From patchwork Wed Jan 22 15:27:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947449 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D34E2144B6 for ; Wed, 22 Jan 2025 15:27:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559665; cv=none; b=CPxbHTsnB5W/hGBOeVD2hhxLVlZu+duYZwXUmUrckyF2WznW84kDXNOF4miF3J644GsE/tinTDp4dhM7EF5gXzB6S41LZIJcJ1oDIG0IBITboCeR3ukNTrVFwP8HA6BFY8LqWxBfRcLuX+3Q1oWUJm9F9ZQsY7iHN8hWvSsSc8o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559665; c=relaxed/simple; bh=YoLt3jg672qLkVcu7VIEZbT4qXMy3Xl6u3hot8yMq0w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Ny47p5X1yPLV0FPejbx1PQTlczcRz9+F298p2X6gaQGZ8GnDWjPEy47dN/Szhq22kCfJavVOHIJB10wGSMfzyy5s7GrNUXkVUDXtXmgotO0r7jKsnuCWoyJcGgTGakdtSd1F8FZRlpETvdAzz0OzI2y0FJ8JsvEhUYYgIvpeOjA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Kl3Hdewa; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Kl3Hdewa" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4361fc2b2d6so38933585e9.3 for ; Wed, 22 Jan 2025 07:27:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559663; x=1738164463; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ZDcetJFcXF4ZQue9UQkLlQm0kzILtlW6lFAnbaIvucU=; b=Kl3HdewakC6e3TUCJGah+GdKZ7PuGcSKku8Des/NjtxtKm+R84v1xav9Xz8F8UFOfk HsykueYFQIaThtc4BarPS3kEjMNb0xqMMa2UFlgq76hagJ4RMIswVfqcTx0AiNGTd/gr l8FGHFMIBPCsrFEnjNnQOH9Zm3nePmjxze/8KRljlzeN/eIAQ62796g9SOVk5cGrstZY CLb6P21TOAfybhDYG4P6eiCCdRc3alyEc3Np1QBBHBeKETSEAvU9Q2BD0WO7I5aBlHZY zgu1s+pbvb/3pP8t8dkMw1SQsDjuZW+m3nNE+DMn5t4UeJBe/49F7HHFFL78OpQxm7VL 4i3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559663; x=1738164463; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZDcetJFcXF4ZQue9UQkLlQm0kzILtlW6lFAnbaIvucU=; b=O1pmq9atT8JdNsCkWlELxP4tFpLLfzYtDQ2lnrytlwPJZ6t9ko022LiiODLz+dABNW B3Jt0zYpMX8whMb4m3e+3VFxFUeVTpWBE/Dptdot78QtTRkpKdWwtUkpMSqQnVV8Xdsa bUulnNPwr1LDojlS9rbtRHkVQFPo4l30/a+Llb47qN3OfYZvv85Foca7+5mHBm4KV8Ti nkVDFCxQz+Nr/PRLwKROq9YIN7XzLx76Uy5ZFrVSo2u7FCXilQaJH6g7znWRQhcqB1kS nwdyiUiIpYC053o1wGa/zANgrK13z718CsttBzqfZHJHvXp6WTK5VZacO/sdLa9vxcMB KuTw== X-Gm-Message-State: AOJu0Yxq/LPg0cEE/KcPz95SeZLkK18y/6GogUXq+8hDdGwwQbT/SKU+ 9LoKKjc0AQzgv+6NpeWfVkjxRa/m6o6nvdceWr1Xseue0PL1nf4TfIeSoK1Phs1E4oNeLjfK81T gZY6xeNmV26V4dp9tBetsJ7FoXd3fDzFKb1sRuvxBMvjJHH7dbJZnsEB9NETIuDwFz5wBOYRIhN SPFNr65dpr5r74uszM7mg8ewY= X-Google-Smtp-Source: AGHT+IF8KsDXB6MILYgdI4bjHbLtTHjfa5HGKAzChHRDB4DnJXkZq0oaXJyTUpB5YHGdtSJAjVRTemZsTA== X-Received: from wmow21.prod.google.com ([2002:a05:600c:4755:b0:436:e755:a053]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5101:b0:434:f925:f5c9 with SMTP id 5b1f17b1804b1-438913c85e0mr201044935e9.6.1737559662645; Wed, 22 Jan 2025 07:27:42 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:30 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-2-tabba@google.com> Subject: [RFC PATCH v1 1/9] KVM: guest_memfd: Allow host to mmap guest_memfd() pages From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Add support for mmap() and fault() for guest_memfd in the host for VMs that support in place conversion between shared and private. To that end, this patch adds the ability to check whether the architecture has that support, and only allows mmap() if that's the case. Additionally, this is gated with a new configuration option, CONFIG_KVM_GMEM_MAPPABLE. Signed-off-by: Fuad Tabba --- arch/x86/include/asm/kvm_host.h | 2 + include/linux/kvm_host.h | 11 +++++ virt/kvm/Kconfig | 4 ++ virt/kvm/guest_memfd.c | 71 +++++++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index e159e44a6a1b..c0e149bc1d79 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2206,6 +2206,8 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level, #define kvm_arch_has_private_mem(kvm) false #endif +#define kvm_arch_private_mem_inplace(kvm) false + #define kvm_arch_has_readonly_mem(kvm) (!(kvm)->arch.has_protected_state) static inline u16 kvm_read_ldt(void) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 401439bb21e3..ebca0ab4c5e2 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -717,6 +717,17 @@ static inline bool kvm_arch_has_private_mem(struct kvm *kvm) } #endif +/* + * Arch code must define kvm_arch_private_mem_inplace if support for private + * memory is enabled it supports in-place conversion between shared and private. + */ +#if !defined(kvm_arch_private_mem_inplace) && !IS_ENABLED(CONFIG_KVM_PRIVATE_MEM) +static inline bool kvm_arch_private_mem_inplace(struct kvm *kvm) +{ + return false; +} +#endif + #ifndef kvm_arch_has_readonly_mem static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm) { diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index 54e959e7d68f..59400fd8f539 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -124,3 +124,7 @@ config HAVE_KVM_ARCH_GMEM_PREPARE config HAVE_KVM_ARCH_GMEM_INVALIDATE bool depends on KVM_PRIVATE_MEM + +config KVM_GMEM_MAPPABLE + select KVM_PRIVATE_MEM + bool diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 47a9f68f7b24..9ee162bf6bde 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -307,7 +307,78 @@ static pgoff_t kvm_gmem_get_index(struct kvm_memory_slot *slot, gfn_t gfn) return gfn - slot->base_gfn + slot->gmem.pgoff; } +#ifdef CONFIG_KVM_GMEM_MAPPABLE +static vm_fault_t kvm_gmem_fault(struct vm_fault *vmf) +{ + struct inode *inode = file_inode(vmf->vma->vm_file); + struct folio *folio; + vm_fault_t ret = VM_FAULT_LOCKED; + + filemap_invalidate_lock_shared(inode->i_mapping); + + folio = kvm_gmem_get_folio(inode, vmf->pgoff); + if (IS_ERR(folio)) { + ret = VM_FAULT_SIGBUS; + goto out_filemap; + } + + if (folio_test_hwpoison(folio)) { + ret = VM_FAULT_HWPOISON; + goto out_folio; + } + + if (!folio_test_uptodate(folio)) { + unsigned long nr_pages = folio_nr_pages(folio); + unsigned long i; + + for (i = 0; i < nr_pages; i++) + clear_highpage(folio_page(folio, i)); + + folio_mark_uptodate(folio); + } + + vmf->page = folio_file_page(folio, vmf->pgoff); + +out_folio: + if (ret != VM_FAULT_LOCKED) { + folio_unlock(folio); + folio_put(folio); + } + +out_filemap: + filemap_invalidate_unlock_shared(inode->i_mapping); + + return ret; +} + +static const struct vm_operations_struct kvm_gmem_vm_ops = { + .fault = kvm_gmem_fault, +}; + +static int kvm_gmem_mmap(struct file *file, struct vm_area_struct *vma) +{ + struct kvm_gmem *gmem = file->private_data; + + if (!kvm_arch_private_mem_inplace(gmem->kvm)) + return -ENODEV; + + if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) != + (VM_SHARED | VM_MAYSHARE)) { + return -EINVAL; + } + + file_accessed(file); + vm_flags_set(vma, VM_DONTDUMP); + vma->vm_ops = &kvm_gmem_vm_ops; + + return 0; +} +#else +#define kvm_gmem_mmap NULL +#endif /* CONFIG_KVM_GMEM_MAPPABLE */ + static struct file_operations kvm_gmem_fops = { + .mmap = kvm_gmem_mmap, .open = generic_file_open, .release = kvm_gmem_release, .fallocate = kvm_gmem_fallocate, From patchwork Wed Jan 22 15:27:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947450 