| Message ID | 20241010085930.1546800-7-tabba@google.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | KVM: Restricted mapping of guest_memfd at the host and arm64 support | expand |
Hi Fuad On 10/10/2024 09:59, Fuad Tabba wrote: > Add the KVM capability KVM_CAP_GUEST_MEMFD_MAPPABLE, which is > true if mapping guest memory is supported by the host. > > Signed-off-by: Fuad Tabba <tabba@google.com> > --- > include/uapi/linux/kvm.h | 1 + > virt/kvm/kvm_main.c | 4 ++++ > 2 files changed, 5 insertions(+) > > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index 637efc055145..2c6057bab71c 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -933,6 +933,7 @@ struct kvm_enable_cap { > #define KVM_CAP_PRE_FAULT_MEMORY 236 > #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 > #define KVM_CAP_X86_GUEST_MODE 238 > +#define KVM_CAP_GUEST_MEMFD_MAPPABLE 239 > > struct kvm_irq_routing_irqchip { > __u32 irqchip; > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index 77e6412034b9..c2ff09197795 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -5176,6 +5176,10 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg) > #ifdef CONFIG_KVM_PRIVATE_MEM > case KVM_CAP_GUEST_MEMFD: > return !kvm || kvm_arch_has_private_mem(kvm); > +#endif > +#ifdef CONFIG_KVM_GMEM_MAPPABLE > + case KVM_CAP_GUEST_MEMFD_MAPPABLE: > + return !kvm || kvm_arch_has_private_mem(kvm); minor nit: Keying this on whether the "kvm" instance has private mem may not be flexible enough to support other types of CC guest that may use guestmem, but not "mappable" memory. e.g. CCA may not support "mappable", unless we have a way to explicitly pass down "you can map a shared page from the guest_memfd, but it is not sharable in place". We could solve it when we get there, but it might be worth considering. Suzuki > #endif > default: > break; IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Suzuki, On Tue, 15 Oct 2024 at 11:30, Suzuki K Poulose <suzuki.poulose@arm.com> wrote: > > Hi Fuad > > On 10/10/2024 09:59, Fuad Tabba wrote: > > Add the KVM capability KVM_CAP_GUEST_MEMFD_MAPPABLE, which is > > true if mapping guest memory is supported by the host. > > > > Signed-off-by: Fuad Tabba <tabba@google.com> > > --- > > include/uapi/linux/kvm.h | 1 + > > virt/kvm/kvm_main.c | 4 ++++ > > 2 files changed, 5 insertions(+) > > > > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > > index 637efc055145..2c6057bab71c 100644 > > --- a/include/uapi/linux/kvm.h > > +++ b/include/uapi/linux/kvm.h > > @@ -933,6 +933,7 @@ struct kvm_enable_cap { > > #define KVM_CAP_PRE_FAULT_MEMORY 236 > > #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 > > #define KVM_CAP_X86_GUEST_MODE 238 > > +#define KVM_CAP_GUEST_MEMFD_MAPPABLE 239 > > > > struct kvm_irq_routing_irqchip { > > __u32 irqchip; > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > index 77e6412034b9..c2ff09197795 100644 > > --- a/virt/kvm/kvm_main.c > > +++ b/virt/kvm/kvm_main.c > > @@ -5176,6 +5176,10 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg) > > #ifdef CONFIG_KVM_PRIVATE_MEM > > case KVM_CAP_GUEST_MEMFD: > > return !kvm || kvm_arch_has_private_mem(kvm); > > +#endif > > +#ifdef CONFIG_KVM_GMEM_MAPPABLE > > + case KVM_CAP_GUEST_MEMFD_MAPPABLE: > > + return !kvm || kvm_arch_has_private_mem(kvm); > > minor nit: Keying this on whether the "kvm" instance has private mem > may not be flexible enough to support other types of CC guest that > may use guestmem, but not "mappable" memory. e.g. CCA may not > support "mappable", unless we have a way to explicitly pass down > "you can map a shared page from the guest_memfd, but it is not > sharable in place". > > We could solve it when we get there, but it might be worth > considering. I did consider that, but I assumed that the configuration option would be sufficient. Otherwise, we could make it dependent on the VM type. Cheers, /fuad > Suzuki > > > > > > #endif > > default: > > break; > > IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 637efc055145..2c6057bab71c 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -933,6 +933,7 @@ struct kvm_enable_cap { #define KVM_CAP_PRE_FAULT_MEMORY 236 #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 #define KVM_CAP_X86_GUEST_MODE 238 +#define KVM_CAP_GUEST_MEMFD_MAPPABLE 239 struct kvm_irq_routing_irqchip { __u32 irqchip; diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 77e6412034b9..c2ff09197795 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -5176,6 +5176,10 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg) #ifdef CONFIG_KVM_PRIVATE_MEM case KVM_CAP_GUEST_MEMFD: return !kvm || kvm_arch_has_private_mem(kvm); +#endif +#ifdef CONFIG_KVM_GMEM_MAPPABLE + case KVM_CAP_GUEST_MEMFD_MAPPABLE: + return !kvm || kvm_arch_has_private_mem(kvm); #endif default: break;
Add the KVM capability KVM_CAP_GUEST_MEMFD_MAPPABLE, which is true if mapping guest memory is supported by the host. Signed-off-by: Fuad Tabba <tabba@google.com> --- include/uapi/linux/kvm.h | 1 + virt/kvm/kvm_main.c | 4 ++++ 2 files changed, 5 insertions(+)