[RFC,0/5] KVM: guest_memfd: support for uffd missing

Message ID	20250303133011.44095-1-kalyazin@amazon.com (mailing list archive)
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Nikita Kalyazin <kalyazin@amazon.com> To: <akpm@linux-foundation.org>, <pbonzini@redhat.com>, <shuah@kernel.org> CC: <kvm@vger.kernel.org>, <linux-kselftest@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>, <lorenzo.stoakes@oracle.com>, <david@redhat.com>, <ryan.roberts@arm.com>, <quic_eberman@quicinc.com>, <jthoughton@google.com>, <peterx@redhat.com>, <graf@amazon.de>, <jgowans@amazon.com>, <roypat@amazon.co.uk>, <derekmn@amazon.com>, <nsaenz@amazon.es>, <xmarcalx@amazon.com>, <kalyazin@amazon.com> Subject: [RFC PATCH 0/5] KVM: guest_memfd: support for uffd missing Date: Mon, 3 Mar 2025 13:30:06 +0000 Message-ID: <20250303133011.44095-1-kalyazin@amazon.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	KVM: guest_memfd: support for uffd missing \| expand [RFC,0/5] KVM: guest_memfd: support for uffd missing [RFC,1/5] KVM: guest_memfd: add kvm_gmem_vma_is_gmem [RFC,2/5] KVM: guest_memfd: add support for uffd missing [RFC,3/5] mm: userfaultfd: allow to register userfaultfd for guest_memfd [RFC,4/5] mm: userfaultfd: support continue for guest_memfd [RFC,5/5] KVM: selftests: add uffd missing test for guest_memfd

Message ID

20250303133011.44095-1-kalyazin@amazon.com (mailing list archive)

Headers

From: Nikita Kalyazin <kalyazin@amazon.com>
To: <akpm@linux-foundation.org>, <pbonzini@redhat.com>, <shuah@kernel.org>
CC: <kvm@vger.kernel.org>, <linux-kselftest@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <linux-mm@kvack.org>,
	<lorenzo.stoakes@oracle.com>, <david@redhat.com>, <ryan.roberts@arm.com>,
	<quic_eberman@quicinc.com>, <jthoughton@google.com>, <peterx@redhat.com>,
	<graf@amazon.de>, <jgowans@amazon.com>, <roypat@amazon.co.uk>,
	<derekmn@amazon.com>, <nsaenz@amazon.es>, <xmarcalx@amazon.com>,
	<kalyazin@amazon.com>
Subject: [RFC PATCH 0/5] KVM: guest_memfd: support for uffd missing
Date: Mon, 3 Mar 2025 13:30:06 +0000
Message-ID: <20250303133011.44095-1-kalyazin@amazon.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

KVM: guest_memfd: support for uffd missing | expand

Message

Nikita Kalyazin March 3, 2025, 1:30 p.m. UTC

This series is built on top of the v3 write syscall support [1].

With James's KVM userfault [2], it is possible to handle stage-2 faults
in guest_memfd in userspace.  However, KVM itself also triggers faults
in guest_memfd in some cases, for example: PV interfaces like kvmclock,
PV EOI and page table walking code when fetching the MMIO instruction on
x86.  It was agreed in the guest_memfd upstream call on 23 Jan 2025 [3]
that KVM would be accessing those pages via userspace page tables.  In
order for such faults to be handled in userspace, guest_memfd needs to
support userfaultfd.

This series proposes a limited support for userfaultfd in guest_memfd:
 - userfaultfd support is conditional to `CONFIG_KVM_GMEM_SHARED_MEM`
   (as is fault support in general)
 - Only `page missing` event is currently supported
 - Userspace is supposed to respond to the event with the `write`
   syscall followed by `UFFDIO_CONTINUE` ioctl to unblock the faulting
   process.   Note that we can't use `UFFDIO_COPY` here because
   userfaulfd code does not know how to prepare guest_memfd pages, eg
   remove them from direct map [4].

Not included in this series:
 - Proper interface for userfaultfd to recognise guest_memfd mappings
 - Proper handling of truncation cases after locking the page

Request for comments:
 - Is it a sensible workflow for guest_memfd to resolve a userfault
   `page missing` event with `write` syscall + `UFFDIO_CONTINUE`?  One
   of the alternatives is teaching `UFFDIO_COPY` how to deal with
   guest_memfd pages.
 - What is a way forward to make userfaultfd code aware of guest_memfd?
   I saw that Patrick hit a somewhat similar problem in [5] when trying
   to use direct map manipulation functions in KVM and was pointed by
   David at Elliot's guestmem library [6] that might include a shim for that.
   Would the library be the right place to expose required interfaces like
   `vma_is_gmem`?