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 955862147F3 for ; Wed, 22 Jan 2025 15:27:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559668; cv=none; b=Z9rff00XC4JrOROugkaapHvFKM+AAcPlreyxAPbsZSqSsxpxBaT4EPBu5GrF5sQt/NhojNfBgr5jfaQfC3G6SYFeYiPtkW4Y0toEjW0DKUCEM94yfQrNqYEFGfUlEWOId018JqhHL2NlxXuI9/+coWBT6viT3chNlLHfFjjY+Xc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559668; c=relaxed/simple; bh=FsDwrIACdTO2Ca0fJAZSznrHNQJw7b+9sXwyD6/dAzU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fAW+O8fdOlR6NPMqFCHq5QgGUTx1HNcqbW5xtLpFFemweUcbJCvwyLGFHlf/zmOP8O9cmU7x1jQ7EVymzhBlTFiAUFltKou4kfPYHtfOacOU662yIb7rD03pl/jxk0JnqSsw6hkBslR7s6WpqX9fkpZPYmFPmMejxa+D8pjGea8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=V1QyOfL4; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="V1QyOfL4" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4361c040ba8so38966095e9.1 for ; Wed, 22 Jan 2025 07:27:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559665; x=1738164465; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Jgc9nfq2iOlwc6s0mq0Zmi5Z5E3sXJP1ktmubqSKFNg=; b=V1QyOfL4Elc1NCZljNFQ0ljD1flWoh3L1AgQ/GY1+uNHKCkiUX8AvdJ3KPBHqggjcL TFw3aBTRu80x1AQzYCdpf9ll/L3LLeEgEp93ZVPWOgcxg4Hwv3tZLbbivCU34ZamHGmR 9ipXwuUx7ZGb0+K/iPkgO+6UzzTdKN9MxtFC+ogujY/9cVBd8aU+5r5DlgRsEoTFSmOm wdfBstEaJ6FbOGOnaMyHkRXQDumcoRF0/IHayZn+lp39X/H1x3DObsalM/HuPUtnTyLF U8o8IJErC5mpIZNWLDixf/oKdip9t934k/6b3hJH7YXw6ihZLkZTGzoyxX+S1uY4JOCM Ogdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559665; x=1738164465; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Jgc9nfq2iOlwc6s0mq0Zmi5Z5E3sXJP1ktmubqSKFNg=; b=X9y4Y2IVkpR7F73nNxWLlyI5SBSS6G4diJw+S22kar37NHTKAfuTqTAp96dJdaCR0f 7eIZ57iiKdErsPL15EI/BkCxxlDL4iDuBP38WniGyppBckwKDhoB6QCmfQ1vYbAnNZiL is85g0d+T3dM21s420a4Kr2UZ9rftZdTvqNPhm9t6IcMYAzvuk77tQN3gxw8lzvVMIw9 bT84j0W9cHWDbML/RJsX7/Ap/TR5Q93n+URuCFULLVKgwBkjev4NsZvQt86p99nUBO4O VZxk5t+DNGHCWCkZ2MPM2ap5Tzyydk4usZsA7CIAwDvGwZnCD+12SwBKtcGQ3e+Tv1/j 2LGQ== X-Gm-Message-State: AOJu0YymrwWZ3GYrK827N/FYJBiZGyoAZlavHmpdf7jTUs2qDs0k3Nq0 NgI6Y5N/lawy/7o3EXjQtkBEZODdaSo0WPmxqGbqSj6a9JLtm4xdAm+IP5aL2VTDoitFE+nBAj2 ZsuAyOyVkdzgbDtAkamLZxyDXZlXdtWjxz2UrWzjLT4gctWoXU9nJ5pS8zSp7SWLlyzWS4CSdTd XnOqpyfQYGjxfXc5zJrqH8g8Y= X-Google-Smtp-Source: AGHT+IHEkzSzLwVsFu5ntmtLdr5cJ4QHwoT2gxzzZv4Yr44awgwt7PF8ZqHc/3pFw4mwJzLSVOUAJ9pbQg== X-Received: from wmof18.prod.google.com ([2002:a05:600c:44d2:b0:438:af71:5fbb]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:310a:b0:434:f335:855 with SMTP id 5b1f17b1804b1-43891440ab1mr187994315e9.28.1737559664727; Wed, 22 Jan 2025 07:27:44 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:31 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-3-tabba@google.com> Subject: [RFC PATCH v1 2/9] KVM: guest_memfd: Add guest_memfd support to kvm_(read|/write)_guest_page() From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Make kvm_(read|/write)_guest_page() capable of accessing guest memory for slots that don't have a userspace address, but only if the memory is mappable, which also indicates that it is accessible by the host. Signed-off-by: Fuad Tabba --- virt/kvm/kvm_main.c | 118 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 99 insertions(+), 19 deletions(-) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index de2c11dae231..ad9802012a3f 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -3094,21 +3094,93 @@ static int next_segment(unsigned long len, int offset) return len; } -/* Copy @len bytes from guest memory at '(@gfn * PAGE_SIZE) + @offset' to @data */ -static int __kvm_read_guest_page(struct kvm_memory_slot *slot, gfn_t gfn, - void *data, int offset, int len) +#ifdef CONFIG_KVM_GMEM_MAPPABLE +static int __kvm_read_guest_memfd_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, + int len) +{ + struct page *page; + u64 pfn; + int r; + + /* + * Holds the folio lock until after checking whether it can be faulted + * in, to avoid races with paths that change a folio's mappability. + */ + r = kvm_gmem_get_pfn(kvm, slot, gfn, &pfn, &page, NULL); + if (r) + return r; + + memcpy(data, page_address(page) + offset, len); + kvm_release_page_clean(page); + + return r; +} + +static int __kvm_write_guest_memfd_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, const void *data, + int offset, int len) { + struct page *page; + u64 pfn; int r; + + /* + * Holds the folio lock until after checking whether it can be faulted + * in, to avoid races with paths that change a folio's mappability. + */ + r = kvm_gmem_get_pfn(kvm, slot, gfn, &pfn, &page, NULL); + if (r) + return r; + + memcpy(page_address(page) + offset, data, len); + kvm_release_page_dirty(page); + + return r; +} +#else +static int __kvm_read_guest_memfd_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, + int len) +{ + WARN_ON_ONCE(1); + return -EIO; +} + +static int __kvm_write_guest_memfd_page(struct kvm *kvm, + struct kvm_memory_slot *slot, + gfn_t gfn, const void *data, + int offset, int len) +{ + WARN_ON_ONCE(1); + return -EIO; +} +#endif /* CONFIG_KVM_GMEM_MAPPABLE */ + +/* Copy @len bytes from guest memory at '(@gfn * PAGE_SIZE) + @offset' to @data */ + +static int __kvm_read_guest_page(struct kvm *kvm, struct kvm_memory_slot *slot, + gfn_t gfn, void *data, int offset, int len) +{ unsigned long addr; if (WARN_ON_ONCE(offset + len > PAGE_SIZE)) return -EFAULT; + if (kvm_arch_private_mem_inplace(kvm) && + kvm_slot_can_be_private(slot) && + !slot->userspace_addr) { + return __kvm_read_guest_memfd_page(kvm, slot, gfn, data, + offset, len); + } + addr = gfn_to_hva_memslot_prot(slot, gfn, NULL); if (kvm_is_error_hva(addr)) return -EFAULT; - r = __copy_from_user(data, (void __user *)addr + offset, len); - if (r) + if (__copy_from_user(data, (void __user *)addr + offset, len)) return -EFAULT; return 0; } @@ -3118,7 +3190,7 @@ int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, { struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn); - return __kvm_read_guest_page(slot, gfn, data, offset, len); + return __kvm_read_guest_page(kvm, slot, gfn, data, offset, len); } EXPORT_SYMBOL_GPL(kvm_read_guest_page); @@ -3127,7 +3199,7 @@ int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data, { struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn); - return __kvm_read_guest_page(slot, gfn, data, offset, len); + return __kvm_read_guest_page(vcpu->kvm, slot, gfn, data, offset, len); } EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_page); @@ -3204,22 +3276,30 @@ EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_atomic); /* Copy @len bytes from @data into guest memory at '(@gfn * PAGE_SIZE) + @offset' */ static int __kvm_write_guest_page(struct kvm *kvm, - struct kvm_memory_slot *memslot, gfn_t gfn, - const void *data, int offset, int len) + struct kvm_memory_slot *slot, gfn_t gfn, + const void *data, int offset, int len) { - int r; - unsigned long addr; - if (WARN_ON_ONCE(offset + len > PAGE_SIZE)) return -EFAULT; - addr = gfn_to_hva_memslot(memslot, gfn); - if (kvm_is_error_hva(addr)) - return -EFAULT; - r = __copy_to_user((void __user *)addr + offset, data, len); - if (r) - return -EFAULT; - mark_page_dirty_in_slot(kvm, memslot, gfn); + if (kvm_arch_private_mem_inplace(kvm) && + kvm_slot_can_be_private(slot) && + !slot->userspace_addr) { + int r = __kvm_write_guest_memfd_page(kvm, slot, gfn, data, + offset, len); + + if (r) + return r; + } else { + unsigned long addr = gfn_to_hva_memslot(slot, gfn); + + if (kvm_is_error_hva(addr)) + return -EFAULT; + if (__copy_to_user((void __user *)addr + offset, data, len)) + return -EFAULT; + } + + mark_page_dirty_in_slot(kvm, slot, gfn); return 0; } From patchwork Wed Jan 22 15:27:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947451 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBA21214811 for ; Wed, 22 Jan 2025 15:27:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559670; cv=none; b=DjtGwS8R1uma68ahqRS+A1aSjP9ta80U0bsGBciF79TDRF2yWsIccwfJS45i/q7KaQnnKBYGLHeZt78v38ZSdje26UB3l1dKE/505D6XYbB8okY4+uivCOeFJKD/SuPbGuMxSIGquRl2vsJ9DQ5zlj41VTux7hK4ckpWVH76Zvw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559670; c=relaxed/simple; bh=D84Qgq7kdw2clG1hEN75SuoD1X4BbCJGyi5cAztxsnw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AO/Ru3ml5qAAHC2wqObsvkOG7AMLha2/+qdAPvmp+hdu+RxEJemgGOAdKgJ5ZVjJeNwW4YBMCT1AVTEVVqRWZUzeuPnNYgNS7yaulRzuMXet5FgzrOhwIVcgoQTHF8jZp9gv6J2BOED7F3c8pWoQ7t0od1MDMf2fbcnQuJ7d/Yo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=kQ+dmfcs; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kQ+dmfcs" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-4361ac607b6so53700815e9.0 for ; Wed, 22 Jan 2025 07:27:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559667; x=1738164467; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FPlZyanj/PcXychEccc3pvyCzWy399cCYc+EAQwmx4Q=; b=kQ+dmfcswLXTWMsXhrYyZGAM3gLj9jtJd1tyvomkAT990ixCcIvjzSpUcupMifVIH7 14ipwuaP5fahd5IR4HRvOjqBGdfi6SUVavx+QBnGVixEugaZ2R36mXzTpJWjs0w/9Q1H tGLIVfNwBAMfdVkk7LAnAUk62WNU0SsnyGpXntjv7gyLHejj9OtJnUkz6fIDyYaOYJbr yAeWAKhYo4Dr4TrwxqYTqtfw+hbigiPWuMM1+yXySzUrqwDf0AweZCnxlPOF9tDGWg2s 9AJxeeuXSNB4TJ2H2WeYcewdMczBbBm/wgMwDcLJmi8joptnx6W2DQjKjwo9D1usd2w0 0dVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559667; x=1738164467; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FPlZyanj/PcXychEccc3pvyCzWy399cCYc+EAQwmx4Q=; b=Eq24qABR3YyXFeSGlHMoJNtfuQOKLAoMI7yk8bC/IMeBL+L1aXoRyw0tI9zuzn6Stf Veyym+/g9w6Z5OfhYzxy68i22QiYGWJCvLiXZq309Z2CV0ld94vt73AnRSuYGRhYt8GV ycdeiLXn+AZs0mq8nuB2TiGBFm4RvATY+WSrD7ClibTLrsa2FnXy0sg6d4KwFUy5ITIV UU8rkHuimn2imNzQxQsxyiWFLYlmUBmLZOmPAsPCiwy4WARB+lkAliw5TzxeBkjk0hnR uMOgvZcgODqO/5CKwJxlSUODlaiBG4i1o9fHNefWp+ATVSPSqdXfgnezaN5CJToPdv2P eH2g== X-Gm-Message-State: AOJu0YwPUsmMgvtBnG5/yDCKWOJa7J7fKqxqC9I6uguJePa7oXgeH2C1 YZCP27CDd38nEpBuSOSiuyN07U3hUbakAD3eZVySDpD7DBUSIgVL5Z5EzWL4ohGoRQQbTj7OE6c 3WUg2BLtu+wisPSVUn8ceKP2hY28e6AmqtQ+KWdQqctow7oop7YU1y85oOWZIol7160qNMhubMi VanTrO267eOTNMbntZnkPrmLY= X-Google-Smtp-Source: AGHT+IErLAZbRWKwqQFdhagPuo0iBKk0JPSfX6aLNC1OqdIBiMLMztGVedsgoVH8z63knrYGAMOhcPpfwA== X-Received: from wmbbi26.prod.google.com ([2002:a05:600c:3d9a:b0:438:ad3b:591a]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b0a:b0:434:9c60:95a3 with SMTP id 5b1f17b1804b1-438913ca93cmr223239065e9.11.1737559667157; Wed, 22 Jan 2025 07:27:47 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:32 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-4-tabba@google.com> Subject: [RFC PATCH v1 3/9] KVM: guest_memfd: Add KVM capability to check if guest_memfd is host mappable From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Add the KVM capability KVM_CAP_GUEST_MEMFD_MAPPABLE, which is true if mapping guest memory is supported by the host. Signed-off-by: Fuad Tabba --- include/uapi/linux/kvm.h | 1 + virt/kvm/kvm_main.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 502ea63b5d2e..021f8ef9979b 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -933,6 +933,7 @@ struct kvm_enable_cap { #define KVM_CAP_PRE_FAULT_MEMORY 236 #define KVM_CAP_X86_APIC_BUS_CYCLES_NS 237 #define KVM_CAP_X86_GUEST_MODE 238 +#define KVM_CAP_GUEST_MEMFD_MAPPABLE 239 struct kvm_irq_routing_irqchip { __u32 irqchip; diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ad9802012a3f..9cd6690b7955 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4872,6 +4872,10 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg) #ifdef CONFIG_KVM_PRIVATE_MEM case KVM_CAP_GUEST_MEMFD: return !kvm || kvm_arch_has_private_mem(kvm); +#endif +#ifdef CONFIG_KVM_GMEM_MAPPABLE + case KVM_CAP_GUEST_MEMFD_MAPPABLE: + return !kvm || kvm_arch_private_mem_inplace(kvm); #endif default: break; From patchwork Wed Jan 22 15:27:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947452 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC33621481F for ; Wed, 22 Jan 2025 15:27:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559672; cv=none; b=lUvnb6TzDI1wDifUo15pSWZ1LyoXjAxWa4xl1JO9qP36KRkksNGngxW8OF3hJahVMZqrKsKUGKR9210mW59v3DMxxXHcnT3sDayCvkr94ty4ObidZplI/XzwKKS9NcTJWV+6PMIT9bzUeaiiZJbWPxadkp5Y/wK96Lo7C2GUBDA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559672; c=relaxed/simple; bh=AZIZbGt3cG7dsQD7VkDSL1oTcXw0BOhbINqYhNgXLqY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FWQr5GgByqjAfYqkW5uT//0hTQ8KJ7XBx5v7jIdsxl+g9dnlMaxlfTkKtu/D79eMnoyLEfcAU3Xmsl27sQm04C32XEFc26wiL9TmA2ZcNoMUwG4zL330QTHQnIICWt5dGsZcBfF08RYN7QjDWMDaUAYGPLaz3srYh0tiFtNbRjU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=iUVfoERM; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="iUVfoERM" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43626224274so39004705e9.0 for ; Wed, 22 Jan 2025 07:27:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559669; x=1738164469; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=shrLyHvMMRQKlPtYXYDSAaDe6YKxFfwFxlxNmwxqD3g=; b=iUVfoERMeIlQBBxcy8V1/QzTu0kIljJbMKFKoXRr8w9qECzKM8vHKneweSzVrlsiWL +BYphtSp2Zu2ioCsLWVXWRsp5XTJDRJxf6kRdJMmgAQ4FPLPOHfnBdZcwjzeV58yt0+b 1GFSxDgT8jyJb3dUT1wCpLQA3fRhXJm5fmycJGD19/0WKywwDDCEwcuMGaxomSMTVy/o huj5zd5Id/fN5pzyZjpVZjh47gE3ym1etp54mhTTfTQxeZDAcXyqOG2wjszX7l/HuR/G Hx/QhAwYysfjKLmJnFwkpG7kfmR3DzyTEFreUim9Y501UAraSqlpeen1QVXDBN8XX3gg 9tZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559669; x=1738164469; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=shrLyHvMMRQKlPtYXYDSAaDe6YKxFfwFxlxNmwxqD3g=; b=lOdgeCN6LvKmWuT6yE3k4pk+CP41WI5VtncJ+mIeaakYC70x/yqWxjP/U+6x8x+eEv DlUtqByGF8y1o3fdlI39MtKJqj6RvYpIgi32LKaKCPr2NV/R8qnSPsacE8Pa7xmBO4CA piwOQXZr+vesuHrpiv3RxOVcr6MSTEp5xyS02X9DSw+voGOxD4tmk+5MFAqVgkwAdTlk 4VwWR+/upXYg+IS8eVaXxsm4NrU4OPlyla9StMMGcKnoUqhm0YdtZfluJ7Y1yMQiRjLn KHYcxCFsMploKW+i/DoxGAoj3YwvVsMNCSlIsxfhTTNVKyxb5c6rMUqTF/gh+Lx295B0 ZfJw== X-Gm-Message-State: AOJu0YwQ6or98LA4ZypgWmDyOBaEt5oJTTGPjt8/4li4uMIdtdTyEUMk