From patchwork Fri Mar 28 15:31:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 14032171 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D14E2C28B20 for ; Fri, 28 Mar 2025 15:31:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A621D28014D; Fri, 28 Mar 2025 11:31:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A1119280148; Fri, 28 Mar 2025 11:31:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8B40828014D; Fri, 28 Mar 2025 11:31:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 2B6EE280148 for ; Fri, 28 Mar 2025 11:31:39 -0400 (EDT) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 8BCA91C7F00 for ; Fri, 28 Mar 2025 15:31:39 +0000 (UTC) X-FDA: 83271349518.17.C199ECA Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf06.hostedemail.com (Postfix) with ESMTP id 2573F18000A for ; Fri, 28 Mar 2025 15:31:36 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ZjwKMmNX; spf=pass (imf06.hostedemail.com: domain of 318DmZwUKCDopWXXWckkcha.Ykihejqt-iigrWYg.knc@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=318DmZwUKCDopWXXWckkcha.Ykihejqt-iigrWYg.knc@flex--tabba.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1743175897; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=WH/C05nvDNqMnE3kS0mS/gTslSRnvh3DBqNQsX8ayiE=; b=fHKH/URVTkUjoaOn6p22jlDvpxcs5Sf1ktkrX8V+k1OVuC3CX9G8mNEtDzwz85JpyFvc9p cjk2jhweX4/6nmEPRThr3z241viF5gKPvpkJyrbdgijLGFilLOdwDBe2YupgQSdltzRbsu j+yQWATOavspRQawa2XcYj+6QNIa/FQ= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1743175897; a=rsa-sha256; cv=none; b=3c1tFX2uSZ7c6cmH5IRN7B2DkLI4oXlILy1AmA05R0XFMnOweMRdWVWxYzYcuPMy09wWKQ u878rVAfZ2Zbb16ESG4Uab+x1dX3QNxB7t/CI1RwjwvLyzukeOAJST/GLu6gigXOSmknHH KzCYheamrCWshI5KKErV9kcODB1bSTg= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ZjwKMmNX; spf=pass (imf06.hostedemail.com: domain of 318DmZwUKCDopWXXWckkcha.Ykihejqt-iigrWYg.knc@flex--tabba.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=318DmZwUKCDopWXXWckkcha.Ykihejqt-iigrWYg.knc@flex--tabba.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43ab5baf62cso15958215e9.0 for ; Fri, 28 Mar 2025 08:31:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1743175895; x=1743780695; darn=kvack.org; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=WH/C05nvDNqMnE3kS0mS/gTslSRnvh3DBqNQsX8ayiE=; b=ZjwKMmNXuRfU5/4agW9rh8/6/wGDpuzk7AqZrYc51vi20k8n+Agbd4UbShIDqYq60n GJtquT6bFxCxzh66tohE3Cv2Z0Gk15xGnOB9Qi/qvhy/D/2VWbT2Fu5gZarYeCxcPIXV JmLclU1jyU0mTyZAfH0ME3KCnWGJjBdn4VqzWw2tXNHUYm/ebqRXug5xe9u6Rln+4dnm HNcwUsMt2yMyh0XOSsXfUyzuDatyx59DZQ5I6n5vJQo0Uxd8sKjS/O01VFgT3PDZ3+lS 3Xzqsr9GHFuM7OXX89W77X8QyWdMaqPw6/OKz5jBiwN40rbxNi9KND3VU2Vx2gL8SGQu SjLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743175895; x=1743780695; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=WH/C05nvDNqMnE3kS0mS/gTslSRnvh3DBqNQsX8ayiE=; b=aUooLU2E+XoRvupqpeDyhcj639bRJyIbQ04WesAM1FK1Lg8N8fWyX+bGA/bv708NYS rB+0Eh3NujJ8XuTannNbQdCL6p8knm94z3QJQK9SMj9qaP4LeQW+BEhpCv7W+JRbDCXa