From patchwork Thu Aug 29 22:24:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Elliot Berman <quic_eberman@quicinc.com>
X-Patchwork-Id: 13783966
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 64708CA0EC0
	for <linux-mm@archiver.kernel.org>; Thu, 29 Aug 2024 22:24:29 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B67E96B007B; Thu, 29 Aug 2024 18:24:28 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B17946B0088; Thu, 29 Aug 2024 18:24:28 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 9DF4F6B0089; Thu, 29 Aug 2024 18:24:28 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com
 [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 7AEF66B007B
	for <linux-mm@kvack.org>; Thu, 29 Aug 2024 18:24:28 -0400 (EDT)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 29918A0A2C
	for <linux-mm@kvack.org>; Thu, 29 Aug 2024 22:24:28 +0000 (UTC)
X-FDA: 82506713016.22.3A16C47
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com
 [205.220.168.131])
	by imf02.hostedemail.com (Postfix) with ESMTP id C84D58000C
	for <linux-mm@kvack.org>; Thu, 29 Aug 2024 22:24:25 +0000 (UTC)
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=C1AwnNLY;
	spf=pass (imf02.hostedemail.com: domain of quic_eberman@quicinc.com
 designates 205.220.168.131 as permitted sender)
 smtp.mailfrom=quic_eberman@quicinc.com;
	dmarc=pass (policy=none) header.from=quicinc.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hostedemail.com;
	s=arc-20220608; t=1724970147;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:in-reply-to:
	 references:dkim-signature; bh=7iq3GRLIa6xNJ+/ns9dumlS8c3TCTwTI8XA/iSqTdxI=;
	b=gRLG/RurWPEAtXfkOV79Om5ewbz7Pk8SSnWi6/JqQuxVNnoTLp5YshjTMbqimFQiKRU4Z6
	diHkECXIVOroU0j9cVAJfAITqJPEzZCNyJwftAJXWRnm2HlxEXzUGPRWn3eErMBYtViIwU
	OI/FhfLSywR8le98OTxfFORSuXu1suc=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=C1AwnNLY;
	spf=pass (imf02.hostedemail.com: domain of quic_eberman@quicinc.com
 designates 205.220.168.131 as permitted sender)
 smtp.mailfrom=quic_eberman@quicinc.com;
	dmarc=pass (policy=none) header.from=quicinc.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724970147; a=rsa-sha256;
	cv=none;
	b=e+RcIKYRUEww8D7CdfGoZahDJBgipRzBLIxHeHM3hKNK+53dcxtxAEIvuKw4/sbtUEEHR5
	LPhJEcMizzEBHQQoUq1XCYJnKCW2qAhHLDCqCEiW9QzY6tWkjmiir6TA8z8e9ngbiRr5xP
	qf8rIUiB04C80qGrTt/wsGhxGwqHQ3Q=
Received: from pps.filterd (m0279863.ppops.net [127.0.0.1])
	by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 47THchVs027493;
	Thu, 29 Aug 2024 22:24:12 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=
	cc:content-transfer-encoding:content-type:date:from:message-id
	:mime-version:subject:to; s=qcppdkim1; bh=7iq3GRLIa6xNJ+/ns9duml
	S8c3TCTwTI8XA/iSqTdxI=; b=C1AwnNLYfH58zBji0xxrjpQbVJ3DjOL3CCE86W
	QiR4/7I0yKP1GtADipPXrEhymUw+tzqmB4etl03sQwV6N4mj4iCFaEtkN0Cb9UKv
	T+7pHMdV1QKm0tCIFW7TpaJna5+ZhWp2Oqk/sWXok09clMFnCtQrY+9pjV0LKAkT
	8b9RY2s40QB1Qafa6PKjlGxERZ7Ow/Qh7/0NcBMplBiYVC9WZz/ls2mDL6d0sVnn
	winJjfGnWUfDB96FArxNxi0XrJxe358GVrvFaeNoIaMacOFallIsq7vlV05gCmPF
	vY6ypd4V7E0hZ19eP5tZxIOcLFdNvg1ecEkBD5VMI/q1Yyog==
Received: from nasanppmta05.qualcomm.com (i-global254.qualcomm.com
 [199.106.103.254])
	by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 419puvesnv-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 29 Aug 2024 22:24:12 +0000 (GMT)
Received: from nasanex01b.na.qualcomm.com (nasanex01b.na.qualcomm.com
 [10.46.141.250])
	by NASANPPMTA05.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id
 47TMOBHN014608
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Thu, 29 Aug 2024 22:24:11 GMT
Received: from hu-eberman-lv.qualcomm.com (10.49.16.6) by
 nasanex01b.na.qualcomm.com (10.46.141.250) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1544.9; Thu, 29 Aug 2024 15:24:10 -0700
