Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp244441lqp; Thu, 4 Apr 2024 11:50:50 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXOfm26ZgVyiLiSFODuGDUbnnfUQ7Fb9bP7YPr+0jN/J6lBmh0LjHqZ0jIQG+e1WnnWcY61jKRzKf5tIJ940pLLERqujI1h6SrsRwH8/Q== X-Google-Smtp-Source: AGHT+IH0XR0wHR2d2kJjYsjqJjGjczsNDlDjPPPOBapTBroraw6RCHzKNdjVYZgF/rWL/jvSIneQ X-Received: by 2002:a05:651c:1056:b0:2d4:7455:89f6 with SMTP id x22-20020a05651c105600b002d4745589f6mr3216384ljm.40.1712256649926; Thu, 04 Apr 2024 11:50:49 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712256649; cv=pass; d=google.com; s=arc-20160816; b=foJAV9z+E4oNPctMaPqhkxF6hn4AnHPg4ZhflK1j16bSS1vqOe1KhCkiE3jms56DR4 AvbEVysAdy5NYZMM3MCrxBJpB/Sh83nGFuhC5sIa7iVh+Cy8+zeQxbBf+HowwdGf6Lq+ hz8iJhLHA1pCZ6UUgnMZFtwODNwZAtnX+BOozqYoFqbmGoT3My4asHJb6Uolaj/ITOK3 95s7XuMHbCeuoY6ZuXgJY78uid6LbaKDeJYiqwp+6DyXLvXQyL+M6CWeQTYK58DIJPFn IP/h1NO0gOKHZINsFiL1MsBRglTsLVpsnc7IYLLbjMEqZsMYZl573kY+wiqkhf7NqMKm UTTg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature; bh=x14DtsNMvIOrspoag3gOecAB/Pjfzl1YzHd1pA6CG68=; fh=mTnuvgFvTTyyPf1lbdDqXHyhhQ2WZ2GUC/eczGqy3uE=; b=fIhK1Ij+vcq66r+k39Mhz5Zd+O7QiH2DMrJQjHAa0Iv0dFzdyRyHGmcNtrMSc5HSGi WBdFg42kn/2zs9qJZegZ/iPZ67M1jr5WRTBHdE+FsZ4HveFrsfzmEiJ9vw/65zK+/sjs A0En3DZpusXPY7tOsJ+++4iaD7emOB0XwswdP8/+kC+3YhKTWBQzdjaRSB3UopIJ5C7r eQ2hk9WMdmZW9oKcB2OiTx+A/KWWhwQcT+g8pXXE+tHxG0ZH+nQMclVGb0bS3/onentT GVC0PuOP541peLVUUVdw6AU7Yaq3keKB53POYMr/nvyiu6xPrnVr7/OCAsqFC7rhXLnp +eJg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UYUB3XQz; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-131985-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id jx22-20020a170906ca5600b00a518557a252si1113373ejb.48.2024.04.04.11.50.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 11:50:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-131985-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=UYUB3XQz; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-131985-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131985-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 9F2951F24672 for ; Thu, 4 Apr 2024 18:50:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id D385F131E41; Thu, 4 Apr 2024 18:50:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="UYUB3XQz" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22F4A1C6AF for ; Thu, 4 Apr 2024 18:50:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712256639; cv=none; b=PZ5mvohFqh+i/OFCmmHFseAJGMUUWadetCdSK0pys/U+o4L7pisEAp34P3jr5xMTcERVtdzPmqYo0LUQQQbWY5AfqoZLbB6LcN6CZ7/l9hBITVd2M6mydpE5Elu6noQkdS/DhQWd0Gd2RFsRURVlc7akb7i5MSoIyfpXpvCsDSU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712256639; c=relaxed/simple; bh=+Ow8KhJTzO8VPoYKwL7qe3PnkQ9EklWJ5SuZs3K2q/I=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=p2/3KUCLlwix0VtjLGdgpGK8vehbPC31Xvp1krhbG4xg7REEiLMhcz8yKombga5KVeQ4iIjvH9itvQKjT0Av/kYfaVtfyv0fX7ruidoIx5K66+v4O29DyizlFbWyB0dzeRDznjMpcIXP91dBv3e1T5YBoASZCekPWAOXmY4NGUo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=UYUB3XQz; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712256636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=x14DtsNMvIOrspoag3gOecAB/Pjfzl1YzHd1pA6CG68=; b=UYUB3XQziK1hskY71/BvZOWISo8lic0a8vNWhNQmqaJlKfxqccRCrXAg63b7GUf2576alQ fYDRpJgVtHm96hQOXa3vyNJf0gzNFaxqaS2k4vMS0cvxy0HuKrLIwqvDMXZiaB0vrrhdz2 jZhXF11MScDoaC1Ysgc5sBxjLgqkEsE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-617-_faobFCjPIaRe213qj9J7A-1; Thu, 04 Apr 2024 14:50:35 -0400 X-MC-Unique: _faobFCjPIaRe213qj9J7A-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C30BE8007A3; Thu, 4 Apr 2024 18:50:34 +0000 (UTC) Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228]) by smtp.corp.redhat.com (Postfix) with ESMTP id 951DA1C060A4; Thu, 4 Apr 2024 18:50:34 +0000 (UTC) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, michael.roth@amd.com, isaku.yamahata@intel.com, Matthew Wilcox Subject: [PATCH 00/11] KVM: guest_memfd: New hooks and functionality for SEV-SNP and TDX Date: Thu, 4 Apr 2024 14:50:22 -0400 Message-ID: <20240404185034.3184582-1-pbonzini@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 [Matthew, you're Cc'd here for patches 1 and 3 which touch the mm/filemap code. Since in the meanwhile the KVM side has taken a more definitive shape, this time through review/ack is welcome! And there is a proper commit message too. - Paolo] This is the next version of the gmem common API patches, adding target-independent functionality and hooks that are needed by SEV-SNP and TDX. The code in here is mostly taken from two series: - [PATCH 00/21] TDX/SNP part 1 of n, for 6.9 https://lore.kernel.org/kvm/20240227232100.478238-1-pbonzini@redhat.com/ - [PATCH gmem 0/6] gmem fix-ups and interfaces for populating gmem pages https://lore.kernel.org/kvm/20240329212444.395559-1-michael.roth@amd.com/ 1-2: This introduces an AS_INACCESSIBLE flag that prevents unexpected accesses to hole-punched gmem pages before invalidation hooks have had a chance to make them safely accessible to the host again. 3-9: This introduces an interface for preparing gmem pages either on first use or by populating them with user data. The latter interface, kvm_gmem_populate(), alternates calls to __kvm_gmem_get_pfn() with calls to a user provided callback. This implementation simplifies the handling of races and errors, by confining filemap rollback and locking in kvm_gmem_populate(). The function's tasks are otherwise kept to the minimum so that it can be used by both SNP and TDX. 10-11: This introduces other hooks needed by SEV-SNP, and is unchanged from "[PATCH 00/21] TDX/SNP part 1 of n, for 6.9". The main changes compared to the previous posting are in patch 9; both the locking of kvm_gmem_populate() (which now takes the filemap's invalidate_lock) and the operation of the function (which now looks up the memslot, but OTOH does not do copy_from_user() anymore) are pretty new. I tested the logic slightly by adding a call to it for sw-protected VMs. Shout or post fixups if it breaks something for you. Current state: - kvm/queue has the SEV_INIT2 and some easy refactorings from the TDX series. Both are expected to move to kvm/next soon. - I have pushed this already at kvm-coco-queue, but I haven't finished the #VE series yet so tomorrow I'll post it and update kvm-coco-queue again. Paolo Michael Roth (4): mm: Introduce AS_INACCESSIBLE for encrypted/confidential memory KVM: guest_memfd: Use AS_INACCESSIBLE when creating guest_memfd inode KVM: guest_memfd: Add hook for invalidating memory KVM: x86: Add gmem hook for determining max NPT mapping level Paolo Bonzini (7): KVM: guest_memfd: pass error up from filemap_grab_folio filemap: add FGP_CREAT_ONLY KVM: guest_memfd: limit overzealous WARN KVM: guest_memfd: Add hook for initializing memory KVM: guest_memfd: extract __kvm_gmem_get_pfn() KVM: guest_memfd: extract __kvm_gmem_punch_hole() KVM: guest_memfd: Add interface for populating gmem pages with user data arch/x86/include/asm/kvm-x86-ops.h | 3 + arch/x86/include/asm/kvm_host.h | 4 + arch/x86/kvm/mmu/mmu.c | 8 + arch/x86/kvm/x86.c | 13 ++ include/linux/kvm_host.h | 35 +++++ include/linux/pagemap.h | 3 + mm/filemap.c | 4 + mm/truncate.c | 3 +- virt/kvm/Kconfig | 8 + virt/kvm/guest_memfd.c | 230 ++++++++++++++++++++++++----- 10 files changed, 277 insertions(+), 34 deletions(-) -- 2.43.0