From patchwork Tue Sep 10 23:44:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ackerley Tng X-Patchwork-Id: 13799503 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3143EEE01F2 for ; Tue, 10 Sep 2024 23:46:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 46F908D00E9; Tue, 10 Sep 2024 19:45:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3F61B8D00E2; Tue, 10 Sep 2024 19:45:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 24AAD8D00E9; Tue, 10 Sep 2024 19:45:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id F3A608D00E2 for ; Tue, 10 Sep 2024 19:45:27 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id B316DA91BC for ; Tue, 10 Sep 2024 23:45:27 +0000 (UTC) X-FDA: 82550462694.19.1E122BC Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) by imf19.hostedemail.com (Postfix) with ESMTP id E51241A000C for ; Tue, 10 Sep 2024 23:45:25 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=zVWvl281; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf19.hostedemail.com: domain of 3FNrgZgsKCIknpxr4yrB60tt11tyr.p1zyv07A-zzx8npx.14t@flex--ackerleytng.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3FNrgZgsKCIknpxr4yrB60tt11tyr.p1zyv07A-zzx8npx.14t@flex--ackerleytng.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726011849; a=rsa-sha256; cv=none; b=hZSAk7AukAjnIW+d+89724Aw6xHIhEWd+HIyS3MZs2aXxN2+gYWQoWf3DJEMyWdH+mEWp/ KGuUE/Fm70tw1V+UqQK9WsNiNMbXcOuK9EpRTX5C3HNJ222pIrDVc2N5QZ7Umb+KHqsbDS jIiPA4Y/ACrnfeoEdDYWFnlOjirIogI= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=zVWvl281; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf19.hostedemail.com: domain of 3FNrgZgsKCIknpxr4yrB60tt11tyr.p1zyv07A-zzx8npx.14t@flex--ackerleytng.bounces.google.com designates 209.85.128.202 as permitted sender) smtp.mailfrom=3FNrgZgsKCIknpxr4yrB60tt11tyr.p1zyv07A-zzx8npx.14t@flex--ackerleytng.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726011849; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=v3nxHl/A8XO7B4MgOY4YbNCzyESNqY5WdHlaVGBDG2E=; b=vu+Zz1a7PMog/cLLpGONROkMOyZm/rnKi7AIFZXErwD2dErpKLQ3DclRIeWIzF4XGyhxrt 1NagmOADLQ6G9HlZQ5jrR5Dz2sz/Mnw+lUwG89FH5tsHROIGuQEM5zk+ZxYBAW9M341d8V sZLTkEvzYPMhST269GTtoebfOlc9dH4= Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6d5fccc3548so6667677b3.1 for ; Tue, 10 Sep 2024 16:45:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1726011925; x=1726616725; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=v3nxHl/A8XO7B4MgOY4YbNCzyESNqY5WdHlaVGBDG2E=; b=zVWvl281L3Sn6pmXwnukGOkbg47GVhuSS3juIzRymrHpv/SnX81JuvR8eX55JY225D s/uvA3Gaa5zGeiBFX/AF+nK6epZHhwysD0UGduiTN3Kwz7yH/YMwS4BWj15Mg/AmCnkG RKN5mvfacjFPwXwkE4EwI+CrP6ZDRbdWUEfq/lQVZTyN+OeNfYUdPEh7bjQG5lXxRq1Q pq7YRs7HhCUHLp5ZjeLEgzS3x+PebL4B3PzxXPM3fuj1RdKLLmRnojeG/WaYJxeBJW3T 