From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D57635AC31; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; cv=none; b=oi3KPeYacs/b8vVrgNRylJRrQwQSuk5xaS5weypta6W2d4x67UTNG/ZnfeI0yCa4t7wuuHco7wDRlkwTnBq+4SLC8ZkfZp8YeXOC5Cg+T43c0yErtWc0hKbYMpEyT/n6Jp8qQkCaJj66aGRbMfHMpiBfyPbqICR/KsOFiyRdxVY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; c=relaxed/simple; bh=xuCybwNJYL/whg4JHbWn496U8nEXSnWkN8sHol2ieJg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Nihir9xikIw9drHwxEDf2ka5Cfn42eB79i9oSfqG3FTCtvMS4nn4m4iA9yFDp2ZFiGd1OtaMWhQmyulzCStOOdyY5wltSQgdC2dn/yOSF3RHLZBpTmdBgTSzvqrj5vylG1Sz+UqCCDWB3Rm3GOmlINye0zUK7u7z9sX2C62VGMY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=RJFcEeAJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="RJFcEeAJ" Received: by smtp.kernel.org (Postfix) with ESMTPS id 23CA4C2BCB9; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=xuCybwNJYL/whg4JHbWn496U8nEXSnWkN8sHol2ieJg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=RJFcEeAJ2TGeSo3AFzeVG1Weq0BgmcdLgQZ6nMqN8RhJb4YLCI3kpTHDR2z4DAMET qDhbdQtzF9U3gOzA8V+0E9km/GGC2nf27+V/kLpARqrV3ZTe6oEK7fbuAHgfO4nUS9 1rjzUbqzL1KXUXCiGSkVvEFzLstDvJ0uUbNDx1kGweCVa3/WtFdLXKHhuy1txtfz3Y AnzFY10xlOCTsyRCX+LgZ8k/5PoyPbdpHxKIz8MdcQtpNKHsxz+3HeziIUWxioq8rI UIv8xQie+oWSf/Oc7XLjYnT2LXGsYFuum09R5zoO9kPF/smLXSwBRQfdGesqkdPXXC cuIJlNpfwZX/g== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CA2FFF885A; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:24:56 -0700 Subject: [PATCH RFC v5 01/53] KVM: guest_memfd: Introduce per-gmem attributes, use to guard user mappings Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-1-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=8485; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=VhY0EBZ0RTKWdcAwSWu4Lq81A+YiOZd/S+bEc8Z1k9Y=; b=b4P91BjoE2PJEKSJlp0D2B+heZp6+cTk/PWBfQJqGO1pgl/9pBWwG/3B3cZpa/neOpp4I7a8S GtY7DtLmbBfCdsH80d+/LyYX8c9VNobZffJUSnksl6+ZVxrjGLDBgUW X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Start plumbing in guest_memfd support for in-place private<=3D>shared conversions by tracking attributes via a maple tree. KVM currently tracks private vs. shared attributes on a per-VM basis, which made sense when a guest_memfd _only_ supported private memory, but tracking per-VM simply can't work for in-place conversions as the shareability of a given page needs to be per-gmem_inode, not per-VM. Use the filemap invalidation lock to protect the maple tree, as taking the lock for read when faulting in memory (for userspace or the guest) isn't expected to result in meaningful contention, and using a separate lock would add significant complexity (avoid deadlock is quite difficult). Signed-off-by: Sean Christopherson Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng Co-developed-by: Vishal Annapurve Signed-off-by: Vishal Annapurve Co-developed-by: Fuad Tabba Signed-off-by: Fuad Tabba --- virt/kvm/guest_memfd.c | 139 +++++++++++++++++++++++++++++++++++++++++++--= ---- 1 file changed, 123 insertions(+), 16 deletions(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 69c9d6d546b28..17e5a23fec0a1 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -33,6 +34,12 @@ struct gmem_inode { struct list_head gmem_file_list; =20 u64 flags; + /* + * Every index in this inode, whether memory is populated or + * not, is tracked in attributes. There are no gaps in this + * maple tree. + */ + struct maple_tree attributes; }; =20 static __always_inline struct gmem_inode *GMEM_I(struct inode *inode) @@ -60,6 +67,31 @@ static pgoff_t kvm_gmem_get_index(struct kvm_memory_slot= *slot, gfn_t gfn) return gfn - slot->base_gfn + slot->gmem.pgoff; } =20 +static u64 kvm_gmem_get_attributes(struct inode *inode, pgoff_t index) +{ + struct maple_tree *mt =3D &GMEM_I(inode)->attributes; + void *entry =3D mtree_load(mt, index); + + /* + * The lock _must_ be held for lookups, as some maple tree operations, + * e.g. append, are unsafe (return inaccurate information) with respect + * to concurrent RCU-protected lookups. + */ + lockdep_assert(mt_lock_is_held(mt)); + + return WARN_ON_ONCE(!entry) ? 0 : xa_to_value(entry); +} + +static bool kvm_gmem_is_private_mem(struct inode *inode, pgoff_t index) +{ + return kvm_gmem_get_attributes(inode, index) & KVM_MEMORY_ATTRIBUTE_PRIVA= TE; +} + +static bool kvm_gmem_is_shared_mem(struct inode *inode, pgoff_t index) +{ + return !kvm_gmem_is_private_mem(inode, index); +} + static int __kvm_gmem_prepare_folio(struct kvm *kvm, struct kvm_memory_slo= t *slot, pgoff_t index, struct folio *folio) { @@ -397,10 +429,13 @@ static vm_fault_t kvm_gmem_fault_user_mapping(struct = vm_fault *vmf) if (((loff_t)vmf->pgoff << PAGE_SHIFT) >=3D i_size_read(inode)) return VM_FAULT_SIGBUS; =20 - if (!(GMEM_I(inode)->flags & GUEST_MEMFD_FLAG_INIT_SHARED)) - return VM_FAULT_SIGBUS; + filemap_invalidate_lock_shared(inode->i_mapping); + if (kvm_gmem_is_shared_mem(inode, vmf->pgoff)) + folio =3D kvm_gmem_get_folio(inode, vmf->pgoff); + else + folio =3D ERR_PTR(-EACCES); + filemap_invalidate_unlock_shared(inode->i_mapping); =20 - folio =3D kvm_gmem_get_folio(inode, vmf->pgoff); if (IS_ERR(folio)) { if (PTR_ERR(folio) =3D=3D -EAGAIN) return VM_FAULT_RETRY; @@ -556,6 +591,51 @@ bool __weak kvm_arch_supports_gmem_init_shared(struct = kvm *kvm) return true; } =20 +static int kvm_gmem_init_inode(struct inode *inode, loff_t size, u64 flags) +{ + struct gmem_inode *gi =3D GMEM_I(inode); + MA_STATE(mas, &gi->attributes, 0, (size >> PAGE_SHIFT) - 1); + u64 attrs; + int r; + + inode->i_op =3D &kvm_gmem_iops; + inode->i_mapping->a_ops =3D &kvm_gmem_aops; + inode->i_mode |=3D S_IFREG; + inode->i_size =3D size; + mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER); + + /* + * guest_memfd memory is neither migratable nor swappable: set + * inaccessible to gate off both. + */ + mapping_set_inaccessible(inode->i_mapping); + WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); + + gi->flags =3D flags; + + mt_set_external_lock(&gi->attributes, + &inode->i_mapping->invalidate_lock); + + /* + * Store default attributes for the entire gmem instance. Ensuring every + * index is represented in the maple tree at all times simplifies the + * conversion and merging logic. + */ + attrs =3D gi->flags & GUEST_MEMFD_FLAG_INIT_SHARED ? 0 : KVM_MEMORY_ATTRI= BUTE_PRIVATE; + + /* + * Acquire the invalidation lock purely to make lockdep happy. The + * maple tree library expects all stores to be protected via the lock, + * and the library can't know when the tree is reachable only by the + * caller, as is the case here. + */ + filemap_invalidate_lock(inode->i_mapping); + r =3D mas_store_gfp(&mas, xa_mk_value(attrs), GFP_KERNEL); + filemap_invalidate_unlock(inode->i_mapping); + + return r; +} + static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) { static const char *name =3D "[kvm-gmem]"; @@ -586,16 +666,9 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t s= ize, u64 flags) goto err_fops; } =20 - inode->i_op =3D &kvm_gmem_iops; - inode->i_mapping->a_ops =3D &kvm_gmem_aops; - inode->i_mode |=3D S_IFREG; - inode->i_size =3D size; - mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER); - mapping_set_inaccessible(inode->i_mapping); - /* Unmovable mappings are supposed to be marked unevictable as well. */ - WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); - - GMEM_I(inode)->flags =3D flags; + err =3D kvm_gmem_init_inode(inode, size, flags); + if (err) + goto err_inode; =20 file =3D alloc_file_pseudo(inode, kvm_gmem_mnt, name, O_RDWR, &kvm_gmem_f= ops); if (IS_ERR(file)) { @@ -797,9 +870,13 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memor= y_slot *slot, if (!file) return -EFAULT; =20 + filemap_invalidate_lock_shared(file_inode(file)->i_mapping); + folio =3D __kvm_gmem_get_pfn(file, slot, index, pfn, max_order); - if (IS_ERR(folio)) - return PTR_ERR(folio); + if (IS_ERR(folio)) { + r =3D PTR_ERR(folio); + goto out; + } =20 if (!folio_test_uptodate(folio)) { clear_highpage(folio_page(folio, 0)); @@ -815,6 +892,8 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory= _slot *slot, else folio_put(folio); =20 +out: + filemap_invalidate_unlock_shared(file_inode(file)->i_mapping); return r; } EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_pfn); @@ -944,6 +1023,15 @@ static struct inode *kvm_gmem_alloc_inode(struct supe= r_block *sb) =20 mpol_shared_policy_init(&gi->policy, NULL); =20 + /* + * Memory attributes are protected by the filemap invalidation lock, but + * the lock structure isn't available at this time. Immediately mark + * maple tree as using external locking so that accessing the tree + * before it's fully initialized results in NULL pointer dereferences + * and not more subtle bugs. + */ + mt_init_flags(&gi->attributes, MT_FLAGS_LOCK_EXTERN); + gi->flags =3D 0; INIT_LIST_HEAD(&gi->gmem_file_list); return &gi->vfs_inode; @@ -951,7 +1039,26 @@ static struct inode *kvm_gmem_alloc_inode(struct supe= r_block *sb) =20 static void kvm_gmem_destroy_inode(struct inode *inode) { - mpol_free_shared_policy(&GMEM_I(inode)->policy); + struct gmem_inode *gi =3D GMEM_I(inode); + + mpol_free_shared_policy(&gi->policy); + + /* + * Note! Checking for an empty tree is functionally necessary + * to avoid explosions if the tree hasn't been fully + * initialized, i.e. if the inode is being destroyed before + * guest_memfd can set the external lock, lockdep would find + * that the tree's internal ma_lock was not held. + */ + if (!mtree_empty(&gi->attributes)) { + /* + * Acquire the invalidation lock purely to make lockdep happy, + * the inode is unreachable at this point. + */ + filemap_invalidate_lock(inode->i_mapping); + __mt_destroy(&gi->attributes); + filemap_invalidate_unlock(inode->i_mapping); + } } =20 static void kvm_gmem_free_inode(struct inode *inode) --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B40038838C; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; cv=none; b=Y/r963ERfnB43YVPfv9AWWf7LLQvO36rISM+McHcy3Di48GRP9JuqDsC01AyUFbwAHDz4K/k3Gb1CmB5RSOElJUIJXfgEiWBzExpzNEXUryWSZEbNYfCeyU7860caWz4ffUGEXnUg5HnuOBGYRiQiKnAnoIT7VzGak/4ieLSIt8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; c=relaxed/simple; bh=TQ/JQVZ8EBe4lZfpLA18QGX1cWC5Jk/GnFPrFM938QU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=f3QktbqGG/m2wwI7QuPGQtVkIUO5V6DncFx5CVE2DdT8WBnSFUQKCOk7RvnJhdGU0tlI+If+QpW5tcGDUHWJll+kFBBIG3WqFDIpIjo7KTG8HlBDVNFSi2ll6y9UGkZS+CNmGdOGQAnU6qDo2WHDAVGNooU490yRK54jtb8buug= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=R9Aw89wW; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="R9Aw89wW" Received: by smtp.kernel.org (Postfix) with ESMTPS id 34D6DC2BCC6; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=TQ/JQVZ8EBe4lZfpLA18QGX1cWC5Jk/GnFPrFM938QU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=R9Aw89wW+KLgW6e9c/KhyMPtAw+afmBOUH+d85XImwdn05f4e7RZxxuZQq0X8fd4R 5NkH9SrwunvpKEV/RFVGEzLv81n2VRK5gJBVpyDwceT5k6lbW5E4AoHywPksYwCgJ8 RnAkMqdm+zRK8O1D3F1CBADGY1HXJhkN2ieu46DPNRdA6y98YY17g3Q4ey/x6BRlB0 +5YFix2Mm72o0SbiCC4uJ4A8aOThdx0zoUwTlTmaFDQf6uVw1ZRnb2KOza//936MUS NWm+F6P10JWMPkL4Do7+bW8DB9mYIYkM2gSfhNKEk5XY5fhm+TiuLRVXxw2/xEo/IV da6jnh5cZXJiw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 21950FF8877; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:24:57 -0700 Subject: [PATCH RFC v5 02/53] KVM: Rename KVM_GENERIC_MEMORY_ATTRIBUTES to KVM_VM_MEMORY_ATTRIBUTES Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-2-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=8643; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=R5hxyIDJM37Y03IAeGOj9ROZD1bt2m8hfonDs7rwrYs=; b=fXuzweXcoo+FBFFkvzmmqNTRVgxROB02Jy3dKKbmYmFyzYwvmuWSlB394LnOE1wK4Ta8apGvP h7jbFF9hs3zBiWoNFTDkiVk23/sIMJAhFhoLcXUeyzc6XJeSdCmyIdf X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Rename the per-VM memory attributes Kconfig to make it explicitly about per-VM attributes in anticipation of adding memory attributes support to guest_memfd, at which point it will be possible (and desirable) to have memory attributes without the per-VM support, even in x86. No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/Kconfig | 6 +++--- arch/x86/kvm/mmu/mmu.c | 2 +- arch/x86/kvm/x86.c | 2 +- include/linux/kvm_host.h | 8 ++++---- include/trace/events/kvm.h | 4 ++-- virt/kvm/Kconfig | 2 +- virt/kvm/kvm_main.c | 14 +++++++------- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index c470e40a00aa4..60b997764beef 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2369,7 +2369,7 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_force= d_root_level, int tdp_max_root_level, int tdp_huge_page_level); =20 =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES #define kvm_arch_has_private_mem(kvm) ((kvm)->arch.has_private_mem) #endif =20 diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 801bf9e520db3..26f6afd51bbdc 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -84,7 +84,7 @@ config KVM_SW_PROTECTED_VM bool "Enable support for KVM software-protected VMs" depends on EXPERT depends on KVM_X86 && X86_64 - select KVM_GENERIC_MEMORY_ATTRIBUTES + select KVM_VM_MEMORY_ATTRIBUTES help Enable support for KVM software-protected VMs. Currently, software- protected VMs are purely a development and testing vehicle for @@ -135,7 +135,7 @@ config KVM_INTEL_TDX bool "Intel Trust Domain Extensions (TDX) support" default y depends on INTEL_TDX_HOST - select KVM_GENERIC_MEMORY_ATTRIBUTES + select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_POPULATE help Provides support for launching Intel Trust Domain Extensions (TDX) @@ -159,7 +159,7 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=3Dy && CRYPTO_DEV_CCP_DD=3Dm) select ARCH_HAS_CC_PLATFORM - select KVM_GENERIC_MEMORY_ATTRIBUTES + select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_PREPARE select HAVE_KVM_ARCH_GMEM_INVALIDATE select HAVE_KVM_ARCH_GMEM_POPULATE diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 24fbc9ea502a3..8276d7ca02036 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -7906,7 +7906,7 @@ void kvm_mmu_pre_destroy_vm(struct kvm *kvm) vhost_task_stop(kvm->arch.nx_huge_page_recovery_thread); } =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static bool hugepage_test_mixed(struct kvm_memory_slot *slot, gfn_t gfn, int level) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 0a1b63c63d1a9..1560de1e95be0 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13625,7 +13625,7 @@ static int kvm_alloc_memslot_metadata(struct kvm *k= vm, } } =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES kvm_mmu_init_memslot_memory_attributes(kvm, slot); #endif =20 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 4c14aee1fb063..7b9faa3545300 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -722,7 +722,7 @@ static inline int kvm_arch_vcpu_memslots_id(struct kvm_= vcpu *vcpu) } #endif =20 -#ifndef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifndef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static inline bool kvm_arch_has_private_mem(struct kvm *kvm) { return false; @@ -871,7 +871,7 @@ struct kvm { #ifdef CONFIG_HAVE_KVM_PM_NOTIFIER struct notifier_block pm_notifier; #endif -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES /* Protected by slots_lock (for writes) and RCU (for reads) */ struct xarray mem_attr_array; #endif @@ -2528,7 +2528,7 @@ static inline bool kvm_memslot_is_gmem_only(const str= uct kvm_memory_slot *slot) return slot->flags & KVM_MEMSLOT_GMEM_ONLY; } =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static inline unsigned long kvm_get_memory_attributes(struct kvm *kvm, gfn= _t gfn) { return xa_to_value(xa_load(&kvm->mem_attr_array, gfn)); @@ -2550,7 +2550,7 @@ static inline bool kvm_mem_is_private(struct kvm *kvm= , gfn_t gfn) { return false; } -#endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */ +#endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 #ifdef CONFIG_KVM_GUEST_MEMFD