|
|
Log in / Subscribe / Register

KVM: Mapping guest_memfd backed memory at the host for software protected VMs

From:  Fuad Tabba <tabba-AT-google.com>
To:  kvm-AT-vger.kernel.org, linux-arm-msm-AT-vger.kernel.org, linux-mm-AT-kvack.org
Subject:  [PATCH v5 0/9] KVM: Mapping guest_memfd backed memory at the host for software protected VMs
Date:  Mon, 03 Mar 2025 17:10:04 +0000
Message-ID:  <20250303171013.3548775-1-tabba@google.com>
Cc:  pbonzini-AT-redhat.com, chenhuacai-AT-kernel.org, mpe-AT-ellerman.id.au, anup-AT-brainfault.org, paul.walmsley-AT-sifive.com, palmer-AT-dabbelt.com, aou-AT-eecs.berkeley.edu, seanjc-AT-google.com, viro-AT-zeniv.linux.org.uk, brauner-AT-kernel.org, willy-AT-infradead.org, akpm-AT-linux-foundation.org, xiaoyao.li-AT-intel.com, yilun.xu-AT-intel.com, chao.p.peng-AT-linux.intel.com, jarkko-AT-kernel.org, amoorthy-AT-google.com, dmatlack-AT-google.com, isaku.yamahata-AT-intel.com, mic-AT-digikod.net, vbabka-AT-suse.cz, vannapurve-AT-google.com, ackerleytng-AT-google.com, mail-AT-maciej.szmigiero.name, david-AT-redhat.com, michael.roth-AT-amd.com, wei.w.wang-AT-intel.com, liam.merwick-AT-oracle.com, isaku.yamahata-AT-gmail.com, kirill.shutemov-AT-linux.intel.com, suzuki.poulose-AT-arm.com, steven.price-AT-arm.com, quic_eberman-AT-quicinc.com, quic_mnalajal-AT-quicinc.com, quic_tsoni-AT-quicinc.com, quic_svaddagi-AT-quicinc.com, quic_cvanscha-AT-quicinc.com, quic_pderrin-AT-quicinc.com, quic_pheragu-AT-quicinc.com, catalin.marinas-AT-arm.com, james.morse-AT-arm.com, yuzenghui-AT-huawei.com, oliver.upton-AT-linux.dev, maz-AT-kernel.org, will-AT-kernel.org, qperret-AT-google.com, keirf-AT-google.com, roypat-AT-amazon.co.uk, shuah-AT-kernel.org, hch-AT-infradead.org, jgg-AT-nvidia.com, rientjes-AT-google.com, jhubbard-AT-nvidia.com, fvdl-AT-google.com, hughd-AT-google.com, jthoughton-AT-google.com, peterx-AT-redhat.com, tabba-AT-google.com
Archive-link:  Article

Changes since v4 [1]:
- Refactoring and fixes from comments on v4.
- Rebased on Linux 6.14-rc5.

The purpose of this series is to serve as a base for _restricted_
mmap() support for guest_memfd backed memory at the host [2]. It
allows experimentation with what that support would be like in
the safe environment of software and non-confidential VM types.

For more background and for how to test this series, please refer
to v2 [3]. Note that an updated version of kvmtool that works
with this series is available here [4].

Cheers,
/fuad

[1] https://lore.kernel.org/all/20250218172500.807733-1-tabba...
[2] https://lore.kernel.org/all/20250117163001.2326672-1-tabb...
[3] https://lore.kernel.org/all/20250129172320.950523-1-tabba...
[4] https://android-kvm.googlesource.com/kvmtool/+/refs/heads/tabba/guestmem-6.14

Fuad Tabba (9):
  mm: Consolidate freeing of typed folios on final folio_put()
  KVM: guest_memfd: Handle final folio_put() of guest_memfd pages
  KVM: guest_memfd: Allow host to map guest_memfd() pages
  KVM: guest_memfd: Handle in-place shared memory as guest_memfd backed
    memory
  KVM: x86: Mark KVM_X86_SW_PROTECTED_VM as supporting guest_memfd
    shared memory
  KVM: arm64: Refactor user_mem_abort() calculation of force_pte
  KVM: arm64: Handle guest_memfd()-backed guest page faults
  KVM: arm64: Enable mapping guest_memfd in arm64
  KVM: guest_memfd: selftests: guest_memfd mmap() test when mapping is
    allowed

 arch/arm64/include/asm/kvm_host.h             |  10 ++
 arch/arm64/kvm/Kconfig                        |   1 +
 arch/arm64/kvm/mmu.c                          |  76 ++++++++-----
 arch/x86/include/asm/kvm_host.h               |   5 +
 arch/x86/kvm/Kconfig                          |   3 +-
 include/linux/kvm_host.h                      |  26 ++++-
 include/linux/page-flags.h                    |  31 ++++++
 include/uapi/linux/kvm.h                      |   1 +
 mm/debug.c                                    |   1 +
 mm/swap.c                                     |  32 +++++-
 tools/testing/selftests/kvm/Makefile.kvm      |   1 +
 .../testing/selftests/kvm/guest_memfd_test.c  |  75 ++++++++++++-
 virt/kvm/Kconfig                              |   5 +
 virt/kvm/guest_memfd.c                        | 105 ++++++++++++++++++
 virt/kvm/kvm_main.c                           |   9 +-
 15 files changed, 335 insertions(+), 46 deletions(-)


base-commit: 7eb172143d5508b4da468ed59ee857c6e5e01da6
-- 
2.48.1.711.g2feabab25a-goog

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds