From nobody Thu Dec 18 10:37:40 2025 Received: from fra-out-013.esa.eu-central-1.outbound.mail-perimeter.amazon.com (fra-out-013.esa.eu-central-1.outbound.mail-perimeter.amazon.com [63.178.132.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54192332902; Fri, 5 Dec 2025 16:58:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=63.178.132.221 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764953910; cv=none; b=NCkUSfShe9LxLckxmMqujVPhVaRh5KYbC3j/v9EIilDtYPLnqqNkdK17zYzKaai4K1JiL668ycvSUkokYlsW8hatLtsBga8Dy9me2njGnN2wQ7FfxhRX8yW8Ck8GSnWaAQEElXUOfZ+BnfKIz1w3Vz1iH3aVnnu51hZoqrbI6yk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764953910; c=relaxed/simple; bh=Vwbdvg++f2ttKWUxXJ9GmOhGjgSvNbfER95LUrDWy8o=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=scWD5K3FK0G1+TYWC6/lhOTh30grtyTGCWaADAfFEYFTylZ+Hwui2VWYDXIUn1HKO17NCEkFfpLcriNHaqBr1PZPto/2OQB/pViO5d/Z4VUJaol+lOBTf63+L/S95OmFVgKD99jfoZ71TU0vG3oXS0ZkCVT3ElXXWeVvdhEm9/0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.co.uk; spf=pass smtp.mailfrom=amazon.co.uk; dkim=pass (2048-bit key) header.d=amazon.co.uk header.i=@amazon.co.uk header.b=o1trhqVm; arc=none smtp.client-ip=63.178.132.221 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amazon.co.uk Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=amazon.co.uk Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=amazon.co.uk header.i=@amazon.co.uk header.b="o1trhqVm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazoncorp2; t=1764953901; x=1796489901; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=OTta7SWGM4sSlljWxtUnxsblM5lcOxRPzU4BqTYg0Qg=; b=o1trhqVmc0qGmAlwXc+qL2Djupnk4K3ErFcuPgm4ARXvFuAkAAeFlmcf aBGaFqwxcIW7pEfkukTyPK2TgpgnAT09qhSH1iuB0XR94ghKoZR6qi38X wgZylmghp5C05MSVwyhqDGgrswRMy6X3pq5KNJKHjaPHTNW0JMIpeYfqL rijh5j/qce7+os/q2rASni1YzXRyMVlYYbNETN7q7X8R+rbm4mj5tCd/u 45qT9nMbBBEcVbHHk7nOUbOVwgvtKs44Vh0f73OpUgHaRb69foaT/yfz2 XfFdXkt1xcL6Xu17THrYnxoh7TRHpvvKE+B6yPJxzvRjuOsiau5g2WNRr w==; X-CSE-ConnectionGUID: tCSZJcjsRGW05HlXnAg+rw== X-CSE-MsgGUID: DdJLRKRZQbmfkk+SpQ0udg== X-IronPort-AV: E=Sophos;i="6.20,252,1758585600"; d="scan'208";a="6196568" Received: from ip-10-6-3-216.eu-central-1.compute.internal (HELO smtpout.naws.eu-central-1.prod.farcaster.email.amazon.dev) ([10.6.3.216]) by internal-fra-out-013.esa.eu-central-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 Dec 2025 16:57:58 +0000 Received: from EX19MTAEUC001.ant.amazon.com [54.240.197.225:10986] by smtpin.naws.eu-central-1.prod.farcaster.email.amazon.dev [10.0.26.175:2525] with esmtp (Farcaster) id 2bf591aa-fe6a-4778-8f28-ccc43634a12b; Fri, 5 Dec 2025 16:57:58 +0000 (UTC) X-Farcaster-Flow-ID: 2bf591aa-fe6a-4778-8f28-ccc43634a12b Received: from EX19D005EUB002.ant.amazon.com (10.252.51.103) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29; Fri, 5 Dec 2025 16:57:57 +0000 Received: from EX19D005EUB003.ant.amazon.com (10.252.51.31) by EX19D005EUB002.ant.amazon.com (10.252.51.