fHA9Xxpob/ZCQdBezTYKw3vZkfrvbXbUhPPu5EgrbT4KnBoq6n67+7w1TsErGHS4Qc6/IYUt1IR hm2xR15MiUdkwBo/H+zLyNTchLAYlbRwL640X+y3aonvmQ7wtYwXSU/GJ4gz6qxNIGmAxZrwB1p rfEz19l8l1jGVxgI4gi71aPDA= X-Google-Smtp-Source: AGHT+IHTlIkTn1+cn775KydFPeyXeNoykYbZ6JOdiKLvBv9T8k9MPGDx/xX8UX12ynhVUVVwAikKzSjQIA== X-Received: from wmee10.prod.google.com ([2002:a05:600c:218a:b0:434:f1d0:7dc9]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3585:b0:434:f297:8e85 with SMTP id 5b1f17b1804b1-438913d5da1mr237493785e9.10.1737559669276; Wed, 22 Jan 2025 07:27:49 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:33 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-5-tabba@google.com> Subject: [RFC PATCH v1 4/9] KVM: arm64: Skip VMA checks for slots without userspace address From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Memory slots backed by guest memory might be created with no intention of being mapped by the host. These are recognized by not having a userspace address in the memory slot. VMA checks are neither possible nor necessary for this kind of slot, so skip them. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/mmu.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index c9d46ad57e52..342a9bd3848f 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -988,6 +988,10 @@ static void stage2_unmap_memslot(struct kvm *kvm, phys_addr_t size = PAGE_SIZE * memslot->npages; hva_t reg_end = hva + size; + /* Host will not map this private memory without a userspace address. */ + if (kvm_slot_can_be_private(memslot) && !hva) + return; + /* * A memory region could potentially cover multiple VMAs, and any holes * between them, so iterate over all of them to find out if we should @@ -2133,6 +2137,10 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, hva = new->userspace_addr; reg_end = hva + (new->npages << PAGE_SHIFT); + /* Host will not map this private memory without a userspace address. */ + if ((kvm_slot_can_be_private(new)) && !hva) + return 0; + mmap_read_lock(current->mm); /* * A memory region could potentially cover multiple VMAs, and any holes From patchwork Wed Jan 22 15:27:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947453 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A4AF214819 for ; Wed, 22 Jan 2025 15:27:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559674; cv=none; b=aPUa5a7OkmRhdv999Jh1VlzP0mR87DOFYcaTxS0aGYQi/xXPQmh/qf4FTYnSU0p2jXM+wdTb2rVZt9xY6AmCPEQ/wZ4QZqCIWOsjWVaZpoyMvMga3MoeM15gRqm/krMZWQMjwUTKnMb0GBUyrIJUhKFjVmw0pErbdQsE4SQPuWA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559674; c=relaxed/simple; bh=Ob6kypo+rDvvEe1SpVMk9She7l8fCRqMuFfEC3q0tDc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=f3sVKrIhTOMaEsMop3aul+/qSQEvXY2wzCdJzEPNUpQwYEE6ST/e7jH8jKAmpsHU+nJoPCS9fLDtdLuVqEyqxyu5MQe3Ee5tzt+7U2Njt0NUAVZwCQO9Aye2KZpNjux21ZS2xWpwfEvfw5infGWZxpaDRX2MeFk1PP+itmDRFOM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0/4rql6j; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0/4rql6j" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4361ac8b25fso38259025e9.2 for ; Wed, 22 Jan 2025 07:27:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559672; x=1738164472; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3HB24ys9olZtoFbzLvLFGPKqOLdaE1YgibZ0bUHAkc0=; b=0/4rql6jFJsYhrru9Ddlg4usPtRaIBKyrm70AmUes0oV68XzDBNlzblvHxyaoHcjEQ I/ZujdEnW+NfsrzJdSLL1g4t8QpKkYSuZLIEpoN/Vql3c6XdBMFOwpxvO9UWfvWQZvjw FC1IwiHDeb4AlG1SCOZc/d4nqGDjDUtwsDrOAH/iMitqh0jPcUMGhfXpatg15dQ89lT4 bdCxSnvP4wSGb7wW+SWJl1jmLWBfcJNCDBN9hxlZ1+/3V1xqgAejoFsTKB5gGSZN9TlN o5G9E6cZYI8K56DJwqAwyNEwdrkgSj74clwWJwa2+CSy4Hkx5ZfS5tbCd9/Ri4MAiyXN k+Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559672; x=1738164472; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3HB24ys9olZtoFbzLvLFGPKqOLdaE1YgibZ0bUHAkc0=; b=A0ICUSTbd4rQ9/pVGuJQiwbt60vIBwaUIh9JjW8m8ZMrHo5fR4NlxwjqMnrSWhU986 Pgb8GIgljgPLG+j7mIVm8HLPQQi7FL2WugbNyZfRSOykLFmzuZHgLUleXyVew2Sc+S+j vrZrawSszEJMcTu+2gS51mXr5FBFZ9QUf/9e1k7ALzBHBlF7odnB3ket87BuKJCcoVY+ dWbR6Cp5/6PBBmpnFDZknqZzqCDkO9biAiV0Ik1t1OdvAIXJEz9/Rti1xBdD4Iy2Yuex JAi9VwwAXvN6BSfNRCg0h2TaZPnJAm5xJ3+sOKhqiNZP7gI/sKvtzmzBaoDGRhu6UnUU pBCg== X-Gm-Message-State: AOJu0YwjasSYwAqV4IHXa8UjtskSz5a7aEqfwXCgERBIONqSFiQTPtoo zEhU5EXZDjKizCn24BzxubJsn3fri5zxoKYJLywqnWxXalyENmezDXyItui3PLvtj7DhAPiosOf K58cwH4dbWv9GXxhkV37xapTRIv+0ZY8kpg2U7vZdvEmYl1a9e5x6oLMggyURTp0Y7lHaO5kZob W+aI61X32yW7KUTdBBwuvOezk= X-Google-Smtp-Source: AGHT+IGcoJWLBW4MQy/zV2gFico8bxDEFCQzZhOhvpQ0d8FBU2ybuc79Jv0oLXdNK7/4bqI1+6VtomwTiA== X-Received: from wmbjv16.prod.google.com ([2002:a05:600c:5710:b0:436:e723:5be6]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5112:b0:434:a5bc:70fc with SMTP id 5b1f17b1804b1-438913cfa0emr202083105e9.8.1737559671492; Wed, 22 Jan 2025 07:27:51 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:34 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-6-tabba@google.com> Subject: [RFC PATCH v1 5/9] KVM: arm64: Refactor user_mem_abort() calculation of force_pte From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com To simplify the code and to make the assumptions clearer, refactor user_mem_abort() by immediately setting force_pte to true if logging_active is true. Also, add a check to ensure that the assumption that logging_active is guaranteed to never be true for VM_PFNMAP memslot is true. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/mmu.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 342a9bd3848f..9b1921c1a1a0 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1440,7 +1440,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, bool fault_is_perm) { int ret = 0; - bool write_fault, writable, force_pte = false; + bool write_fault, writable; bool exec_fault, mte_allowed; bool device = false, vfio_allow_any_uc = false; unsigned long mmu_seq; @@ -1452,6 +1452,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, gfn_t gfn; kvm_pfn_t pfn; bool logging_active = memslot_is_logging(memslot); + bool force_pte = logging_active; long vma_pagesize, fault_granule; enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_R; struct kvm_pgtable *pgt; @@ -1497,12 +1498,13 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, * logging_active is guaranteed to never be true for VM_PFNMAP * memslots. */ - if (logging_active) { - force_pte = true; + if (WARN_ON_ONCE(logging_active && (vma->vm_flags & VM_PFNMAP))) + return -EFAULT; + + if (force_pte) vma_shift = PAGE_SHIFT; - } else { + else vma_shift = get_vma_page_shift(vma, hva); - } switch (vma_shift) { #ifndef __PAGETABLE_PMD_FOLDED From patchwork Wed Jan 22 15:27:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947454 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8B37214A7D for ; Wed, 22 Jan 2025 15:27:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559677; cv=none; b=S6Hh+ilToA2nTLZm6NeXvwNzYWlYyr6UeNC4iUkTF5TrxA+P9k4DKRM3MZ05z9juuW+lNFwwTjjoS5jwBVeBeOMUKtCiiafIa2ljG+ZUAUcHJPEnCUo+KrilWDqjSY7AMs6n0Ay3ixNBJSMybDdzvqv2880AQ4xN8i9oVGb2rTM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559677; c=relaxed/simple; bh=zZ5ThD/Kk4jJU4FD6hI49OL9sWvzXtA5sCXe7Ilg96U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CsHvjalmSKxHsGDsYAwwktdISkU54scsdM2g5LH8BvStl5lhSXqZLsbX9o068KbKhfhb1dB0xI0M8vX7Bn1jss97OzE0iGeK3F3w6ETiPiRz3LEdb2JWPZ4uDYrnKfBK3RsXaF6V6prXcb2cMvtiI1TCvbWrNDadZqQw2DxnF7c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KY6oBfYu; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KY6oBfYu" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43626224274so39005415e9.0 for ; Wed, 22 Jan 2025 07:27:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559674; x=1738164474; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Hci5FfrptrEYAgO84bIQek1TVo92GCx/us5uG9wbkFo=; b=KY6oBfYuJRnMD/AmhdlTn6BldUexJM7I2HVz6apIopdrKyBeNQBe92rccXgDvf1M9e /LswYTYPYOmZN2crJIgm6ZiQiYey+2zFXJSJ61ItTJNGMXDLtw/ZflK4jrMrIJBvCTtX j4kwENvbq+/5bd7ZK7A1eICtcEHvQxJTS4CpsYlmNm2te3bDcDfI1okquJOi/qEDOdbs bkEqYl+sN++NL7z+X/O88gRdDSDHZJei8bud3vjG3mlOvMD2SuvfvcMYIS9/epsDUm7y bCgpbEgvUEkOr8gdEz7Rt3xNemvfmHMUWv4qacXu81apzhxBx9NGnm/byLcncJHFeDaP Elrw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559674; x=1738164474; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Hci5FfrptrEYAgO84bIQek1TVo92GCx/us5uG9wbkFo=; b=M8rW3p7eCUdm+MyETL/CpP+7LX9ZhSWdGErtzfZLmExVegDWNk/j+4SXHJa9lIBjfc clBKH5ZEXGdawUkJnIaXkRSF80M2o3l01u/czjcxUstHX01RIITEHOeSII6749ei4Koi RNFnKYXw+KH+QHR/qCEx89LbaJLNtKu0Mtz8NOfdJYpC2POV0MOh1nyJhA19LJiaYnA2 U2cqSqRRBJCnu7jPveqRxLOfd3JOjX2ro8iJFPt05ft0NU2+GQH4GDsodnBSdTu8ZDjh LwdGHvt/snb6p/XbeC9Zo7kuIeQPTb9ylqz/cL4TLYupNr/R04Zyc/PKza6ooAGkLJBq SA5g== X-Gm-Message-State: AOJu0YwOyfKEKzxAT2yJA+XBuIWiiXHPQXXvxkdSQEDaY8CEfmjq9jfp xfVR/3D3lF2Xvtd2iyhng5qhR53m5HSU+Yhu2ds0pcR+DNkxcNtAM8LLhdnqp+8VjhPTzGXnlt+ aFehgm+ANa66ViSs24itP77uow9UKTpploscdppnKzjlthy7sNA0ffQLKEdqmox7Y8+gh3U3X2e OYtlKa8ywppfoq31WwtV4R8LA= X-Google-Smtp-Source: AGHT+IE2Fntu2qopdn+owQhaJ80RY4NIoyvMlJMQPvu8Ke49lFI8KlAtVqYK+DTJXCt4814HosjTb2ygng== X-Received: from wmrk9.prod.google.com ([2002:a05:600c:b49:b0:434:f0a3:7876]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:450d:b0:436:840b:261c with SMTP id 5b1f17b1804b1-438914340afmr185743115e9.19.1737559673695; Wed, 22 Jan 2025 07:27:53 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:35 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-7-tabba@google.com> Subject: [RFC PATCH v1 6/9] KVM: arm64: Handle guest_memfd()-backed guest page faults From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Add arm64 support for resolving guest page faults on guest_memfd() backed memslots. This support is not contingent on pKVM, or other confidential computing support, and works in both VHE and nVHE modes. Without confidential computing, this support is useful for testing and debugging. In the future, it might also be useful should a user want to use guest_memfd() for all code, whether it's for a protected guest or not. For now, the fault granule is restricted to PAGE_SIZE. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/mmu.c | 86 ++++++++++++++++++++++++++++------------ include/linux/kvm_host.h | 5 +++ virt/kvm/kvm_main.c | 5 --- 3 files changed, 66 insertions(+), 30 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 9b1921c1a1a0..adf23618e2a0 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1434,6 +1434,39 @@ static bool kvm_vma_mte_allowed(struct vm_area_struct *vma) return vma->vm_flags & VM_MTE_ALLOWED; } +static kvm_pfn_t faultin_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, + gfn_t gfn, bool write_fault, bool *writable, + struct page **page, bool is_private) +{ + kvm_pfn_t pfn; + int ret; + + if (!is_private) + return __kvm_faultin_pfn(slot, gfn, write_fault ? FOLL_WRITE : 0, writable, page); + + *writable = false; + + if (WARN_ON_ONCE(write_fault && memslot_is_readonly(slot))) + return KVM_PFN_ERR_NOSLOT_MASK; + + ret = kvm_gmem_get_pfn(kvm, slot, gfn, &pfn, page, NULL); + if (!ret) { + *writable = write_fault; + return pfn; + } + + if (ret == -EHWPOISON) + return KVM_PFN_ERR_HWPOISON; + + return KVM_PFN_ERR_NOSLOT_MASK; +} + +static bool is_private_mem(struct kvm *kvm, struct kvm_memory_slot *memslot, phys_addr_t ipa) +{ + return kvm_arch_has_private_mem(kvm) && kvm_slot_can_be_private(memslot) && + (kvm_mem_is_private(kvm, ipa >> PAGE_SHIFT) || !memslot->userspace_addr); +} + static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, struct kvm_s2_trans *nested, struct kvm_memory_slot *memslot, unsigned long hva, @@ -1441,24 +1474,25 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, { int ret = 0; bool write_fault, writable; - bool exec_fault, mte_allowed; + bool exec_fault, mte_allowed = false; bool device = false, vfio_allow_any_uc = false; unsigned long mmu_seq; phys_addr_t ipa = fault_ipa; struct kvm *kvm = vcpu->kvm; struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache; - struct vm_area_struct *vma; + struct vm_area_struct *vma = NULL; short vma_shift; gfn_t gfn; kvm_pfn_t pfn; bool logging_active = memslot_is_logging(memslot); - bool force_pte = logging_active; - long vma_pagesize, fault_granule; + bool is_private = is_private_mem(kvm, memslot, fault_ipa); + bool force_pte = logging_active || is_private; + long vma_pagesize, fault_granule = PAGE_SIZE; enum kvm_pgtable_prot prot = KVM_PGTABLE_PROT_R; struct kvm_pgtable *pgt; struct page *page; - if (fault_is_perm) + if (fault_is_perm && !is_private) fault_granule = kvm_vcpu_trap_get_perm_fault_granule(vcpu); write_fault = kvm_is_write_fault(vcpu); exec_fault = kvm_vcpu_trap_is_exec_fault(vcpu); @@ -1482,24 +1516,30 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, return ret; } + mmap_read_lock(current->mm); + /* * Let's check if we will get back a huge page backed by hugetlbfs, or * get block mapping for device MMIO region. */ - mmap_read_lock(current->mm); - vma = vma_lookup(current->mm, hva); - if (unlikely(!vma)) { - kvm_err("Failed to find VMA for hva 0x%lx\n", hva); - mmap_read_unlock(current->mm); - return -EFAULT; - } + if (!is_private) { + vma = vma_lookup(current->mm, hva); + if (unlikely(!vma)) { + kvm_err("Failed to find VMA for hva 0x%lx\n", hva); + mmap_read_unlock(current->mm); + return -EFAULT; + } - /* - * logging_active is guaranteed to never be true for VM_PFNMAP - * memslots. - */ - if (WARN_ON_ONCE(logging_active && (vma->vm_flags & VM_PFNMAP))) - return -EFAULT; + /* + * logging_active is guaranteed to never be true for VM_PFNMAP + * memslots. + */ + if (WARN_ON_ONCE(logging_active && (vma->vm_flags & VM_PFNMAP))) + return -EFAULT; + + vfio_allow_any_uc = vma->vm_flags & VM_ALLOW_ANY_UNCACHED; + mte_allowed = kvm_vma_mte_allowed(vma); + } if (force_pte) vma_shift = PAGE_SHIFT; @@ -1570,17 +1610,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, } gfn = ipa >> PAGE_SHIFT; - mte_allowed = kvm_vma_mte_allowed(vma); - - vfio_allow_any_uc = vma->vm_flags & VM_ALLOW_ANY_UNCACHED; /* Don't use the VMA after the unlock -- it may have vanished */ vma = NULL; /* * Read mmu_invalidate_seq so that KVM can detect if the results of - * vma_lookup() or __kvm_faultin_pfn() become stale prior to - * acquiring kvm->mmu_lock. + * vma_lookup() or faultin_pfn() become stale prior to acquiring + * kvm->mmu_lock. * * Rely on mmap_read_unlock() for an implicit smp_rmb(), which pairs * with the smp_wmb() in kvm_mmu_invalidate_end(). @@ -1588,8 +1625,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, mmu_seq = vcpu->kvm->mmu_invalidate_seq; mmap_read_unlock(current->mm); - pfn = __kvm_faultin_pfn(memslot, gfn, write_fault ? FOLL_WRITE : 0, - &writable, &page); + pfn = faultin_pfn(kvm, memslot, gfn, write_fault, &writable, &page, is_private); if (pfn == KVM_PFN_ERR_HWPOISON) { kvm_send_hwpoison_signal(hva, vma_shift); return 0; diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index ebca0ab4c5e2..f059958b98fd 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1864,6 +1864,11 @@ static inline int memslot_id(struct kvm *kvm, gfn_t gfn) return gfn_to_memslot(kvm, gfn)->id; } +static inline bool memslot_is_readonly(const struct kvm_memory_slot *slot) +{ + return slot->flags & KVM_MEM_READONLY; +} + static inline gfn_t hva_to_gfn_memslot(unsigned long hva, struct kvm_memory_slot *slot) { diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 9cd6690b7955..10c3168db473 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2622,11 +2622,6 @@ unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn) return size; } -static bool memslot_is_readonly(const struct kvm_memory_slot *slot) -{ - return slot->flags & KVM_MEM_READONLY; -} - static unsigned long __gfn_to_hva_many(const struct kvm_memory_slot *slot, gfn_t gfn, gfn_t *nr_pages, bool write) { From patchwork Wed Jan 22 15:27:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947455 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7BDA2144D7 for ; Wed, 22 Jan 2025 15:27:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559679; cv=none; b=ayo07b9vQfTzovI0oRFA32q70gVmC35l2I/U5xbjl6HjZbTybuKIRb6P9BwTnmXjJUXRuFnslvCwsOZJoK+15Rh+BDsf6zh5WiUTsniYQ2aXKgtKlUB7g6rQcsoo6LY5FXj6RuDrAbjjnITA8cv0KA3ycDlFKNQMrQazdGV0Vec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559679; c=relaxed/simple; bh=8w1WTqUiK31jfnTfzyxBwRvu7b+mgoYkGXHFHXBaL1g=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cixttKfTJHTZ0/xZGXqPJtKNnzwTDfyM0h2bOZRLXxCGFPEczVR9Dh2vLh7ouip6LI3mrUnVRhKogY1R5PcBxhbzvU7NgTBfpoS3+EGB2jtzRHNWyeg1eutfYSt1yZfMJI8vrmGSQOV3XS+BJELxf43GnE3ysCRp+qZzsgYEoYs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GTvRmw+C; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GTvRmw+C" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-4361b090d23so36980065e9.0 for ; Wed, 22 Jan 2025 07:27:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559676; x=1738164476; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5uY+HDVZ7Dp1D+/uAf3D/YK52BSVzxXpdvAU1b299wE=; b=GTvRmw+CLXwi8VUf7MZYCwMfeg7efMiqq6BZXTwFJ8YooPfwWLgDZaLKY82EiXcKad jEseKbLdHEThE9gktHp0naTHduTzzBSS30MB0uF/+Q6g++6GTGP56ZDbOhJit75BKMQI GIStQ2XAAJGC6akFl82WVDhFeP1d2+3FHS/B12Vnv9WtEsLf443wRalX2hBsIDkYdz3m pgWpElBLWdzJwpCTHZtl63Y+bEkLV+qpusQoa99rEQYvBsHCKfxOfJLXdon7tRs5t0H+ mvWrtt/Bik9wCoCjJXQZ01HYKjDwcgn0VPy7XrECz28iMJQi/SYY/8xgLyL8WnqK3Z7f IPzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559676; x=1738164476; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5uY+HDVZ7Dp1D+/uAf3D/YK52BSVzxXpdvAU1b299wE=; b=hHsjeygDQG0Z4QF07YeThvLrAZ9CJi7jJl3wA7v+n6fA4tZqPm8bDMa4wkR8t738cL NKU7fXPlF+Pv3YxRF9KKXeyxxU4taGq4MdeuEu4zrVce6R7B2jHJi9ekuZkCTJxxg14V sBkj7DtFz8BmHxQEauvYYS0nn/6miY8e6Ex57LwO/XqbSn7Di2OjOah7GltJCh8JA1yU n+8pXikZKyelAUM18CViDi91TMIHUJttPA0+Vv9PQLaZbTM0tBILjIBkAa7pOwWwO3Xs 2CoBpDWc17Pp1bhOZ6H/YGxFl/BYuCw9QjEZteLrXQs3V8z/vtiZAGeh+ChxfkPWQIBY Oksw== X-Gm-Message-State: AOJu0YzIj6iRtKvCz1UgcTGkKMhXI0ZSD5G53dklUhHR47ysPysSh2ws jD8UmRs8U8wS3D8/eZgWUnqhyUnq7k6orNKSAfRKm/EsRsjJfc60fOxd1YMUs2Wt/3NBmW0cNlA 4TlTL09koNnU1LcL/34XMOgwpCiKVPTzkwNtWylYpOVSkAsbBO8rjWajyDlqtzqyiDGDUWcZwG4 gNuGKlinbz1wTThsqSEUHi4f4= X-Google-Smtp-Source: AGHT+IF2hKFLXA7PBCoJ+LiMdi1Un48iNomJH581YLTvT7wM4Qq5KK+uhWlMUrwC1rIHE2BbM0N2m173nA== X-Received: from wmom15.prod.google.com ([2002:a05:600c:460f:b0:436:1a60:654e]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4894:b0:434:a7e7:a1ca with SMTP id 5b1f17b1804b1-43891427762mr182016925e9.20.1737559675909; Wed, 22 Jan 2025 07:27:55 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:36 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-8-tabba@google.com> Subject: [RFC PATCH v1 7/9] KVM: arm64: Introduce KVM_VM_TYPE_ARM_SW_PROTECTED machine type From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Introduce a new virtual machine type, KVM_VM_TYPE_ARM_SW_PROTECTED, to serve as a development and testing vehicle for Confidential (CoCo) VMs, similar to the x86 KVM_X86_SW_PROTECTED_VM type. Initially, this is used to test guest_memfd without needing any underlying protection. Similar to the x86 type, this is currently only for development and testing. Do not use KVM_VM_TYPE_ARM_SW_PROTECTED for "real" VMs, and especially not in production. The behavior and effective ABI for software-protected VMs is unstable. Signed-off-by: Fuad Tabba --- Documentation/virt/kvm/api.rst | 5 +++++ arch/arm64/include/asm/kvm_host.h | 10 ++++++++++ arch/arm64/kvm/arm.c | 5 +++++ arch/arm64/kvm/mmu.c | 3 --- include/uapi/linux/kvm.h | 6 ++++++ 5 files changed, 26 insertions(+), 3 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index f15b61317aad..7953b07c8c2b 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -214,6 +214,11 @@ exposed by the guest CPUs in ID_AA64MMFR0_EL1[PARange]. It only affects size of the address translated by the stage2 level (guest physical to host physical address translations). +KVM_VM_TYPE_ARM_SW_PROTECTED is currently only for development and testing of +confidential VMs without having underlying support. Do not use +KVM_VM_TYPE_ARM_SW_PROTECTED for "real" VMs, and especially not in production. +The behavior and effective ABI for software-protected VMs is unstable. + 4.3 KVM_GET_MSR_INDEX_LIST, KVM_GET_MSR_FEATURE_INDEX_LIST ---------------------------------------------------------- diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index e18e9244d17a..2fdc7e24ae8e 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -380,6 +380,8 @@ struct kvm_arch { * the associated pKVM instance in the hypervisor. */ struct kvm_protected_vm pkvm; + + unsigned long vm_type; }; struct kvm_vcpu_fault_info { @@ -1529,4 +1531,12 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); #define kvm_has_s1poe(k) \ (kvm_has_feat((k), ID_AA64MMFR3_EL1, S1POE, IMP)) +#define kvm_arch_has_private_mem(kvm) \ + (IS_ENABLED(CONFIG_KVM_PRIVATE_MEM) && \ + ((kvm)->arch.vm_type & KVM_VM_TYPE_ARM_SW_PROTECTED)) + +#define kvm_arch_private_mem_inplace(kvm) \ + (IS_ENABLED(CONFIG_KVM_GMEM_MAPPABLE) && \ + ((kvm)->arch.vm_type & KVM_VM_TYPE_ARM_SW_PROTECTED)) + #endif /* __ARM64_KVM_HOST_H__ */ diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index a102c3aebdbc..ecdb8db619d8 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -171,6 +171,9 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) { int ret; + if (type & ~KVM_VM_TYPE_MASK) + return -EINVAL; + mutex_init(&kvm->arch.config_lock); #ifdef CONFIG_LOCKDEP @@ -212,6 +215,8 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) bitmap_zero(kvm->arch.vcpu_features, KVM_VCPU_MAX_FEATURES); + kvm->arch.vm_type = type; + return 0; err_free_cpumask: diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index adf23618e2a0..b6cbe11dea48 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -869,9 +869,6 @@ static int kvm_init_ipa_range(struct kvm_s2_mmu *mmu, unsigned long type) u64 mmfr0, mmfr1; u32 phys_shift; - if (type & ~KVM_VM_TYPE_ARM_IPA_SIZE_MASK) - return -EINVAL; - phys_shift = KVM_VM_TYPE_ARM_IPA_SIZE(type); if (is_protected_kvm_enabled()) { phys_shift = kvm_ipa_limit; diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 021f8ef9979b..5e10a5903a58 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -656,6 +656,12 @@ struct kvm_enable_cap { #define KVM_VM_TYPE_ARM_IPA_SIZE_MASK 0xffULL #define KVM_VM_TYPE_ARM_IPA_SIZE(x) \ ((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK) + +#define KVM_VM_TYPE_ARM_SW_PROTECTED (1UL << 9) + +#define KVM_VM_TYPE_MASK (KVM_VM_TYPE_ARM_IPA_SIZE_MASK | \ + KVM_VM_TYPE_ARM_SW_PROTECTED) + /* * ioctls for /dev/kvm fds: */ From patchwork Wed Jan 22 15:27:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947456 Received: from mail-wm1-f73.google.com (mail-wm1-f73.google.com [209.85.128.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A607F214A97 for ; Wed, 22 Jan 2025 15:27:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559681; cv=none; b=S0BsNW8FdQoWLvGEKGiIOhjb/jbYYIA7KN4Di9QDJ4mKUodQpC0YR67O11IPL1VQB4+h7N0zLnQAYCDulHZi4impf+dck7mx64O8G0na1QoWdiuUXAJAINVbrYBq1Syc/ZJGMuP38qSx9Q7UcdWvf6OdELf69/MUvkGDSDADxwY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559681; c=relaxed/simple; bh=v8bvIB0SR5ZqHNQbiU5nzzMn7CaF8SquFt9ItHh08aM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LBLlZFIyiP7jfAg8iTClK56Ba88jJwu0IvAu4dCH59VIPh2HjHaFMTSMsOoH71ak9rOSPAtSS9sOvbUd4oAh2V9j8VBNqRH31Lhxe7TJglJM5xP4KE6ey7jRYw8+OJ8cugRnvFs9QoFWXCBE7pjoSFr6of1X/WtYW16h3WzAgZw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=P9lmBN5a; arc=none smtp.client-ip=209.85.128.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="P9lmBN5a" Received: by mail-wm1-f73.google.com with SMTP id 5b1f17b1804b1-43619b135bcso36417035e9.1 for ; Wed, 22 Jan 2025 07:27:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559678; x=1738164478; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=npQ4G6IRMYUbsOMeJWf56VvRGJDHzOqgY/NEKvIEjT0=; b=P9lmBN5aa/9RBPBdyihTc98t57LVFAX728ElWPw5XYW6iFh7NF2cbxzSg3JnjkJQp9 hqL9edLKIgBE4lJkC84fr0gTpz6YQlwgdFNkhVWNsSw1mgaQ2rP5Rl1jIKysETMKLClq VFWp/hMcGJeP52jTbwUMa3PE/ZZXWFIW6eEvp3m/vUfZA83/QdQC4u7NEjNTzSViGsf7 mX90/D0FlhMaPIiCTSv+fsOYaN9hM/5gdOud90YYqGb3elR2Q4e916uwiOmM/44uwKiG g366AhYJChUhdSLzBhgVBPmsRHkh3ONUpteP1tvEfivMBr/MUVpJQUWEzhGpE3lhEIQx JHRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559678; x=1738164478; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=npQ4G6IRMYUbsOMeJWf56VvRGJDHzOqgY/NEKvIEjT0=; b=nOk7B3ziaXatNYRO5kKSmhOwZidtlxSMplA7wwYo6f+VNKbifLybf7WG0TNSXaX3Xy 41gVsUd6qSOdvRKSK4QpBP91BvCBQGijQY7XsNOt0X1d+SYsrFNbHZiN3mnj2/WOiBy9 /18zR0vg2zwORppU0vEengCFwCEqj1Q5nyWwWdjClJIIGF/09u80YvZKoThU9Sj2sU/t swutFHaDOIXYhqa4YMDArhhSlDlVoq5yngjZpQyFFzp2pC9THANrIWmAytFJdtkqSJBR Bs5PSP88ajAm8zud/kK9YA402r6gEjBFv7aLgUCUzehRk3/mhywxL9TXLqy8BhUPdcOc U+iA== X-Gm-Message-State: AOJu0YxVrVCEtfoKVeknyztRWvg002ZnMvuwawT0Q5Hc6kpHig4ma8o2 X3KZXGdDpSAzka0JI5ckIBC5hCtngSsDiTfWspnjLXwnWFi6S715mpXfQBbT/s7beIiB459cgP3 GV6YRKGVQsGhziXz+ydtVNK/8jYXRt44TFYsv94dWm+kv65oWoPA2F/NzPH/xXFktG1XWX+ffF8 5Q3fn3LbD73saH3FdgGCr2wLw= X-Google-Smtp-Source: AGHT+IFMt51o/dm1bu2dWWRmK/754r3bTaAX9g4hoTpYJtAfuY1vj2C8A/Y3n5D7Vdmv0hIc0uGo5eq33Q== X-Received: from wmbjn3.prod.google.com ([2002:a05:600c:6b03:b0:434:a7ee:3c40]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4c24:b0:434:f3a1:b214 with SMTP id 5b1f17b1804b1-4389da1e6c7mr184498125e9.28.1737559678054; Wed, 22 Jan 2025 07:27:58 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:37 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-9-tabba@google.com> Subject: [RFC PATCH v1 8/9] KVM: guest_memfd: selftests: guest_memfd mmap() test when mapping is allowed From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Expand the guest_memfd selftests to include testing mapping guest memory if the capability is supported, and that still checks that memory is not mappable if the capability isn't supported. Also, build the guest_memfd selftest for aarch64. Signed-off-by: Fuad Tabba --- tools/testing/selftests/kvm/Makefile | 1 + .../testing/selftests/kvm/guest_memfd_test.c | 60 +++++++++++++++++-- tools/testing/selftests/kvm/lib/kvm_util.c | 3 +- 3 files changed, 57 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 41593d2e7de9..c998eb3c3b77 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -174,6 +174,7 @@ TEST_GEN_PROGS_aarch64 += coalesced_io_test TEST_GEN_PROGS_aarch64 += demand_paging_test TEST_GEN_PROGS_aarch64 += dirty_log_test TEST_GEN_PROGS_aarch64 += dirty_log_perf_test +TEST_GEN_PROGS_aarch64 += guest_memfd_test TEST_GEN_PROGS_aarch64 += guest_print_test TEST_GEN_PROGS_aarch64 += get-reg-list TEST_GEN_PROGS_aarch64 += kvm_create_max_vcpus diff --git a/tools/testing/selftests/kvm/guest_memfd_test.c b/tools/testing/selftests/kvm/guest_memfd_test.c index ce687f8d248f..6c501cb865f3 100644 --- a/tools/testing/selftests/kvm/guest_memfd_test.c +++ b/tools/testing/selftests/kvm/guest_memfd_test.c @@ -34,12 +34,55 @@ static void test_file_read_write(int fd) "pwrite on a guest_mem fd should fail"); } -static void test_mmap(int fd, size_t page_size) +static void test_mmap_allowed(int fd, size_t total_size) { + size_t page_size = getpagesize(); + char *mem; + int ret; + int i; + + mem = mmap(NULL, total_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + TEST_ASSERT(mem != MAP_FAILED, "mmaping() guest memory should pass."); + + memset(mem, 0xaa, total_size); + for (i = 0; i < total_size; i++) + TEST_ASSERT_EQ(mem[i], 0xaa); + + ret = fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 0, + page_size); + TEST_ASSERT(!ret, "fallocate the first page should succeed"); + + for (i = 0; i < page_size; i++) + TEST_ASSERT_EQ(mem[i], 0x00); + for (; i < total_size; i++) + TEST_ASSERT_EQ(mem[i], 0xaa); + + memset(mem, 0xaa, total_size); + for (i = 0; i < total_size; i++) + TEST_ASSERT_EQ(mem[i], 0xaa); + + ret = munmap(mem, total_size); + TEST_ASSERT(!ret, "munmap should succeed"); +} + +static void test_mmap_denied(int fd, size_t total_size) +{ + size_t page_size = getpagesize(); char *mem; mem = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); TEST_ASSERT_EQ(mem, MAP_FAILED); + + mem = mmap(NULL, total_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + TEST_ASSERT_EQ(mem, MAP_FAILED); +} + +static void test_mmap(int fd, size_t total_size) +{ + if (kvm_has_cap(KVM_CAP_GUEST_MEMFD_MAPPABLE)) + test_mmap_allowed(fd, total_size); + else + test_mmap_denied(fd, total_size); } static void test_file_size(int fd, size_t page_size, size_t total_size) @@ -172,17 +215,24 @@ static void test_create_guest_memfd_multiple(struct kvm_vm *vm) int main(int argc, char *argv[]) { - size_t page_size; + unsigned long type = VM_TYPE_DEFAULT; + struct kvm_vm *vm; size_t total_size; + size_t page_size; int fd; - struct kvm_vm *vm; TEST_REQUIRE(kvm_has_cap(KVM_CAP_GUEST_MEMFD)); + if (kvm_has_cap(KVM_CAP_GUEST_MEMFD_MAPPABLE)) { +#ifdef __aarch64__ + type = KVM_VM_TYPE_ARM_SW_PROTECTED; +#endif + } + page_size = getpagesize(); total_size = page_size * 4; - vm = vm_create_barebones(); + vm = vm_create_barebones_type(type); test_create_guest_memfd_invalid(vm); test_create_guest_memfd_multiple(vm); @@ -190,7 +240,7 @@ int main(int argc, char *argv[]) fd = vm_create_guest_memfd(vm, total_size, 0); test_file_read_write(fd); - test_mmap(fd, page_size); + test_mmap(fd, total_size); test_file_size(fd, page_size, total_size); test_fallocate(fd, page_size, total_size); test_invalid_punch_hole(fd, page_size, total_size); diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 480e3a40d197..098ea04ec099 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -347,9 +347,8 @@ struct kvm_vm *____vm_create(struct vm_shape shape) } #ifdef __aarch64__ - TEST_ASSERT(!vm->type, "ARM doesn't support test-provided types"); if (vm->pa_bits != 40) - vm->type = KVM_VM_TYPE_ARM_IPA_SIZE(vm->pa_bits); + vm->type |= KVM_VM_TYPE_ARM_IPA_SIZE(vm->pa_bits); #endif vm_open(vm); From patchwork Wed Jan 22 15:27:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 13947457 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D6E2215045 for ; Wed, 22 Jan 2025 15:28:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559683; cv=none; b=PP+hCPfGiMys+DR+bknTc5xUEnM2RCr1W6Y3p0rcDaKVNUhoLFC2/hed3pgkvR7hYVqgmnrufWdOMTBVu3fiVSqZ5bsZe6YWC8nRXJ560+lsaM29RKT9TXwmpRVXeaYE8wxuT/5cK/nNtVOwEU7L0oWa+9HB7KxcD+4T2vepJ5w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737559683; c=relaxed/simple; bh=05N3notxAKWirJyACGf6LREsAOUQTVq3cu2+BY4Gews=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AKsbJQJtMPK9R7AI/JmH1HDCy/8mV9nMlBqfQCujhfbwGTWhaGbrx0MzyP3Eo2uSQTVWw35Nf+PpvE3ETNko7/NPLnCXhTKwR8nZCug43fTTFafkCIMd2rnDCzKDFY7KXhWnVy2CRHFOkOKsd8TOsSljNCJvzxHliXMCORWel24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ZooG2xU1; arc=none smtp.client-ip=209.85.128.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--tabba.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ZooG2xU1" Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43625ceae52so38342545e9.0 for ; Wed, 22 Jan 2025 07:28:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1737559680; x=1738164480; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6IPKS54xTLh0G0JL9zAQyWtImcHIleOjiond1cpHBfM=; b=ZooG2xU17v3irOvlLX6O64dMbEkVotYCLHS7LTfRpmZMOghCVCldWNAitSunVJ97aZ ORW3jOtpTURwOdQ7ORCll+Umv85fbo9vO7hOxpkHftMgoTEU3DR/b6ynn1S2/yaW6m59 8R7SQLMpEsRPuEDxpKObLi8jaxEEi73qEj/mKMzo7oo8L9LxL49v3OoZwUbS+tCz6T6x ByQBmeKjoqX6wxvw0080EskmGLikHcFyreFsKKRQJ/R/s8IqAyK/gdlTKSEkgLE5Zav2 VMKzqwKnb59/kVXwM9nWFenCHowgk0UOH16hHGG69q1YmiWfMQlZEYkGB3eqTwqcB0zZ /rCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737559680; x=1738164480; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6IPKS54xTLh0G0JL9zAQyWtImcHIleOjiond1cpHBfM=; b=L2EIlta5eniyxjJYweP3Tc3emRD+VdoXoTvAeTF5JYVSLBg3sCkcqC2/163Kr0qyk/ MLU0R9eVIVjbhcUci47ww3JyD7DGVzQR4N6z6Xtne1WenOoqyLVGnJwwzWXre4htEpdl vASWjmSqYudVUM/Pyio/yXPNxjhFl01Opc0ICrGeoAFY7BrkLecTQZPkbQA2Eh2NROVW Wx/4y9/S3dMiZasiF4OQOmSzSjUr3f7ItBgYQU/VwJOhOHjMqgOzCELaMItkr1c1vA9o H3WXMDDx8CXLCk0FEomzQJqT3Aa3GWsfUKIK13ZyztPiJsTxApsmxWbykxfgE50rIwqb yj1g== X-Gm-Message-State: AOJu0YyCjLq9qp+x39ruLZyaTlhV7K9RL0paUdj0HMuHynz83jCNmt83 tWYNRuhiDsgP8rwmwo+kmqmSRv1Qg4oq+3mtKb9oBusL8qEUgqdYAbh/ZDUAC9YG7Yd86t5DApW pay+hGNB0QAFGb5lxBm00LQKvMQmKcU0ITKI34d9OClG6LXsnGxiVZOs8tPayZ+3FH5Hl8H/Ng1 VJZfwjZTsnTISYoyqXcWVDDUg= X-Google-Smtp-Source: AGHT+IHKqC3XO4cCp4hQMJG/KxA/l5U2Z4NRyzkp8RVnNUMgP+pHap4S48R+U41XmL0XQuq/sUwK5vqtFQ== X-Received: from wmjt19.prod.google.com ([2002:a7b:c3d3:0:b0:42c:bfc2:aa72]) (user=tabba job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:4508:b0:431:547e:81d0 with SMTP id 5b1f17b1804b1-438913e1c00mr237078585e9.11.1737559680156; Wed, 22 Jan 2025 07:28:00 -0800 (PST) Date: Wed, 22 Jan 2025 15:27:38 +0000 In-Reply-To: <20250122152738.1173160-1-tabba@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250122152738.1173160-1-tabba@google.com> X-Mailer: git-send-email 2.48.0.rc2.279.g1de40edade-goog Message-ID: <20250122152738.1173160-10-tabba@google.com> Subject: [RFC PATCH v1 9/9] KVM: arm64: Enable mapping guest_memfd in arm64 From: Fuad Tabba To: kvm@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-mm@kvack.org Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com, viro@zeniv.linux.org.uk, brauner@kernel.org, willy@infradead.org, akpm@linux-foundation.org, xiaoyao.li@intel.com, yilun.xu@intel.com, chao.p.peng@linux.intel.com, jarkko@kernel.org, amoorthy@google.com, dmatlack@google.com, yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com, mic@digikod.net, vbabka@suse.cz, vannapurve@google.com, ackerleytng@google.com, mail@maciej.szmigiero.name, david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com, steven.price@arm.com, quic_eberman@quicinc.com, quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com, quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com, quic_pderrin@quicinc.com, quic_pheragu@quicinc.com, catalin.marinas@arm.com, james.morse@arm.com, yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org, will@kernel.org, qperret@google.com, keirf@google.com, roypat@amazon.co.uk, shuah@kernel.org, hch@infradead.org, jgg@nvidia.com, rientjes@google.com, jhubbard@nvidia.com, fvdl@google.com, hughd@google.com, jthoughton@google.com, tabba@google.com Enabled mapping guest_memfd in arm64, which would only apply to VMs with the type KVM_VM_TYPE_ARM_SW_PROTECTED. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kvm/Kconfig b/arch/arm64/kvm/Kconfig index ead632ad01b4..fe3451f244b5 100644 --- a/arch/arm64/kvm/Kconfig +++ b/arch/arm64/kvm/Kconfig @@ -38,6 +38,7 @@ menuconfig KVM select HAVE_KVM_VCPU_RUN_PID_CHANGE select SCHED_INFO select GUEST_PERF_EVENTS if PERF_EVENTS + select KVM_GMEM_MAPPABLE help Support hosting virtualized guest machines.