From: Elliot Berman <quic_eberman@quicinc.com>
Subject: [PATCH RFC v2 0/5] mm: Introduce guest_memfd library
Date: Thu, 29 Aug 2024 15:24:08 -0700
Message-ID: <20240829-guest-memfd-lib-v2-0-b9afc1ff3656@quicinc.com>
MIME-Version: 1.0
X-B4-Tracking: v=1; b=H4sIAAj10GYC/2WNwQrCMBBEf6Xs2UiyJFY9FQQ/wKv0UJNNu2BbT
 dqilP67IVePb4Z5s0KkwBThXKwQaOHI45AAdwXYrhlaEuwSA0rUskQU7UxxEj313oknP4Q2xqN
 Wyjh9gLR6BfL8ycY73K4XqFPYcZzG8M0vi8pVFh6l+RMuSkhBpsFTo703rqzeM1se7N6OPdTbt
 v0A3eI4lrUAAAA=
To: Andrew Morton <akpm@linux-foundation.org>,
        Sean Christopherson
	<seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Thomas Gleixner
	<tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
        Borislav Petkov
	<bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Fuad Tabba
	<tabba@google.com>, David Hildenbrand <david@redhat.com>,
        Patrick Roy
	<roypat@amazon.co.uk>, <qperret@google.com>,
        Ackerley Tng
	<ackerleytng@google.com>,
        Mike Rapoport <rppt@kernel.org>, <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>
CC: <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
        <kvm@vger.kernel.org>, <linux-coco@lists.linux.dev>,
        <linux-arm-msm@vger.kernel.org>,
        Elliot Berman <quic_eberman@quicinc.com>
X-Mailer: b4 0.14.1
X-Originating-IP: [10.49.16.6]
X-ClientProxiedBy: nalasex01a.na.qualcomm.com (10.47.209.196) To
 nasanex01b.na.qualcomm.com (10.46.141.250)
X-QCInternal: smtphost
X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
 signatures=585085
X-Proofpoint-ORIG-GUID: _yYbQidiBAnKOeD_gPtq4BTytlypn2jq
X-Proofpoint-GUID: _yYbQidiBAnKOeD_gPtq4BTytlypn2jq
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16
 definitions=2024-08-29_06,2024-08-29_02,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 suspectscore=0
 mlxlogscore=797 priorityscore=1501 bulkscore=0 impostorscore=0
 adultscore=0 malwarescore=0 phishscore=0 lowpriorityscore=0 mlxscore=0
 spamscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.19.0-2407110000 definitions=main-2408290158
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: C84D58000C
X-Stat-Signature: dwn53grmdp3eg9y1ude5ytp1isrpn5q6
X-Rspam-User: 
X-HE-Tag: 1724970265-327634
X-HE-Meta: 
 U2FsdGVkX18iu04vP9XHqlMe47H16jer4u19rKqq9B0sGykY3cZLXbAkfP73IqDDaAjUu6QFflylQmf8sRMhufPOLDi6RWS22RosT9nSvFWv/uRFQiWLksLAvkVl2HLorpcC24/2Q8PN4tNwfoVfNaURGokN/e3YiSStKTPx9kLSA945UfE3LpBSoXRhXgG0jsu619e+OGjb4xm7HhMSQ4sWMxVaYcoORq1LpCCWa6Fu/RMpG7i+kBx3DztLyIDofV1SYbPxU9m1LpmMO8bZ5JOzJHSuV6po0q/1oQfulBP1OTo3s82rqEd0fXBbqlu2BT84FBT2nL7emS9XoIywG5wUobyfMF92z3lNN655x+2xurLvQ/d1UnZmYlRNmUQq3vAGkRXIcAX6bzQnxOdC4P4bZeFzgZa4lYA+K2md0xc3RPpiwRW1eG8kyJGK9njgUaGEwK0inZfF3MA+I3hC8/6trqjMjt6lP0wTMVLJcZtRyJNV6ajgMjAXnjZgr+5CZiGExUwZAgtpze1WOaMKQ36LNZZBryQhmrrv3S0nOUKfN87Khl9EiO6Zekm9jb64sfsmWLI1kNgfzlVCtT/hIV+bPDzFUbqtp2KzPW4pSp9Mvj2RzXk24JkP2zAkfr7RYQlOjTWD3CRHAYj81wGcKmMyL4aHuhv01nBVds2jxNLuo01CrUOxgQ6xsBfukuK15DhtrCC92v2UQ2gGfPTut2yTTto7K15EuA6VI4kcfhR/MTHpFUhr0Yi75AktpEAviqOP1Cj58gHsIDfQGgCmkRSoC0oZ6geqy4ru1FHEPyM77PRJRUiPdJHqMaXzgaEVXqcYepSa9uIJ/dCeUyjyYPENulBMgoF4m3vnMNqHso79nfN60be//4M73TwW58miQaLAAnYTP3PmE+l/w6bKY4HYJM45YQ9F9JR0g90cqH3zN57vLyeSsuk1ajLGQvkw1AnbYlaGLrUPf+VedPT
 8S72P/1T
 keq12ahhMCH0JK/OuW75dJc9rN2fA+gjHl+P5SLZAxLijQOqRimmPJP8K7tr5HsDWXF7+kExZqo0EKUbN+FHNNX8m0owGXVkIUcSBDHftDy/vbeLBO8ByQNhc+RvRrqBffcpfDlQnwIJh15ul/kkWREBiQVVwhECDct8zl1HG3cOHq/TvMli9ccgPUjzse0JIwdmW4U7po9XCzFVhTEB0fg5htOJB19XmvdYLYd+D9tylyQuYsh6CS4K8tuwKFWJhCFZavvDHPHdH+Im+/aixRbYRLhzcqwzBsN8srjktXILtlSYUtWyVMEbfnm97TMi3V1+tAbucOYqGuByMwp3vxSO9v65rb3Jd1UOfsaeXO9aWzvafD+5SNih4x3qBAn8qkGcCYpJo9SctjVyPEGI7N9OrjQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

In preparation for adding more features to KVM's guest_memfd, refactor
and introduce a library which abstracts some of the core-mm decisions
about managing folios associated with the file. The goal of the refactor
serves two purposes:

1. Provide an easier way to reason about memory in guest_memfd. With KVM
supporting multiple confidentiality models (TDX, SEV-SNP, pKVM, ARM
CCA), and coming support for allowing kernel and userspace to access
this memory, it seems necessary to create a stronger abstraction between
core-mm concerns and hypervisor concerns.

2. Provide a common implementation for other hypervisors (Gunyah) to use.

To create a guest_memfd, the owner provides operations to attempt to
unmap the folio and check whether a folio is accessible to the host. The
owner can call guest_memfd_make_inaccessible() to ensure Linux doesn't
have the folio mapped.

The series first introduces a guest_memfd library based on the current
KVM (next) implementation, then adds few features needed for Gunyah and
arm64 pKVM. The Gunyah usage of the series will be posted separately
shortly after sending this series. I'll work with Fuad on using the
guest_memfd library for arm64 pKVM based on the feedback received.

There are a few TODOs still pending. 
- The KVM patch isn't tested. I don't have access a SEV-SNP setup to be
  able to test.
- I've not yet investigated deeply whether having the guest_memfd
  library helps live migration. I'd appreciate any input on that part.
- We should consider consolidating the adjust_direct_map() in
  arch/x86/virt/svm/sev.c so guest_memfd can take care of it.
- There's a race possibility where the folio ref count is incremented
  and about to also increment the safe counter, but waiting for the
  folio lock to be released. The owner of folio_lock will see mismatched
  counter values and not be able to convert to (in)accessible, even
  though it should be okay to do so.
 
I'd appreciate any feedback, especially on the direction I'm taking for
tracking the (in)accessible state.

Signed-off-by: Elliot Berman <quic_eberman@quicinc.com>

Changes in v2:
- Significantly reworked to introduce "accessible" and "safe" reference
  counters
- Link to v1:
  https://lore.kernel.org/r/20240805-guest-memfd-lib-v1-0-e5a29a4ff5d7@quicinc.com
---
Elliot Berman (5):
      mm: Introduce guest_memfd
      mm: guest_memfd: Allow folios to be accessible to host
      kvm: Convert to use guest_memfd library
      mm: guest_memfd: Add ability for userspace to mmap pages
      mm: guest_memfd: Add option to remove inaccessible memory from direct map

 arch/x86/kvm/svm/sev.c      |   3 +-
 include/linux/guest_memfd.h |  49 ++++
 mm/Kconfig                  |   3 +
 mm/Makefile                 |   1 +
 mm/guest_memfd.c            | 667 ++++++++++++++++++++++++++++++++++++++++++++
 virt/kvm/Kconfig            |   1 +
 virt/kvm/guest_memfd.c      | 371 +++++-------------------
 virt/kvm/kvm_main.c         |   2 -
 virt/kvm/kvm_mm.h           |   6 -
 9 files changed, 797 insertions(+), 306 deletions(-)
---
base-commit: 5be63fc19fcaa4c236b307420483578a56986a37
change-id: 20240722-guest-memfd-lib-455f24115d46

Best regards,