DsX4ONuZE6NvG6TlPye3M4I5OudAq4wPz2z1oGwYH7fp8I9mDjrsZgXKGx3ER/g5Yxak BvhE11feA25PE0r7jtg6DzMh5cscnXn1Yr2t3LmF6rmfxE/J/YIFg615gT4zUw14uNpL CkblBy0tX2rumdvZabWWUXpviAh3dICvkzIov0MmBjSNob1BR/o6AEsFjWXKMdfSM1yt LYjg== X-Forwarded-Encrypted: i=1; AJvYcCX3VoFwMH14NwSR6laFWgeUm/15C49x8fWICCKOBf+xS1+jArWRWLdQNeSoRO9s3krCKb2hJV/ZlQ==@kvack.org X-Gm-Message-State: AOJu0Yw/VnJwlaoUny5CWkiglU7PBgOpE1i78W0RkuQP1tVXvHLAZrlY ZHkumcDDjYhCAcmSyVQfMn4JMqI3kLxObKMnf/ZOXPNQ6UYeYo5qw0LOCvijSxX6nKatPC/L4Q= = X-Google-Smtp-Source: AGHT+IEklU/ZV+hKzr9cbGA3y+PEsrGla1v/uPYOXg27lpCKZhOozAIPswwosIyxAl/R6E8+WUPR1Ll4gg== X-Received: from wrwl7.prod.google.com ([2002:a5d:6747:0:b0:391:4172:373f]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:598d:0:b0:394:ef93:9afc with SMTP id ffacd0b85a97d-39ad1741b23mr7586212f8f.18.1743175895094; Fri, 28 Mar 2025 08:31:35 -0700 (PDT) Date: Fri, 28 Mar 2025 15:31:26 +0000 Mime-Version: 1.0 X-Mailer: git-send-email 2.49.0.472.ge94155a9ec-goog Message-ID: <20250328153133.3504118-1-tabba@google.com> Subject: [PATCH v7 0/7] KVM: Restricted mapping of guest_memfd at the host and arm64 support From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, peterx@redhat.com, pankaj.gupta@amd.com, tabba@google.com X-Stat-Signature: fexg6witoc41agyn4smysq1fweg543eh X-Rspam-User: X-Rspamd-Queue-Id: 2573F18000A X-Rspamd-Server: rspam08 X-HE-Tag: 1743175896-41425 X-HE-Meta: U2FsdGVkX19xF7YTfWlxGS/bfdWHw9doGgzkw5Mc7Ju++2bXFOSekoLgSeZgOoKU/os1ZtYlif0eLSikP8ZAKQbJKABZbKxmnc9kJcEja1xZQ0GTFKbwbGm8dZjGYogH/F1gFED8nlKPv0mi20ILAFeD8asuyhC4+q0vqyCxjkgIraey19HgiAJEeImRU5MstKq5YwKVpOm9SIqSbLSaBR2oat8a+q4gbVVPuk+PLaK0EJuWPQrbHxSDZ3Ltfyi3z+M9bVe4lTLrEFAuh+is5XL/QfKkXXfUEMCKtr0hO8ogWIPgozPkazH2w2gFFtWLUEzU3+EdIW4GR8ncHY+GJTzH+0IgCTIjZt3N8zIia3NdvgnxTO/lyATGSyArTLfzxwT0CA2I/AMfZ5ekNoZk6zXx1MrMLKGlSIaq0EzYF7MMFFcBmAB61HwnVCDuwVCWynqnbN7Hbhxjt8wWyZ02xOQ3UlvbxhOwJXEoSRkTNd/KeFEKF3VRaLyJS7+NoW8niIkl1x4EC2cefCS6l+9KsZoICjGBB+w2VVCEtE27jAFSUo0xB7qn7YasfisK3bsb5Jfw0fBptS2eEogmrTSCakXJqYg5sCvpk/Z49cPi2o9lhZi+uJifU5P9JJste0GygujUubU4rqvDrig4dXvqQjbGyIQqUxwAQmGzJgySMCizZez/ZtMu6HDPxlyjRr5tan4GP7PNRkgsFBAQP4gD+ZDV8qUnjSDGCTTMNO/G/FjQ9Fl0SCII4T9jtyZQF/UHwmgnHTBpfXgnpkjdYKyaFTPmbT54JH0nO68WxdKPGNE3AbMMQj378yDfNefSiGqUPzp0uxosaFa8lWBOniXRPDEC9i5lJCuHuD0t1iw5/ybJu/g/DLMng2ZkV+6e3iR/i4FyjRalqjQBvnkcwOwDt6i8yKzBuiq48VSF6K40CmOqCC/jlosSq44DB8VJFAI3LhXHS8AGefX17BPemIT vOw1dAsD k8nj4fqLT1X8TIvbJFyqBc6YFe+UIfftcUhiTb/B5aLG+cmEnxi2A1gvMXdn+OuYdISCticfPgrnc249doBxGyRzGR8ss3tNQBubG5vGFN6dYysPDmNqH25Py8TmIzVFMINpWTXKlCKg1Um3SDpONfa4ra8h1Q08e2Xr1y4Kny3Hjfkmf4yD4hkmjEvhGw7LUXSMmKz94ZXoP/8CTMj9WpckUDbgX6qXZpJ9JvgaiGIO+JpCBa8n/7i2RBWOg9QQjObe7dD6j3tNiMVPKV7wW85DsbHsq4FqoyYu1p8A8YW20bjt1g/wwZurWbDqGfWiTfVaaw46IGzymP/vLXQJXUixtbNLAGYyMPCmz0WZQrOEsbdx+VzGsbMnzsVKQcscqrXE1WSYrJ4MUl4rMolJLjK0z7WkyyFWL4BukWYaD1QVeU1p+trbS/aIDVz3pjjL5+4ryUHX1zMX7AUfHPv3Mw6bcds0zc10g9XBODyk3TmbL8J6kj3GXJv4mF78v3szrS8oGRFh+Ut0GavjvKSXAoi/uYfeBrYHDeMHLrYzO5/nugeMQPBVo3rKOsSIei9SanBDjlR8MlpXH7rgZ2TBO9OE0m9icmECcjALc0Sr62ZMg3a5VVzPvrp0aXthn20jLJ3vGYB/TV/NXfsrCtEfTpWG6ODKgAhp7+VOeVaAhNGiCF5aT/d8jH9McSkoOZR9FjsXrvNVV09FPpgHLxa+SUapacnLTd7eCAj6dnwurmdtmQFJT65XLPSJe+tezNX8QlAJ/ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000159, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This series adds restricted mmap() support to guest_memfd, as well as support for guest_memfd on arm64. Please see v3 for the context [1]. Main change since v6 [2]: Protected the shared_offsets array with a rwlock instead of hopping on the invalidate_lock. The main reason for this is that the final put callback (kvm_gmem_handle_folio_put()) could be called from an atomic context, and the invalidate_lock is an rw_semaphore (Vishal). The other reason is, in hindsight, it didn't make sense to use the invalidate_lock since they're not quite protecting the same thing. I did consider using the folio lock to implicitly protect the array, and even have another series that does that. The result was more complicated, and not obviously race free. One of the difficulties with relying on the folio lock is that there are cases (e.g., on initilization and teardown) when we want to toggle the state of an offset that doesn't have a folio in the cache. We could special case these, but the result was more complicated (and to me not obviously better) than adding a separate lock for the shared_offsets array. Based on the `KVM: Mapping guest_memfd backed memory at the host for software protected VMs` series [3], which in turn is based on Linux 6.14-rc7. The state diagram that uses the new states in this patch series, and how they would interact with sharing/unsharing in pKVM [4]. Cheers, /fuad [1] https://lore.kernel.org/all/20241010085930.1546800-1-tabba@google.com/ [2] https://lore.kernel.org/all/20250318162046.4016367-1-tabba@google.com/ [3] https://lore.kernel.org/all/20250318161823.4005529-1-tabba@google.com/ [4] https://lpc.events/event/18/contributions/1758/attachments/1457/3699/Guestmemfd%20folio%20state%20page_type.pdf Ackerley Tng (2): KVM: guest_memfd: Make guest mem use guest mem inodes instead of anonymous inodes KVM: guest_memfd: Track folio sharing within a struct kvm_gmem_private Fuad Tabba (5): KVM: guest_memfd: Introduce kvm_gmem_get_pfn_locked(), which retains the folio lock KVM: guest_memfd: Folio sharing states and functions that manage their transition KVM: guest_memfd: Restore folio state after final folio_put() KVM: guest_memfd: Handle invalidation of shared memory KVM: guest_memfd: Add a guest_memfd() flag to initialize it as shared Documentation/virt/kvm/api.rst | 4 + include/linux/kvm_host.h | 56 +- include/uapi/linux/kvm.h | 1 + include/uapi/linux/magic.h | 1 + .../testing/selftests/kvm/guest_memfd_test.c | 7 +- virt/kvm/guest_memfd.c | 613 +++++++++++++++++- virt/kvm/kvm_main.c | 62 ++ 7 files changed, 706 insertions(+), 38 deletions(-) base-commit: 62aff24816ac463bf3f754a15b2e7cdff59976ea