Received: by 2002:ab2:7a55:0:b0:1f4:4a7d:290d with SMTP id u21csp244890lqp;
        Thu, 4 Apr 2024 11:51:39 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXle03p2be56k9XSwDxHcGRSuuO8TRJRn1jpnjaZHxlGzKjjqNKsOzL+2CMemM8ZFHQOT2IocgY8m1SeDaO59FMVrwKJftt4i8zu6op0A==
X-Google-Smtp-Source: AGHT+IFxuHyYPMQGuwNUHB7Gu7Yg37mlkB7PrhsXJriY6I5+NwL5zYlffqwHKhyKJR36b14x6ON4
X-Received: by 2002:a50:9b5a:0:b0:56e:603:9fc9 with SMTP id a26-20020a509b5a000000b0056e06039fc9mr2494977edj.3.1712256699001;
        Thu, 04 Apr 2024 11:51:39 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712256698; cv=pass;
        d=google.com; s=arc-20160816;
        b=QikQtW6pHxo6kDd2blVcj045hiE6i2DGoRXpR3Tg9dhHNnsc3/UYtfvExkrcAPNCB6
         M99q5hRnaVupO0aKH3lxHMZoHIGVpwPuvfDU2WfG9jxPUEnkcgt5a6Fa2NL2NXkbHkSs
         MRMQr5+0dmCUwiwnancm21HjYHN8bQjfrJt5gOPFjUTDEzyEbYTRpyk1WqZZm+sSHYYz
         K95/gxkWfrV8sRXwolKMhgBQY0qSQPBCyhuTblfjaSYpWdYULrad1igVpLFISOeUZzWv
         +BylMBVT29Kf2HBoY/oY8/qRBtN7k1av+rkfGUV8qMqHGErtm7bRImg65L5J418ufzW0
         YVzQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=ZJEIZUQrzsd0Y9E8i/CEuCH1bzGOQtQsL0wQj5bpcwo=;
        fh=YodCu8Vte8qk6mmfvotnw4P3XuROgs3fniKbwtpv3JY=;
        b=bdJkKIkPXFWJrfIDZB+6F4P7pJ/dtY+DMynHSCo5BqHXvRZiGiJ7hD6URZ4bcI9kdP
         tUkcQcd+lJ3xJ6CQoUj15tk95Db0bALlKP99JSR6LTilwzmKIWk36S0zM1cmQv9A3N2s
         wxKQLdFCJZfNZK0N0cUGC1LFfFiTu6KegkqgVv2Ww4ay3oU2piTIut9zB3ac+1NE7E8D
         VcpWOh528FG2lOuyLIN+7ae+EKRKEk80lv0P1YHXfGtTMZWl6d/I4TNqwqs74Np29MKm
         HiwaNiA/l62ZCsrQkgAsbWRCWIQ6TpEs9aLEYsGtjIoPIam49QzEDl2zqnawTFPsoXYm
         l5hQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HobvqCh4;
       arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com);
       spf=pass (google.com: domain of linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id m6-20020a50d7c6000000b0056be437d0c4si7831761edj.172.2024.04.04.11.51.38
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 04 Apr 2024 11:51:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=HobvqCh4;
       arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com);
       spf=pass (google.com: domain of linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131989-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id B0F341F25603
	for <linux.lists.archive@gmail.com>; Thu,  4 Apr 2024 18:51:38 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 7A005135A70;
	Thu,  4 Apr 2024 18:50:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="HobvqCh4"
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F66C131E25
	for <linux-kernel@vger.kernel.org>; Thu,  4 Apr 2024 18:50:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712256642; cv=none; b=l3z2+sjoTzYA9e9m0VtXcVRra+IccQVB87WGmTxJby/dFw4luf+nGDp69Lux1rqCKMiDOGyNwJ2essjBSONluUc+jqLT3x1t+JYa7fbSqbZU4PgpG+ENrauUUjLl2SP7+T1nX/1/HiY9sgmsjXnKrDAoeF4mLQW/zXuNz3gJPAE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712256642; c=relaxed/simple;
	bh=rPyzJzYSSz48gXujx1qLV6V98R9AloP/Cjjmrkp6pHc=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=Ofis64c7wDNgDUIz+Xwxh2lRVsXHnOPMD73am0DHSQHcjq1hPhup/8eNCtCmG4EK2NgTxeeGwm/84POzO3AGmMokTLxR05+wWNMw2rZgxFlm+0HncEsGPAUTSvdSjDR7xIfz1PVNxAFrAM0pwfVtanBhuQxZaQmfDs8gLJs6EFQ=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=HobvqCh4; arc=none smtp.client-ip=170.10.129.124
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1712256639;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ZJEIZUQrzsd0Y9E8i/CEuCH1bzGOQtQsL0wQj5bpcwo=;
	b=HobvqCh4pxQkZl5ZLzgyrjRPq1f8+RAd63ai+NPFApJBBqLhnJ2f8+4Ty4RYAc09jIg3+i
	BZ8SfB9yRztLoVJvfyMLuGe1m909+ZR5cQacZBEgNfkGJJOwSnEMGMVQJ42O24XRlHEEab
	B9ogN9JishNoWaOiu7tjF1DNyLtkeXE=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-625-opckuniFNKe245UFzdHtFA-1; Thu, 04 Apr 2024 14:50:35 -0400
X-MC-Unique: opckuniFNKe245UFzdHtFA-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 31A9785CE42;
	Thu,  4 Apr 2024 18:50:35 +0000 (UTC)
Received: from virtlab701.virt.lab.eng.bos.redhat.com (virtlab701.virt.lab.eng.bos.redhat.com [10.19.152.228])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 0BACF1C060A4;
	Thu,  4 Apr 2024 18:50:35 +0000 (UTC)
From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org,
	kvm@vger.kernel.org
Cc: seanjc@google.com,
	michael.roth@amd.com,
	isaku.yamahata@intel.com
Subject: [PATCH 02/11] KVM: guest_memfd: Use AS_INACCESSIBLE when creating guest_memfd inode
Date: Thu,  4 Apr 2024 14:50:24 -0400
Message-ID: <20240404185034.3184582-3-pbonzini@redhat.com>
In-Reply-To: <20240404185034.3184582-1-pbonzini@redhat.com>
References: <20240404185034.3184582-1-pbonzini@redhat.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7

