_memfd.
>>
>> Co-developed-by: Fuad Tabba <tabba@google.com>
>> Signed-off-by: Fuad Tabba <tabba@google.com>
>> Co-developed-by: David Hildenbrand <david@redhat.com>
>> Signed-off-by: David Hildenbrand <david@redhat.com>
>> Signed-off-by: Ackerley Tng <ackerleytng@google.com>
>> ---
>
>
> [...]
>
>> +
>> #ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES
>> static inline unsigned long kvm_get_memory_attributes(struct kvm *kvm, gfn_t gfn)
>> {
>> @@ -2515,10 +2524,30 @@ bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm,
>> bool kvm_arch_post_set_memory_attributes(struct kvm *kvm,
>> struct kvm_gfn_range *range);
>>
>> +/*
>> + * Returns true if the given gfn's private/shared status (in the CoCo sense) is
>> + * private.
>> + *
>> + * A return value of false indicates that the gfn is explicitly or implicity
>
> s/implicity/implicitly/
>
Thanks!
>> + * shared (i.e., non-CoCo VMs).
>> + */
>> static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn)
>> {
>> - return IS_ENABLED(CONFIG_KVM_GMEM) &&
>> - kvm_get_memory_attributes(kvm, gfn) & KVM_MEMORY_ATTRIBUTE_PRIVATE;
>> + struct kvm_memory_slot *slot;
>> +
>> + if (!IS_ENABLED(CONFIG_KVM_GMEM))
>> + return false;
>> +
>> + slot = gfn_to_memslot(kvm, gfn);
>> + if (kvm_slot_has_gmem(slot) && kvm_gmem_memslot_supports_shared(slot)) {
>> + /*
>> + * For now, memslots only support in-place shared memory if the
>> + * host is allowed to mmap memory (i.e., non-Coco VMs).
>> + */
>
> Not accurate: there is no in-place conversion support in this series,
> because there is no such itnerface. So the reason is that all memory is
> shared for there VM types?
>
True that there's no in-place conversion yet.
In this patch series, guest_memfd memslots support shared memory only
for specific VM types (on x86, that would be KVM_X86_DEFAULT_VM and
KVM_X86_SW_PROTECTED_VMs).
How about this wording:
Without conversion support, if the guest_memfd memslot supports shared
memory, all memory must be used as not private (implicitly shared).
>> + return false;
>> + }
>> +
>> + return kvm_get_memory_attributes(kvm, gfn) & KVM_MEMORY_ATTRIBUTE_PRIVATE;
>> }
>> #else
>> static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn)
>> diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
>> index 2f499021df66..fe0245335c96 100644
>> --- a/virt/kvm/guest_memfd.c
>> +++ b/virt/kvm/guest_memfd.c
>> @@ -388,6 +388,23 @@ static int kvm_gmem_mmap(struct file *file, struct vm_area_struct *vma)
>>
>> return 0;
>> }
>> +
>> +bool kvm_gmem_memslot_supports_shared(const struct kvm_memory_slot *slot)
>> +{
>> + struct file *file;
>> + bool ret;
>> +
>> + file = kvm_gmem_get_file((struct kvm_memory_slot *)slot);
>> + if (!file)
>> + return false;
>> +
>> + ret = kvm_gmem_supports_shared(file_inode(file));
>> +
>> + fput(file);
>> + return ret;
>
> Would it make sense to cache that information in the memslot, to avoid
> the get/put?
>
> We could simply cache when creating the memslot I guess.
>
When I wrote it I was assuming that to ensure correctness we should
check with guest memfd, like what if someone closed the gmem file in the
middle of the fault path?
But I guess after the discussion at the last call, since the faulting
process is long and racy, if this check passed and we go to guest memfd
and the file was closed, it would just fail so I guess caching is fine.
> As an alternative ... could we simple get/put when managing the memslot?
What does a simple get/put mean here?
next prev parent reply other threads:[~2025-05-22 0:40 UTC|newest]
Thread overview: 88+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 16:34 [PATCH v9 00/17] KVM: Mapping guest_memfd backed memory at the host for software protected VMs Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 01/17] KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM Fuad Tabba
2025-05-21 7:14 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 02/17] KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to CONFIG_KVM_GENERIC_GMEM_POPULATE Fuad Tabba
2025-05-13 21:56 ` Ira Weiny
2025-05-21 7:14 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 03/17] KVM: Rename kvm_arch_has_private_mem() to kvm_arch_supports_gmem() Fuad Tabba
2025-05-21 7:15 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 04/17] KVM: x86: Rename kvm->arch.has_private_mem to kvm->arch.supports_gmem Fuad Tabba
2025-05-21 7:15 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 05/17] KVM: Rename kvm_slot_can_be_private() to kvm_slot_has_gmem() Fuad Tabba
2025-05-21 7:16 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 06/17] KVM: Fix comments that refer to slots_lock Fuad Tabba
2025-05-21 7:16 ` Gavin Shan