Nikita

[1] https://lore.kernel.org/kvm/20250303130838.28812-1-kalyazin@amazon.com/T/
[2] https://lore.kernel.org/kvm/20250109204929.1106563-1-jthoughton@google.com/T/
[3] https://docs.google.com/document/d/1M6766BzdY1Lhk7LiR5IqVR8B8mG3cr-cxTxOrAosPOk/edit?tab=t.0#heading=h.w1126rgli5e3
[4] https://lore.kernel.org/kvm/20250221160728.1584559-1-roypat@amazon.co.uk/T/
[4] https://lore.kernel.org/kvm/20250221160728.1584559-1-roypat@amazon.co.uk/T/#ma130b29c130dbdc894aa08d8d56c16ec383f36dd
[5] https://lore.kernel.org/kvm/20241122-guestmem-library-v5-2-450e92951a15@quicinc.com/T/

Nikita Kalyazin (5):
  KVM: guest_memfd: add kvm_gmem_vma_is_gmem
  KVM: guest_memfd: add support for uffd missing
  mm: userfaultfd: allow to register userfaultfd for guest_memfd
  mm: userfaultfd: support continue for guest_memfd
  KVM: selftests: add uffd missing test for guest_memfd

 include/linux/userfaultfd_k.h                 |  9 ++
 mm/userfaultfd.c                              | 23 ++++-
 .../testing/selftests/kvm/guest_memfd_test.c  | 88 +++++++++++++++++++
 virt/kvm/guest_memfd.c                        | 17 +++-
 virt/kvm/kvm_mm.h                             |  1 +
 5 files changed, 136 insertions(+), 2 deletions(-)


base-commit: 592e7531753dc4b711f96cd1daf808fd493d3223

Comments

Peter Xu March 3, 2025, 9:29 p.m. UTC | #1

On Mon, Mar 03, 2025 at 01:30:06PM +0000, Nikita Kalyazin wrote:
> This series is built on top of the v3 write syscall support [1].
> 
> With James's KVM userfault [2], it is possible to handle stage-2 faults
> in guest_memfd in userspace.  However, KVM itself also triggers faults
> in guest_memfd in some cases, for example: PV interfaces like kvmclock,
> PV EOI and page table walking code when fetching the MMIO instruction on
> x86.  It was agreed in the guest_memfd upstream call on 23 Jan 2025 [3]
> that KVM would be accessing those pages via userspace page tables.  In
> order for such faults to be handled in userspace, guest_memfd needs to
> support userfaultfd.
> 
> This series proposes a limited support for userfaultfd in guest_memfd:
>  - userfaultfd support is conditional to `CONFIG_KVM_GMEM_SHARED_MEM`
>    (as is fault support in general)
>  - Only `page missing` event is currently supported
>  - Userspace is supposed to respond to the event with the `write`
>    syscall followed by `UFFDIO_CONTINUE` ioctl to unblock the faulting
>    process.   Note that we can't use `UFFDIO_COPY` here because
>    userfaulfd code does not know how to prepare guest_memfd pages, eg
>    remove them from direct map [4].
> 
> Not included in this series:
>  - Proper interface for userfaultfd to recognise guest_memfd mappings
>  - Proper handling of truncation cases after locking the page
> 
> Request for comments:
>  - Is it a sensible workflow for guest_memfd to resolve a userfault
>    `page missing` event with `write` syscall + `UFFDIO_CONTINUE`?  One
>    of the alternatives is teaching `UFFDIO_COPY` how to deal with
>    guest_memfd pages.

Probably not..  I don't see what protects a thread fault concurrently
during write() happening, seeing partial data.  Since you check the page
cache it'll let it pass, but the partial page will be faulted in there.

I think we may need to either go with full MISSING or full MINOR traps.

One thing to mention is we probably need MINOR sooner or later to support
gmem huge pages.  The thing is for huge folios in gmem we can't rely on
missing in page cache, as we always need to allocate in hugetlb sizes.

>  - What is a way forward to make userfaultfd code aware of guest_memfd?
>    I saw that Patrick hit a somewhat similar problem in [5] when trying
>    to use direct map manipulation functions in KVM and was pointed by
>    David at Elliot's guestmem library [6] that might include a shim for that.
>    Would the library be the right place to expose required interfaces like
>    `vma_is_gmem`?

Not sure what's the best to do, but IIUC the current way this series uses
may not work as long as one tries to reference a kvm symbol from core mm..

One trick I used so far is leveraging vm_ops and provide hook function to
report specialties when it's gmem.  In general, I did not yet dare to
overload vm_area_struct, but I'm thinking maybe vm_ops is more possible to
be accepted.  E.g. something like this:

diff --git a/include/linux/mm.h b/include/linux/mm.h
index 5e742738240c..b068bb79fdbc 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -653,8 +653,26 @@ struct vm_operations_struct {
         */
        struct page *(*find_special_page)(struct vm_area_struct *vma,
                                          unsigned long addr);
+       /*
+        * When set, return the allowed orders bitmask in faults of mmap()
+        * ranges (e.g. for follow up huge_fault() processing).  Drivers
+        * can use this to bypass THP setups for specific types of VMAs.
+        */
+       unsigned long (*get_supported_orders)(struct vm_area_struct *vma);
 };
 
+static inline bool vma_has_supported_orders(struct vm_area_struct *vma)
+{
+       return vma->vm_ops && vma->vm_ops->get_supported_orders;
+}
+
+static inline unsigned long vma_get_supported_orders(struct vm_area_struct *vma)
+{
+       if (!vma_has_supported_orders(vma))
+               return 0;
+       return vma->vm_ops->get_supported_orders(vma);
+}
+

In my case I used that to allow gmem report huge page supports on faults.

Said that, above only existed in my own tree so far, so I also don't know
whether something like that could be accepted (even if it'll work for you).

Thanks,