From: Michael Roth <michael.roth@amd.com>

truncate_inode_pages_range() may attempt to zero pages before truncating
them, and this will occur before arch-specific invalidations can be
triggered via .invalidate_folio/.free_folio hooks via kvm_gmem_aops. For
AMD SEV-SNP this would result in an RMP #PF being generated by the
hardware, which is currently treated as fatal (and even if specifically
allowed for, would not result in anything other than garbage being
written to guest pages due to encryption). On Intel TDX this would also
result in undesirable behavior.

Set the AS_INACCESSIBLE flag to prevent the MM from attempting
unexpected accesses of this sort during operations like truncation.

This may also in some cases yield a decent performance improvement for
guest_memfd userspace implementations that hole-punch ranges immediately
after private->shared conversions via KVM_SET_MEMORY_ATTRIBUTES, since
the current implementation of truncate_inode_pages_range() always ends
up zero'ing an entire 4K range if it is backing by a 2M folio.

Link: https://lore.kernel.org/lkml/ZR9LYhpxTaTk6PJX@google.com/
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240329212444.395559-6-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 virt/kvm/guest_memfd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
index 0f4e0cf4f158..5a929536ecf2 100644
--- a/virt/kvm/guest_memfd.c
+++ b/virt/kvm/guest_memfd.c
@@ -357,6 +357,7 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags)
 	inode->i_private = (void *)(unsigned long)flags;
 	inode->i_op = &kvm_gmem_iops;
 	inode->i_mapping->a_ops = &kvm_gmem_aops;
+	inode->i_mapping->flags |= AS_INACCESSIBLE;
 	inode->i_mode |= S_IFREG;
 	inode->i_size = size;
 	mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER);
-- 
2.43.0