From patchwork Tue Sep 10 23:44:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ackerley Tng X-Patchwork-Id: 13799505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C6A3EE01F2 for ; Tue, 10 Sep 2024 23:46:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5D0F38D00EB; Tue, 10 Sep 2024 19:45:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 556C78D00E2; Tue, 10 Sep 2024 19:45:32 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 333E28D00EB; Tue, 10 Sep 2024 19:45:32 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 093828D00E2 for ; Tue, 10 Sep 2024 19:45:32 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B326C1607E9 for ; Tue, 10 Sep 2024 23:45:31 +0000 (UTC) X-FDA: 82550462862.11.8310BCE Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) by imf24.hostedemail.com (Postfix) with ESMTP id E28D018000F for ; Tue, 10 Sep 2024 23:45:29 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eGIszQJD; spf=pass (imf24.hostedemail.com: domain of 3GNrgZgsKCI0rt1v82vFA4xx55x2v.t532z4BE-331Crt1.58x@flex--ackerleytng.bounces.google.com designates 209.85.216.74 as permitted sender) smtp.mailfrom=3GNrgZgsKCI0rt1v82vFA4xx55x2v.t532z4BE-331Crt1.58x@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1726011877; a=rsa-sha256; cv=none; b=koHecwbErh2Y3ArO1ke9Beph+4ZQyunYBtqP26RbAyrbqKxZHBY6Kmr6QgF6QqHuSiowOS GY7L3fc30p/X/ea0ghkNXwXb1uzMEcn5qEkbynsIRS1s6EeS5tA7yhAAfe1gZ/gF1WkVN9 UkuanwNent5PpYmBV/DwNw4HXWibEZA= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=eGIszQJD; spf=pass (imf24.hostedemail.com: domain of 3GNrgZgsKCI0rt1v82vFA4xx55x2v.t532z4BE-331Crt1.58x@flex--ackerleytng.bounces.google.com designates 209.85.216.74 as permitted sender) smtp.mailfrom=3GNrgZgsKCI0rt1v82vFA4xx55x2v.t532z4BE-331Crt1.58x@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1726011877; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=OpTxhyUXuMtHPMfLsf+VosdcWmSbqHHnAO9eI97+DWM=; b=YE4QAKt5W526/xOT11FW4jlH7wcIe4pLmLEkuCCIrxqiteVxM8hsytow1AHmk6PWLH4klS sJdEMn1TRiZ2j/Z9g+1K/B3D/0YS8R8sA1HX9RbNWDNMc0SKujmIf9o2cyG/5V/UL5r5/R WqKbL4GucFukYYg++kWeAffpxQphQyo= Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2d88977c5a2so5620277a91.3 for ; Tue, 10 Sep 2024 16:45:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1726011928; x=1726616728; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=OpTxhyUXuMtHPMfLsf+VosdcWmSbqHHnAO9eI97+DWM=; b=eGIszQJDdHzVDZESNTjCXWpA1r3bbXSkxF+GQACC+HKrddC/cd6clSAm/4Lx570g08 CxBindKai4rFc3yh8TpyOfYypwKmkfnqwrcnHrfqa0QswlMOIWfEeO9oLshGdQAswvlS dTAwB+vjmpgNTc7R+99vRV1u2JwpqU3wBCdo46LHkwzHdnujZOFHg9cWOVKW+D/vWhND OzkD19XEUtj4PBsREFTEWaEhBNBRwSwxTeMEcKLR/6WDTYaCI8EekwOI0UuPZLsvBppw pz1rtRQtDmsB7DSaRMtDbDzoFnFwBvAPIdPpQ5mteF9oXmTZ63tQauZXn3Qf4waGCNFs F9lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726011928; x=1726616728; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OpTxhyUXuMtHPMfLsf+VosdcWmSbqHHnAO9eI97+DWM=; b=ayYbc6qvppjXcZTpBYgi4NDBcxmM53IM+uTsKQhMtODdyXH6gbh/ig6TkLySVXrFZk