5eXvfOVJkVFnpAco+gXSs6FpxnBHlNnnE7CsilT6pfkssuCpXDJ2U9OuBXasxGlxdGlR yxkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726011925; x=1726616725; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=v3nxHl/A8XO7B4MgOY4YbNCzyESNqY5WdHlaVGBDG2E=; b=FH4xjKR/8t6iyktFeSwhuN3m8T7NBZCxOidD1H7fhDKIagnvTUoBuebFewFH2nSYsq JF+xaqykawr47S0lHyv8C+HEHAZ8Srk9NMKXnB8c5R3NlHOgTjWIrASHGagO+V0e+pOT NM8VBv/w0Q3cbdvfumTam5N9mWPAMyHKJ3o15HmUt0Mu6p2wadORTHyk+ytNHlsPH2LI ncyiw5vuwQSkFIA0BBuJsdcttGxMLxTL0Bx5xemNhNakUgfBKEtJCOdCv4DIN4Vm8moF cfoqHAFBw/Ojwcl2xZLiTeyfXyIOcW/dUhqecWCQlmH/e2beahBKVmx6jT7DDXLmL6cz rAMA== X-Forwarded-Encrypted: i=1; AJvYcCWwHQNTUi968X+vZvkwsWllQSg/3WpzA/MOSR0NHa21F6fWCMv2QYOL3hQjE7ZRWwAQQEtLWwUBdw==@kvack.org X-Gm-Message-State: AOJu0YwsP7OC3CLxMTAtNT7ekJ1Nxou8uzKXOum1o+7GU4+oF5OEOweo M0w/9dolAkDascDDJP3YQNn+YMOpZ3xVR2yaPvm3JS0clrzCQ3TJ5yt7SSqI0CBXsn2PbEifnD4 QDSi39YTsIV7t9alN4BjT2A== X-Google-Smtp-Source: AGHT+IHnLEBVmryIC9G4GF4GWQoXu2VnZ3KvRT32M4K9/h8Y/56ASW5COSwM++WZGjik0HMML4LUNHLenr0THNvvKg== X-Received: from ackerleytng-ctop.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:13f8]) (user=ackerleytng job=sendgmr) by 2002:a81:a883:0:b0:6d3:e7e6:8462 with SMTP id 00721157ae682-6db952f5ee5mr1095417b3.1.1726011924932; Tue, 10 Sep 2024 16:45:24 -0700 (PDT) Date: Tue, 10 Sep 2024 23:44:01 +0000 In-Reply-To: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.46.0.598.g6f2099f65c-goog Message-ID: <24cf7a9b1ee499c4ca4da76e9945429072014d1e.1726009989.git.ackerleytng@google.com> Subject: [RFC PATCH 30/39] KVM: guest_memfd: Handle folio preparation for guest_memfd mmap From: Ackerley Tng To: tabba@google.com, quic_eberman@quicinc.com, roypat@amazon.co.uk, jgg@nvidia.com, peterx@redhat.com, david@redhat.com, rientjes@google.com, fvdl@google.com, jthoughton@google.com, seanjc@google.com, pbonzini@redhat.com, zhiquan1.li@intel.com, fan.du@intel.com, jun.miao@intel.com, isaku.yamahata@intel.com, muchun.song@linux.dev, mike.kravetz@oracle.com Cc: erdemaktas@google.com, vannapurve@google.com, ackerleytng@google.com, qperret@google.com, jhubbard@nvidia.com, willy@infradead.org, shuah@kernel.org, brauner@kernel.org, bfoster@redhat.com, kent.overstreet@linux.dev, pvorel@suse.cz, rppt@kernel.org, richard.weiyang@gmail.com, anup@brainfault.org, haibo1.xu@intel.com, ajones@ventanamicro.com, vkuznets@redhat.com, maciej.wieczor-retman@intel.com, pgonda@google.com, oliver.upton@linux.dev, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-fsdevel@kvack.org X-Rspamd-Queue-Id: E51241A000C X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: yu6jn35w4qt9gw7r7u4umx6h4q95579u X-HE-Tag: 1726011925-167395 X-HE-Meta: U2FsdGVkX18jI0r/E/lJXbAS8v9FTqAScAx75L9qf5L+Nv4iLJ8nyVtPrFngwK7AflZY82+Zu/SEWcEbCjuf8zd6d3j8HyUoQWL31NKWOsATN6seFeeguFv3QccnUQHn4Kj43ggztXXJ+LPnwM4UVVaGhX/OoUpSPsosX3gBUUMURgvSOJuVQyfyFtQdUQfZ8GwXo1xacoJVGxfFoz6kAcpg1xL4bC8S5tr5KgkGuYQSoVFLuG3I8HEIF4sYh3x+UoftuLkct7JJ8kpQ1BH1msOLRU+8q80/0Eh8kM+baM6P8xG5nGqjAAS/IJQfWy/1EBWb6d2nDPCLgkxz8dPIgQ2Gj9h5P7WTH6FBU6IUzEzBXyhtJ9oYdVyME/Uj4zDYx28ExFHgyoYbLdY0LXGwo9eVKh85vrRp3JKIUAhapOQNR6fghzuIOr82UFvW/GCAYnC3tQgS5N0J2s5BVTVkvsos6RTZYyqe/T+gb43xKElV7g8klZS+TDQIBKhJJzR4aNE4kOH1DF/7YyaWF1ygTlZjzp7DrwZU9LVIIczUkaZl+j/7DFBeK81V+kdaT6P7s+lWi/Zu5qhCUwrLt17ReyLOMboH56VJh55+mCSBjgbkbWIpZ9wO8CRHlYjU8WozMestScf+Z0P9fDbl9LxXS5/6dDUYrUYIcY4h0To3TiN3yQiMzU9oBKlCUO5PSslFaTtcALccxHEzSPW4FJwVCQb5WPFIDN8/hCvY9BFiysiK0wKJ9196F+tbR4NKkZjQmPpbs5Lgg7hyGLJlmAE50Cyh+OqtVap3pGTjuQgGo9C5SyuiagglPbhjGNLKa0d1Dy6KIsWvKnc6eo+sCEnjUWrIf9jYO++QF/hhAYvfHl0fW49OzNbWKLwA/49VHDsPUOJIFrVljii3eFr9JP/LViAuDZzgvSYoQv5UCV0qcoYOXp4RhjsFnGdH/qg17eRHr7mzi+yWGfGAmcTOch5 LuMvNr7G oXqv4OMU/PJRVjQg8uQ3vb3gdLhIAG1nVAZ0MyIkem4Fov8RG5GIZTLqqhaCplOLFT5fwVJTRhbMg1paL6M86ZA1JUFvScHg/ZP6aoH38h76KvFC0O1USiqAUPFLgyEaS+nGx1LldK+JIwBGhK+vuJ71W4983muuRz4m7ZSTThMXKEKR0RCbOA8eswLrNQQu/tfn7KmG+8RzAgmVsUB3MoHeG6K95ZMwKgzxszgCh/K0+isxweiR799+yHJXqd012VxnadtebbhlxMbDuDY3JFqguCcrnvthD/IdDoLWJoqL8e6SWRhTWloCJKawiAWcgFKizPqKQrBSAYEi28SKX7ZYMBcNcfys1CIuOCrTCJrJ1ixBrB4Cr1uA3tDkoK1XAnU0JvQ12Sx0AywXI4FCcDlsaVPOyR15tkWyBlji0/TMunRprIcBc71rJK2xQRqbPK3hUbOJ86mtQXf0lZYO053yWaq+ANsINJl4++/4yEBmYGWBKBpdZE9WL6+YXOPnM/EqwTN2mfh5uYHMc0O1aCaafCGbEiqsd4zQx509YEedmKE3USwwlqsV2Sya0qYeYebSUoAWmHYDffLiKroZv8GsOAtO08uMeK4iuJdC0cSKfrpuhc8OlPXCFyaVvPZpgImzbCvQQmyHe+Y47jmpSOoYz7Qsc/BBafBrtb8PxiElFJ+4uQokjfFHdGEvQIkS/I9CyYGuSm7Z+3Wc= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Since guest_memfd now supports mmap(), folios have to be prepared before they are faulted into userspace. When memory attributes are switched between shared and private, the up-to-date flags will be cleared. Use the folio's up-to-date flag to indicate being ready for the guest usage and can be used to mark whether the folio is ready for shared OR private use. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 131 ++++++++++++++++++++++++++++++++++++++++- virt/kvm/kvm_main.c | 2 + virt/kvm/kvm_mm.h | 7 +++ 3 files changed, 139 insertions(+), 1 deletion(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 110c4bbb004b..fb292e542381 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -129,13 +129,29 @@ static int __kvm_gmem_prepare_folio(struct kvm *kvm, struct kvm_memory_slot *slo } /** - * Use the uptodate flag to indicate that the folio is prepared for KVM's usage. + * Use folio's up-to-date flag to indicate that this folio is prepared for usage + * by the guest. + * + * This flag can be used whether the folio is prepared for PRIVATE or SHARED + * usage. */ static inline void kvm_gmem_mark_prepared(struct folio *folio) { folio_mark_uptodate(folio); } +/** + * Use folio's up-to-date flag to indicate that this folio is not yet prepared for + * usage by the guest. + * + * This flag can be used whether the folio is prepared for PRIVATE or SHARED + * usage. + */ +static inline void kvm_gmem_clear_prepared(struct folio *folio) +{ + folio_clear_uptodate(folio); +} + /* * Process @folio, which contains @gfn, so that the guest can use it. * The folio must be locked and the gfn must be contained in @slot. @@ -148,6 +164,12 @@ static int kvm_gmem_prepare_folio(struct kvm *kvm, struct kvm_memory_slot *slot, pgoff_t index; int r; + /* + * Defensively zero folio to avoid leaking kernel memory in + * uninitialized pages. This is important since pages can now be mapped + * into userspace, where hardware (e.g. TDX) won't be clearing those + * pages. + */ if (folio_test_hugetlb(folio)) { folio_zero_user(folio, folio->index << PAGE_SHIFT); } else { @@ -1017,6 +1039,7 @@ static vm_fault_t kvm_gmem_fault(struct vm_fault *vmf) { struct inode *inode; struct folio *folio; + bool is_prepared; inode = file_inode(vmf->vma->vm_file); if (!kvm_gmem_is_faultable(inode, vmf->pgoff)) @@ -1026,6 +1049,31 @@ static vm_fault_t kvm_gmem_fault(struct vm_fault *vmf) if (!folio) return VM_FAULT_SIGBUS; + is_prepared = folio_test_uptodate(folio); + if (!is_prepared) { + unsigned long nr_pages; + unsigned long i; + + if (folio_test_hugetlb(folio)) { + folio_zero_user(folio, folio->index << PAGE_SHIFT); + } else { + /* + * Defensively zero folio to avoid leaking kernel memory in + * uninitialized pages. This is important since pages can now be + * mapped into userspace, where hardware (e.g. TDX) won't be + * clearing those pages. + * + * Will probably need a version of kvm_gmem_prepare_folio() to + * prepare the page for SHARED use. + */ + nr_pages = folio_nr_pages(folio); + for (i = 0; i < nr_pages; i++) + clear_highpage(folio_page(folio, i)); + } + + kvm_gmem_mark_prepared(folio); + } + vmf->page = folio_file_page(folio, vmf->pgoff); return VM_FAULT_LOCKED; } @@ -1593,6 +1641,87 @@ long kvm_gmem_populate(struct kvm *kvm, gfn_t start_gfn, void __user *src, long } EXPORT_SYMBOL_GPL(kvm_gmem_populate); +static void kvm_gmem_clear_prepared_range(struct inode *inode, pgoff_t start, + pgoff_t end) +{ + pgoff_t index; + + filemap_invalidate_lock_shared(inode->i_mapping); + + /* TODO: replace iteration with filemap_get_folios() for efficiency. */ + for (index = start; index < end;) { + struct folio *folio; + + /* Don't use kvm_gmem_get_folio to avoid allocating */ + folio = filemap_lock_folio(inode->i_mapping, index); + if (IS_ERR(folio)) { + ++index; + continue; + } + + kvm_gmem_clear_prepared(folio); + + index = folio_next_index(folio); + folio_unlock(folio); + folio_put(folio); + } + + filemap_invalidate_unlock_shared(inode->i_mapping); +} + +/** + * Clear the prepared flag for all folios in gfn range [@start, @end) in memslot + * @slot. + */ +static void kvm_gmem_clear_prepared_slot(struct kvm_memory_slot *slot, gfn_t start, + gfn_t end) +{ + pgoff_t start_offset; + pgoff_t end_offset; + struct file *file; + + file = kvm_gmem_get_file(slot); + if (!file) + return; + + start_offset = start - slot->base_gfn + slot->gmem.pgoff; + end_offset = end - slot->base_gfn + slot->gmem.pgoff; + + kvm_gmem_clear_prepared_range(file_inode(file), start_offset, end_offset); + + fput(file); +} + +/** + * Clear the prepared flag for all folios for any slot in gfn range + * [@start, @end) in @kvm. + */ +void kvm_gmem_clear_prepared_vm(struct kvm *kvm, gfn_t start, gfn_t end) +{ + int i; + + lockdep_assert_held(&kvm->slots_lock); + + for (i = 0; i < kvm_arch_nr_memslot_as_ids(kvm); i++) { + struct kvm_memslot_iter iter; + struct kvm_memslots *slots; + + slots = __kvm_memslots(kvm, i); + kvm_for_each_memslot_in_gfn_range(&iter, slots, start, end) { + struct kvm_memory_slot *slot; + gfn_t gfn_start; + gfn_t gfn_end; + + slot = iter.slot; + gfn_start = max(start, slot->base_gfn); + gfn_end = min(end, slot->base_gfn + slot->npages); + + if (iter.slot->flags & KVM_MEM_GUEST_MEMFD) + kvm_gmem_clear_prepared_slot(iter.slot, gfn_start, gfn_end); + } + } +} + /** * Returns true if pages in range [@start, @end) in inode @inode have no * userspace mappings. diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 1a7bbcc31b7e..255d27df7f5c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2565,6 +2565,8 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, KVM_BUG_ON(r, kvm); } + kvm_gmem_clear_prepared_vm(kvm, start, end); + kvm_handle_gfn_range(kvm, &post_set_range); out_unlock: diff --git a/virt/kvm/kvm_mm.h b/virt/kvm/kvm_mm.h index d8ff2b380d0e..25fd0d9f66cc 100644 --- a/virt/kvm/kvm_mm.h +++ b/virt/kvm/kvm_mm.h @@ -43,6 +43,7 @@ int kvm_gmem_bind(struct kvm *kvm, struct kvm_memory_slot *slot, void kvm_gmem_unbind(struct kvm_memory_slot *slot); int kvm_gmem_should_set_attributes(struct kvm *kvm, gfn_t start, gfn_t end, unsigned long attrs); +void kvm_gmem_clear_prepared_vm(struct kvm *kvm, gfn_t start, gfn_t end); #else static inline void kvm_gmem_init(struct module *module) { @@ -68,6 +69,12 @@ static inline int kvm_gmem_should_set_attributes(struct kvm *kvm, gfn_t start, return 0; } +static inline void kvm_gmem_clear_prepared_slots(struct kvm *kvm, + gfn_t start, gfn_t end) +{ + WARN_ON_ONCE(1); +} + #endif /* CONFIG_KVM_PRIVATE_MEM */ #endif /* __KVM_MM_H__ */