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.29; Fri, 5 Dec 2025 16:57:57 +0000 Received: from EX19D005EUB003.ant.amazon.com ([fe80::b825:becb:4b38:da0c]) by EX19D005EUB003.ant.amazon.com ([fe80::b825:becb:4b38:da0c%3]) with mapi id 15.02.2562.029; Fri, 5 Dec 2025 16:57:57 +0000 From: "Kalyazin, Nikita" To: "kvm@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "kvmarm@lists.linux.dev" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "bpf@vger.kernel.org" , "linux-kselftest@vger.kernel.org" CC: "pbonzini@redhat.com" , "corbet@lwn.net" , "maz@kernel.org" , "oupton@kernel.org" , "joey.gouly@arm.com" , "suzuki.poulose@arm.com" , "yuzenghui@huawei.com" , "catalin.marinas@arm.com" , "will@kernel.org" , "seanjc@google.com" , "tglx@linutronix.de" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "x86@kernel.org" , "hpa@zytor.com" , "luto@kernel.org" , "peterz@infradead.org" , "willy@infradead.org" , "akpm@linux-foundation.org" , "david@kernel.org" , "lorenzo.stoakes@oracle.com" , "Liam.Howlett@oracle.com" , "vbabka@suse.cz" , "rppt@kernel.org" , "surenb@google.com" , "mhocko@suse.com" , "ast@kernel.org" , "daniel@iogearbox.net" , "andrii@kernel.org" , "martin.lau@linux.dev" , "eddyz87@gmail.com" , "song@kernel.org" , "yonghong.song@linux.dev" , "john.fastabend@gmail.com" , "kpsingh@kernel.org" , "sdf@fomichev.me" , "haoluo@google.com" , "jolsa@kernel.org" , "jgg@ziepe.ca" , "jhubbard@nvidia.com" , "peterx@redhat.com" , "jannh@google.com" , "pfalcato@suse.de" , "shuah@kernel.org" , "riel@surriel.com" , "baohua@kernel.org" , "ryan.roberts@arm.com" , "jgross@suse.com" , "yu-cheng.yu@intel.com" , "kas@kernel.org" , "coxu@redhat.com" , "kevin.brodsky@arm.com" , "ackerleytng@google.com" , "maobibo@loongson.cn" , "prsampat@amd.com" , "mlevitsk@redhat.com" , "isaku.yamahata@intel.com" , "jmattson@google.com" , "jthoughton@google.com" , "linux-arm-kernel@lists.infradead.org" , "vannapurve@google.com" , "jackmanb@google.com" , "aneesh.kumar@kernel.org" , "patrick.roy@linux.dev" , "Thomson, Jack" , "Itazuri, Takahiro" , "Manwaring, Derek" , "Cali, Marco" , "Kalyazin, Nikita" Subject: [PATCH v8 01/13] x86: export set_direct_map_valid_noflush to KVM module Thread-Topic: [PATCH v8 01/13] x86: export set_direct_map_valid_noflush to KVM module Thread-Index: AQHcZghOBziVXkJRtEWVlaaPn0Dq3Q== Date: Fri, 5 Dec 2025 16:57:57 +0000 Message-ID: <20251205165743.9341-2-kalyazin@amazon.com> References: <20251205165743.9341-1-kalyazin@amazon.com> In-Reply-To: <20251205165743.9341-1-kalyazin@amazon.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Transfer-Encoding: quoted-printable Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Patrick Roy Use the per-module export functionality to allow KVM (and only KVM) access to set_direct_map_valid_noflush(). This allows guest_memfd to remove its memory from the direct map, even if KVM is built as a module. Only do this on x86, as only x86 and arm64 support guest_memfd, and arm64 does not support building KVM as a module. Direct map removal gives guest_memfd the same protection that memfd_secret enjoys, such as hardening against Spectre-like attacks through in-kernel gadgets. Signed-off-by: Patrick Roy Signed-off-by: Nikita Kalyazin --- arch/x86/mm/pat/set_memory.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 970981893c9b..a7a88b598d99 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2655,6 +2655,7 @@ int set_direct_map_valid_noflush(struct page *page, u= nsigned nr, bool valid) =20 return __set_pages_np(page, nr); } +EXPORT_SYMBOL_FOR_MODULES(set_direct_map_valid_noflush, "kvm"); =20 #ifdef CONFIG_DEBUG_PAGEALLOC void __kernel_map_pages(struct page *page, int numpages, int enable) --=20 2.50.1