2025-05-13 16:34 ` [PATCH v9 07/17] KVM: guest_memfd: Allow host to map guest_memfd() pages Fuad Tabba
2025-05-13 18:37 ` Ackerley Tng
2025-05-16 19:21 ` James Houghton
2025-05-18 15:17 ` Fuad Tabba
2025-05-21 7:36 ` David Hildenbrand
2025-05-14 8:03 ` Shivank Garg
2025-05-14 9:45 ` Fuad Tabba
2025-05-14 10:07 ` Roy, Patrick
2025-05-14 11:30 ` Fuad Tabba
2025-05-14 20:40 ` James Houghton
2025-05-15 7:25 ` Fuad Tabba
2025-05-15 23:42 ` Gavin Shan
2025-05-16 7:31 ` Fuad Tabba
2025-05-16 6:08 ` Gavin Shan
2025-05-16 7:56 ` Fuad Tabba
2025-05-16 11:12 ` Gavin Shan
2025-05-16 14:20 ` Fuad Tabba
2025-05-21 7:41 ` David Hildenbrand
2025-05-13 16:34 ` [PATCH v9 08/17] KVM: guest_memfd: Check that userspace_addr and fd+offset refer to same range Fuad Tabba
2025-05-13 20:30 ` James Houghton
2025-05-14 7:33 ` Fuad Tabba
2025-05-14 13:32 ` Sean Christopherson
2025-05-14 13:47 ` Ackerley Tng
2025-05-14 13:52 ` Sean Christopherson
2025-05-14 17:39 ` David Hildenbrand
2025-05-13 16:34 ` [PATCH v9 09/17] KVM: x86/mmu: Handle guest page faults for guest_memfd with shared memory Fuad Tabba
2025-05-21 7:48 ` David Hildenbrand
2025-05-22 0:40 ` Ackerley Tng [this message]
2025-05-22 7:16 ` David Hildenbrand
2025-05-22 7:46 ` Fuad Tabba
2025-05-22 8:14 ` David Hildenbrand
2025-05-22 10:24 ` Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 10/17] KVM: x86: Compute max_mapping_level with input from guest_memfd Fuad Tabba
2025-05-14 7:13 ` Shivank Garg
2025-05-14 7:24 ` Fuad Tabba
2025-05-14 15:27 ` kernel test robot
2025-05-21 8:01 ` David Hildenbrand
2025-05-22 0:45 ` Ackerley Tng
2025-05-22 13:22 ` Sean Christopherson
2025-05-22 13:49 ` David Hildenbrand
2025-05-22 7:22 ` Fuad Tabba
2025-05-22 8:56 ` David Hildenbrand
2025-05-22 9:34 ` Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 11/17] KVM: arm64: Refactor user_mem_abort() calculation of force_pte Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 12/17] KVM: arm64: Rename variables in user_mem_abort() Fuad Tabba
2025-05-21 2:25 ` Gavin Shan
2025-05-21 9:57 ` Fuad Tabba
2025-05-21 8:02 ` David Hildenbrand
2025-05-13 16:34 ` [PATCH v9 13/17] KVM: arm64: Handle guest_memfd()-backed guest page faults Fuad Tabba
2025-05-14 21:26 ` James Houghton
2025-05-15 9:27 ` Fuad Tabba
2025-05-21 8:04 ` David Hildenbrand
2025-05-21 11:10 ` Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 14/17] KVM: arm64: Enable mapping guest_memfd in arm64 Fuad Tabba
2025-05-15 23:50 ` James Houghton
2025-05-16 7:07 ` Fuad Tabba
2025-05-21 8:05 ` David Hildenbrand
2025-05-21 10:12 ` Fuad Tabba
2025-05-21 10:26 ` David Hildenbrand
2025-05-21 10:29 ` Fuad Tabba
2025-05-21 12:44 ` David Hildenbrand
2025-05-21 13:15 ` Fuad Tabba
2025-05-21 13:21 ` David Hildenbrand
2025-05-21 13:32 ` Fuad Tabba
2025-05-21 13:45 ` David Hildenbrand
2025-05-21 14:14 ` Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 15/17] KVM: Introduce the KVM capability KVM_CAP_GMEM_SHARED_MEM Fuad Tabba
2025-05-21 2:46 ` Gavin Shan
2025-05-21 8:24 ` Fuad Tabba
2025-05-21 8:06 ` David Hildenbrand
2025-05-13 16:34 ` [PATCH v9 16/17] KVM: selftests: guest_memfd mmap() test when mapping is allowed Fuad Tabba
2025-05-21 6:53 ` Gavin Shan
2025-05-21 9:38 ` Fuad Tabba
2025-05-13 16:34 ` [PATCH v9 17/17] KVM: selftests: Test guest_memfd same-range validation Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=diqzfrgx8olt.fsf@ackerleytng-ctop.c.googlers.com \
--to=ackerleytng@google.com \
--cc=akpm@linux-foundation.org \
--cc=amoorthy@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chenhuacai@kernel.org \
--cc=david@redhat.com \
--cc=dmatlack@google.com \
--cc=fvdl@google.com \
--cc=hch@infradead.org \
--cc=hughd@google.com \
--cc=ira.weiny@intel.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=james.morse@arm.com \
--cc=jarkko@kernel.org \
--cc=jgg@nvidia.com \
--cc=jhubbard@nvidia.com \
--cc=jthoughton@google.com \
--cc=keirf@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=liam.merwick@oracle.com \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mail@maciej.szmigiero.name \
--cc=maz@kernel.org \
--cc=mic@digikod.net \
--cc=michael.roth@amd.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=pankaj.gupta@amd.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qperret@google.com \
--cc=quic_cvanscha@quicinc.com \
--cc=quic_eberman@quicinc.com \
--cc=quic_mnalajal@quicinc.com \
--cc=quic_pderrin@quicinc.com \
--cc=quic_pheragu@quicinc.com \
--cc=quic_svaddagi@quicinc.com \
--cc=quic_tsoni@quicinc.com \
--cc=rientjes@google.com \
--cc=roypat@amazon.co.uk \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=tabba@google.com \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=wei.w.wang@intel.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox