Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp105321rwb; Wed, 5 Oct 2022 15:31:07 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6I/qe9/r5LFPX5FQxZa1T6r+uNb9rvR2uOXkkKXhxfJbAjcMQXAixpFwQOeAVZCkoBjjlD X-Received: by 2002:a17:907:a4a:b0:77b:c1b2:479a with SMTP id be10-20020a1709070a4a00b0077bc1b2479amr1498270ejc.109.1665009066793; Wed, 05 Oct 2022 15:31:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665009066; cv=none; d=google.com; s=arc-20160816; b=Aaq5q1MFFUPvl40hS1QGvFr6beMqhJ9HnoZC7C4RT7usXbsmma1EjGznLVqQFkRCyt iFHZMnW7WSz3pjHK7jMxlaIoQ0rdhhcxHPeb75FWrCxXdKdJq0g3rr/gL0lFNHMy0ipN E70BnOMa2EPN60ngsNqwT1KhL/KvuH+STj6gXL+wNCLMkBZ33/t162zKI5sq5Ap8PbH6 EPtoikUMUAlOVgWZ4cuvFgh0dns5h7NYIXvRKAFveNVOJ3Ug8BWwDuaLdGT/WYD3gtWD G7CqatS2dxJ6iy0vCAm6OLaK/OfuEzWfg8KfvJnkfq2ndzaCLz8QZ3G34a08PrEWOKUZ Lvzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=fcxQV0bA1DsarJp3qSiM+sADLfSW44qY0MVjWrfcNt4=; b=JkECZeENWuudRHrFy18vzsi7izxKnr1d10GQ9LUx1Yf6+JDyQrhBsroFn6sSbLEqCa C39NBb4kn8V/Fypsua3oeHeBy4ACAHYX+RfTTmMtFCPOwU4Zu2WhqS6mlXwsx8SqBvJh ji6F9Li8oK2EQQPzfFTxHO9kuXh7NrhuSaDRqQW/oywRocPprAU/lbbsJb0j0zfuoxL8 wo2mI6tSfSsg/FQhGfpm3Bdd3ztUEvGbHA52MC1xJBCVnai3xjQgO8OZmTBhqEiZaPo8 GI+Lp8joD2R7ki8EuE+whB5v+p0UWJMF5W/elKUk6MqsZXy9yNhuierq/MxiRq067taq HQtg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kdwp8mBw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e6-20020a056402190600b0043ccb3ed80asi17243731edz.18.2022.10.05.15.30.37; Wed, 05 Oct 2022 15:31:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=kdwp8mBw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229469AbiJEWGK (ORCPT + 99 others); Wed, 5 Oct 2022 18:06:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229495AbiJEWGH (ORCPT ); Wed, 5 Oct 2022 18:06:07 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79CDF558FE; Wed, 5 Oct 2022 15:06:04 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 249DAB81F47; Wed, 5 Oct 2022 22:06:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 62B71C433C1; Wed, 5 Oct 2022 22:06:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1665007561; bh=FZGWwvWcMPwpxhSCd2CpWK7kBaSufMBeg2cE71W2BOY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=kdwp8mBwA4DxgGXMH8RNJfp6niTBmA+A9hvnQifpjbB/DwhTINU4J92nzxhIihcHU 3HR6iqLo8aUthnB8oK7k1r0em3qa9j73goc4WNh/TYrAcrV/j62fbfBQtjg7XtfHWo qCO/KBvOtXmtDmsgBesgS10c3dnJ6gGWsOHMnVypAyumop+29fsWTApZgz7r0wS7/X 6z0++64qq/oG9Y0sPvjb+ba5dE+/RUzUVbhDILKLMRTsU88wTBvOOBUUs6KszlPfrC f5joADFiEGvpbEDfO8T7W7oqNqs7Hg84FMWv/ZXI4zp9NyZbNLqY+wby7ze6dNi6ti 3a8z6u/Jb6R5g== Date: Thu, 6 Oct 2022 01:05:57 +0300 From: Jarkko Sakkinen To: Chao Peng Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , Michael Roth , mhocko@suse.com, Muchun Song , wei.w.wang@intel.com Subject: Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory Message-ID: References: <20220915142913.2213336-1-chao.p.peng@linux.intel.com> <20220915142913.2213336-3-chao.p.peng@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 05, 2022 at 04:04:05PM +0300, Jarkko Sakkinen wrote: > On Thu, Sep 15, 2022 at 10:29:07PM +0800, Chao Peng wrote: > > In memory encryption usage, guest memory may be encrypted with special > > key and can be accessed only by the VM itself. We call such memory > > private memory. It's valueless and sometimes can cause problem to allow > > userspace to access guest private memory. This patch extends the KVM > > memslot definition so that guest private memory can be provided though > > an inaccessible_notifier enlightened file descriptor (fd), without being > > mmaped into userspace. > > > > This new extension, indicated by the new flag KVM_MEM_PRIVATE, adds two > > additional KVM memslot fields private_fd/private_offset to allow > > userspace to specify that guest private memory provided from the > > private_fd and guest_phys_addr mapped at the private_offset of the > > private_fd, spanning a range of memory_size. > > > > The extended memslot can still have the userspace_addr(hva). When use, a > > single memslot can maintain both private memory through private > > fd(private_fd/private_offset) and shared memory through > > hva(userspace_addr). Whether the private or shared part is visible to > > guest is maintained by other KVM code. > > > > Since there is no userspace mapping for private fd so we cannot > > get_user_pages() to get the pfn in KVM, instead we add a new > > inaccessible_notifier in the internal memslot structure and rely on it > > to get pfn by interacting with the memory file systems. > > > > Together with the change, a new config HAVE_KVM_PRIVATE_MEM is added and > > right now it is selected on X86_64 for Intel TDX usage. > > > > To make code maintenance easy, internally we use a binary compatible > > alias struct kvm_user_mem_region to handle both the normal and the > > '_ext' variants. > > > > Co-developed-by: Yu Zhang > > Signed-off-by: Yu Zhang > > Signed-off-by: Chao Peng > > What if userspace_addr would contain address of an extension structure, > if the flag is set, instead of shared address? I.e. interpret that field > differently (could be turned into union too ofc). > > That idea could be at least re-used, if there's ever any new KVM_MEM_* > flags that would need an extension. > > E.g. have struct kvm_userspace_memory_private, which contains shared > address, fd and the offset. Or add a new ioctl number instead of messing with the existing parameter structure, e.g. KVM_SET_USER_MEMORY_REGION_PRIVATE. With this alternative and the current approach in the patch, it would be better just to redefine the struct fields that are common. It actually would reduce redundancy because then there is no need to create that somewhat confusing kernel version of the same struct, right? You don't save any redundancy with this "embedded struct" approach. BR, Jarkko