nILjA/gL3NqN+WQ3kozVqPHKQ2FTnWhyjGjYFD5hFoziixswJ0aR23poBwDoGNVMUBEt gr2350B6j+XaCMT15zFmKsP93QIIPAPgrlCTMvQdRu7cz1O99JEq52W9qdNhyqZhXwit LOZ7oIcsNHHEWcM8ETaw9XoYwilVOsd7uZYVGGfKJhpYpIbfKneyfX5Q/QXNU4Alc25V mwJb12sD/EnprB+5n8LlQx3Ly3iVOmbCKluqo7vNS/6YLTY2PXeWJ35llXJlQSsgtI9g 4RlA== X-Forwarded-Encrypted: i=1; AJvYcCWVVkX4z0XnUbDon1wG20I7qv6KyanjDHgOQBR0WuqBtOikz7YjHip8cFsBK7ARXZBmFwrAwcK+jA==@kvack.org X-Gm-Message-State: AOJu0Ywm+CZd1SgZao6QaYL+ndIsd7MyE79/3hDDdKPEUcgYs/JPd0jm f277JVMnujVUXs01mzpgiY1pfP0tIwGeP0ypsLlrc7t2SQGbXpOsyXSc/VebWNLUw3KIy+6w7Cl YMbMxp9srpDNyUdqOwrO3LA== X-Google-Smtp-Source: AGHT+IGDCVAzc3Os2kH8Tey/rqyfjIzDxCVVgwAtu26YcOS+JGYzGKn0YwTy0lhdNyewynSeBma3RYB4AAVHIEMUkQ== X-Received: from ackerleytng-ctop.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:13f8]) (user=ackerleytng job=sendgmr) by 2002:a17:90b:4f49:b0:2da:6c1e:1576 with SMTP id 98e67ed59e1d1-2dad4b8ba79mr41392a91.0.1726011928288; Tue, 10 Sep 2024 16:45:28 -0700 (PDT) Date: Tue, 10 Sep 2024 23:44:03 +0000 In-Reply-To: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.46.0.598.g6f2099f65c-goog Message-ID: Subject: [RFC PATCH 32/39] KVM: selftests: Test using guest_memfd memory from userspace From: Ackerley Tng To: tabba@google.com, quic_eberman@quicinc.com, roypat@amazon.co.uk, jgg@nvidia.com, peterx@redhat.com, david@redhat.com, rientjes@google.com, fvdl@google.com, jthoughton@google.com, seanjc@google.com, pbonzini@redhat.com, zhiquan1.li@intel.com, fan.du@intel.com, jun.miao@intel.com, isaku.yamahata@intel.com, muchun.song@linux.dev, mike.kravetz@oracle.com Cc: erdemaktas@google.com, vannapurve@google.com, ackerleytng@google.com, qperret@google.com, jhubbard@nvidia.com, willy@infradead.org, shuah@kernel.org, brauner@kernel.org, bfoster@redhat.com, kent.overstreet@linux.dev, pvorel@suse.cz, rppt@kernel.org, richard.weiyang@gmail.com, anup@brainfault.org, haibo1.xu@intel.com, ajones@ventanamicro.com, vkuznets@redhat.com, maciej.wieczor-retman@intel.com, pgonda@google.com, oliver.upton@linux.dev, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-fsdevel@kvack.org X-Stat-Signature: 9igfnix4n9gwka9omndmkxgyr9nk19o9 X-Rspamd-Queue-Id: E28D018000F X-Rspam-User: X-Rspamd-Server: rspam10 X-HE-Tag: 1726011929-353448 X-HE-Meta: U2FsdGVkX19bOLPb780ss8vbzcSYcsQUGqcf850PsK2vGq5I/g5U4Ry0S4lJFmjOT8ubpTFZecY95oiVOG0kAyPPU8d8SG5lxpGyGC87eP81+HK0me6MrEkeFJPImsqxITsjmP2eSU+xnajXl9B3z5HfO9gX2Tqhx32EHV06fH2u2Bwk5CfDeh9p7OPWOERIlRrdFDLYm27bY8XWldFFn3HgVU55lfBqxosaXaENSMohHKP66CB95jo2mLAMmpZnd3oMaTgVsqPP0lU8IO3XUUV3byY9fShZo7yI7DFUUZE6n2/CxxsWzzbxRDkBuSTROIElPGNRueM6ZCTnLKVewKB4wYDZ8Ke9qEANyUrcQr3ZOF0crYaX5B6KQYjdf6dbJqRHQ9Qy4n2cPaY+mcUbUkqu387It+TQtYuh8nX0Xbe7SeGBcab9BpnGItFA4xJpTKKCQU/PDXOtH/6jXvH0Pq8UX40gO1LxoFThRorR7MzVyP2o08OtGQ0nOCjmKiTrcs2BQTtfiCGY9EZTBZdfXGqNIZ2w8t77D0HxjRjH1pHE9FtWFTPcbxjEfrmCT22+iIFX3U9o3FsIUHY+nbyq41qHzX0DyYMD/FBihqnp0c0LioKUvdhZ9aeRViorKMbXXJeNVhqkvxuCOoQrEC2fQicED+iN8mUXI26l4UwNoqfVmsnHsZDsefRPB0Q9UTqMus180FD+WIUptOxSfUsJ5uHUZFSjgkmLOVs+jjRk2xrTAL4/aWJyHmQ37XCTs24POXqNvyvF/ZO8e8xKGMEe06c1E0WF8If04eD7eLJQumKHgVJ/gaH6e+1G0/EAH8gn0/ESXeXmZZGr8wGZ6ijXQ5pCBQsdItZjLIeiYKIOCtmJkepEFE7mq3yNW95VCKQ6Y28xKYQXTyKG7yGpPjRWtVFNRVZv+WfUpW4y/Y5eXH9Gy9/P9bMbX9+jJKet/0vvyVPiihgmH+YlaHF/mJW jD1HXg4H 7r24RBgRdxmiwIKtaYgZdr/mc3mrSoy3QK7+2WoUFppzSqfJFe/6NEocIMC+3Nx+097Fwa9tmd0agMtzkc9hVgX4YrMK2INQDfVqOTpHTooD4M5Aqjjft6GS5Wrr2LzsGwfefjTfYfECp/riqRSJa/cJ8ro5zdfYLbkxWYGngxvLOX0TYe8lDlYHIDdh5TLUHRbJJFPWnHXrC8hb9OfgSb/XHmtV2Q72bLzNjrSz0qpviMrGrY8iNFtadT0k+4glKBPnG3FMyufByiJZhP2ckuNWoXCpvrGsE282y9NVb45xECDxB8hKgaESTfVLiSmWapL+6+gSkzMN8HofWe4osuWab3vdhkoFlWly+V+MF7ySt8un7bzLjPzfgFHxhIi5CPeIE9RI1DFG4SjoqwRjmXr8WzltEfOAX0qB5f+Xwo9lnCHkmuGorLjNXRNuJZBXjFTdEEK1vn9sgEi3NaeuOPDXEEmmcnQAYhWeXTI04ruilh1tLkEldkZq4hN10xL5m1t9cJezWEjuH9cVlsBiC5j0OzJiCV1QmLOrzsVd52zlFSMnMkqb53RlZonOB9mBekgaedXVVEzCCnwLyttRkxNnIziHgg2QAI5J003ZUMJUmKr1TtX+Pd/J6fyXW3wsAUi2u2gnGzuq7+NvoRTmeSS0Im0CSIeE1d9ETWuwb+cYx3e8NqCb6A6sagkIP+G3zXc2AiBIDtqVMdT0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Test using guest_memfd from userspace, since guest_memfd now has mmap() support. Tests: 1. mmap() should now always return a valid address 2. Test that madvise() doesn't give any issues when pages are not faulted in. 3. Test that pages should not be faultable before association with a memslot, and that faults result in SIGBUS. 4. Test that pages can be faulted if marked faultable, and the flow of setting a memory range as private, which is: a. madvise(MADV_DONTNEED) to request kernel to unmap pages b. Set memory attributes of VM to private Also test that if pages are still mapped, setting memory attributes will fail. 5. Test that madvise(MADV_REMOVE) can be used to remove pages from guest_memfd, forcing zeroing of those pages before the next time the pages are faulted in. Signed-off-by: Ackerley Tng --- .../testing/selftests/kvm/guest_memfd_test.c | 195 +++++++++++++++++- 1 file changed, 189 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kvm/guest_memfd_test.c b/tools/testing/selftests/kvm/guest_memfd_test.c index 3618ce06663e..b6f3c3e6d0dd 100644 --- a/tools/testing/selftests/kvm/guest_memfd_test.c +++ b/tools/testing/selftests/kvm/guest_memfd_test.c @@ -6,6 +6,7 @@ */ #include #include +#include #include #include #include @@ -35,12 +36,192 @@ static void test_file_read_write(int fd) "pwrite on a guest_mem fd should fail"); } -static void test_mmap(int fd, size_t page_size) +static void test_mmap_should_map_pages_into_userspace(int fd, size_t page_size) { char *mem; mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); - TEST_ASSERT_EQ(mem, MAP_FAILED); + TEST_ASSERT(mem != MAP_FAILED, "mmap should return valid address"); + + TEST_ASSERT_EQ(munmap(mem, page_size), 0); +} + +static void test_madvise_no_error_when_pages_not_faulted(int fd, size_t page_size) +{ + char *mem; + + mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + TEST_ASSERT(mem != MAP_FAILED, "mmap should return valid address"); + + TEST_ASSERT_EQ(madvise(mem, page_size, MADV_DONTNEED), 0); + + TEST_ASSERT_EQ(munmap(mem, page_size), 0); +} + +static void assert_not_faultable(char *address) +{ + pid_t child_pid; + + child_pid = fork(); + TEST_ASSERT(child_pid != -1, "fork failed"); + + if (child_pid == 0) { + *address = 'A'; + } else { + int status; + waitpid(child_pid, &status, 0); + + TEST_ASSERT(WIFSIGNALED(status), + "Child should have exited with a signal"); + TEST_ASSERT_EQ(WTERMSIG(status), SIGBUS); + } +} + +/* + * Pages should not be faultable before association with memslot because pages + * (in a KVM_X86_SW_PROTECTED_VM) only default to faultable at memslot + * association time. + */ +static void test_pages_not_faultable_if_not_associated_with_memslot(int fd, + size_t page_size) +{ + char *mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, 0); + TEST_ASSERT(mem != MAP_FAILED, "mmap should return valid address"); + + assert_not_faultable(mem); + + TEST_ASSERT_EQ(munmap(mem, page_size), 0); +} + +static void test_pages_faultable_if_marked_faultable(struct kvm_vm *vm, int fd, + size_t page_size) +{ + char *mem; + uint64_t gpa = 0; + uint64_t guest_memfd_offset = 0; + + /* + * This test uses KVM_X86_SW_PROTECTED_VM is required to set + * arch.has_private_mem, to add a memslot with guest_memfd to a VM. + */ + if (!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))) { + printf("Faultability test skipped since KVM_X86_SW_PROTECTED_VM is not supported."); + return; + } + + mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, + guest_memfd_offset); + TEST_ASSERT(mem != MAP_FAILED, "mmap should return valid address"); + + /* + * Setting up this memslot with a KVM_X86_SW_PROTECTED_VM marks all + * offsets in the file as shared, allowing pages to be faulted in. + */ + vm_set_user_memory_region2(vm, 0, KVM_MEM_GUEST_MEMFD, gpa, page_size, + mem, fd, guest_memfd_offset); + + *mem = 'A'; + TEST_ASSERT_EQ(*mem, 'A'); + + /* Should fail since the page is still faulted in. */ + TEST_ASSERT_EQ(__vm_set_memory_attributes(vm, gpa, page_size, + KVM_MEMORY_ATTRIBUTE_PRIVATE), + -1); + TEST_ASSERT_EQ(errno, EINVAL); + + /* + * Use madvise() to remove the pages from userspace page tables, then + * test that the page is still faultable, and that page contents remain + * the same. + */ + madvise(mem, page_size, MADV_DONTNEED); + TEST_ASSERT_EQ(*mem, 'A'); + + /* Tell kernel to unmap the page from userspace. */ + madvise(mem, page_size, MADV_DONTNEED); + + /* Now kernel can set this page to private. */ + vm_mem_set_private(vm, gpa, page_size); + assert_not_faultable(mem); + + /* + * Should be able to fault again after setting this back to shared, and + * memory contents should be cleared since pages must be re-prepared for + * SHARED use. + */ + vm_mem_set_shared(vm, gpa, page_size); + TEST_ASSERT_EQ(*mem, 0); + + /* Cleanup */ + vm_set_user_memory_region2(vm, 0, KVM_MEM_GUEST_MEMFD, gpa, 0, mem, fd, + guest_memfd_offset); + + TEST_ASSERT_EQ(munmap(mem, page_size), 0); +} + +static void test_madvise_remove_releases_pages(struct kvm_vm *vm, int fd, + size_t page_size) +{ + char *mem; + uint64_t gpa = 0; + uint64_t guest_memfd_offset = 0; + + /* + * This test uses KVM_X86_SW_PROTECTED_VM is required to set + * arch.has_private_mem, to add a memslot with guest_memfd to a VM. + */ + if (!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))) { + printf("madvise test skipped since KVM_X86_SW_PROTECTED_VM is not supported."); + return; + } + + mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + TEST_ASSERT(mem != MAP_FAILED, "mmap should return valid address"); + + /* + * Setting up this memslot with a KVM_X86_SW_PROTECTED_VM marks all + * offsets in the file as shared, allowing pages to be faulted in. + */ + vm_set_user_memory_region2(vm, 0, KVM_MEM_GUEST_MEMFD, gpa, page_size, + mem, fd, guest_memfd_offset); + + *mem = 'A'; + TEST_ASSERT_EQ(*mem, 'A'); + + /* + * MADV_DONTNEED causes pages to be removed from userspace page tables + * but should not release pages, hence page contents are kept. + */ + TEST_ASSERT_EQ(madvise(mem, page_size, MADV_DONTNEED), 0); + TEST_ASSERT_EQ(*mem, 'A'); + + /* + * MADV_REMOVE causes pages to be released. Pages are then zeroed when + * prepared for shared use, hence 0 is expected on next fault. + */ + TEST_ASSERT_EQ(madvise(mem, page_size, MADV_REMOVE), 0); + TEST_ASSERT_EQ(*mem, 0); + + TEST_ASSERT_EQ(munmap(mem, page_size), 0); + + /* Cleanup */ + vm_set_user_memory_region2(vm, 0, KVM_MEM_GUEST_MEMFD, gpa, 0, mem, fd, + guest_memfd_offset); +} + +static void test_using_memory_directly_from_userspace(struct kvm_vm *vm, + int fd, size_t page_size) +{ + test_mmap_should_map_pages_into_userspace(fd, page_size); + + test_madvise_no_error_when_pages_not_faulted(fd, page_size); + + test_pages_not_faultable_if_not_associated_with_memslot(fd, page_size); + + test_pages_faultable_if_marked_faultable(vm, fd, page_size); + + test_madvise_remove_releases_pages(vm, fd, page_size); } static void test_file_size(int fd, size_t page_size, size_t total_size) @@ -180,18 +361,17 @@ static void test_guest_memfd(struct kvm_vm *vm, uint32_t flags, size_t page_size size_t total_size; int fd; - TEST_REQUIRE(kvm_has_cap(KVM_CAP_GUEST_MEMFD)); - total_size = page_size * 4; fd = vm_create_guest_memfd(vm, total_size, flags); test_file_read_write(fd); - test_mmap(fd, page_size); test_file_size(fd, page_size, total_size); test_fallocate(fd, page_size, total_size); test_invalid_punch_hole(fd, page_size, total_size); + test_using_memory_directly_from_userspace(vm, fd, page_size); + close(fd); } @@ -201,7 +381,10 @@ int main(int argc, char *argv[]) TEST_REQUIRE(kvm_has_cap(KVM_CAP_GUEST_MEMFD)); - vm = vm_create_barebones(); + if ((kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_VM))) + vm = vm_create_barebones_type(KVM_X86_SW_PROTECTED_VM); + else + vm = vm_create_barebones(); test_create_guest_memfd_invalid(vm); test_create_guest_memfd_multiple(vm);