int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, diff --git a/include/trace/events/kvm.h b/include/trace/events/kvm.h index b282e3a867696..1ba72bd73ea2f 100644 --- a/include/trace/events/kvm.h +++ b/include/trace/events/kvm.h @@ -358,7 +358,7 @@ TRACE_EVENT(kvm_dirty_ring_exit, TP_printk("vcpu %d", __entry->vcpu_id) ); =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES /* * @start: Starting address of guest memory range * @end: End address of guest memory range @@ -383,7 +383,7 @@ TRACE_EVENT(kvm_vm_set_mem_attributes, TP_printk("%#016llx -- %#016llx [0x%lx]", __entry->start, __entry->end, __entry->attr) ); -#endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */ +#endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 TRACE_EVENT(kvm_unmap_hva_range, TP_PROTO(unsigned long start, unsigned long end), diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index 794976b88c6f9..5119cb37145fc 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -100,7 +100,7 @@ config KVM_ELIDE_TLB_FLUSH_IF_YOUNG config KVM_MMU_LOCKLESS_AGING bool =20 -config KVM_GENERIC_MEMORY_ATTRIBUTES +config KVM_VM_MEMORY_ATTRIBUTES bool =20 config KVM_GUEST_MEMFD diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 89489996fbc1e..306153abbafa5 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -1115,7 +1115,7 @@ static struct kvm *kvm_create_vm(unsigned long type, = const char *fdname) spin_lock_init(&kvm->mn_invalidate_lock); rcuwait_init(&kvm->mn_memslots_update_rcuwait); xa_init(&kvm->vcpu_array); -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES xa_init(&kvm->mem_attr_array); #endif =20 @@ -1300,7 +1300,7 @@ static void kvm_destroy_vm(struct kvm *kvm) cleanup_srcu_struct(&kvm->irq_srcu); srcu_barrier(&kvm->srcu); cleanup_srcu_struct(&kvm->srcu); -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES xa_destroy(&kvm->mem_attr_array); #endif kvm_arch_free_vm(kvm); @@ -2418,7 +2418,7 @@ static int kvm_vm_ioctl_clear_dirty_log(struct kvm *k= vm, } #endif /* CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */ =20 -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static u64 kvm_supported_mem_attributes(struct kvm *kvm) { if (!kvm || kvm_arch_has_private_mem(kvm)) @@ -2623,7 +2623,7 @@ static int kvm_vm_ioctl_set_mem_attributes(struct kvm= *kvm, =20 return kvm_vm_set_mem_attributes(kvm, start, end, attrs->attributes); } -#endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */ +#endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn) { @@ -4921,7 +4921,7 @@ static int kvm_vm_ioctl_check_extension_generic(struc= t kvm *kvm, long arg) case KVM_CAP_SYSTEM_EVENT_DATA: case KVM_CAP_DEVICE_CTRL: return 1; -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES case KVM_CAP_MEMORY_ATTRIBUTES: return kvm_supported_mem_attributes(kvm); #endif @@ -5325,7 +5325,7 @@ static long kvm_vm_ioctl(struct file *filp, break; } #endif /* CONFIG_HAVE_KVM_IRQ_ROUTING */ -#ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES case KVM_SET_MEMORY_ATTRIBUTES: { struct kvm_memory_attributes attrs; =20 @@ -5336,7 +5336,7 @@ static long kvm_vm_ioctl(struct file *filp, r =3D kvm_vm_ioctl_set_mem_attributes(kvm, &attrs); break; } -#endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */ +#endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ case KVM_CREATE_DEVICE: { struct kvm_create_device cd; =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B44C738F24C; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; cv=none; b=d6QPqousSIWnXDiQzIulqz/4YEQ8sxhpZn+k3dQ3rBJMI+rsF2P3hpT5S/9HBxFi+w8geUuwIn5z0ReWCOilpEqM+KAqALPyp3CFlKjtlcesyfMOLvxrBXdHcJ/vlHAB9Ri6bckZxDEDBi64WK4o9wXRXAFxB/p57K31BmBxgoA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; c=relaxed/simple; bh=AaF4HXGpP5WD6rmFOZxYKszkVonAtOtfufgz8/0EJFA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=WoEYyLHWnUUWnhYYJU9nXJA9UdFVebqksomGspIQ+CjQAMgaJZYDVaPsS88Zu4kdHPOvyOjJwCkielXrln7PlIs62pT+VOfFB46uE/OmUoPIYzDnC6jYq5QfITtv6KxiQC3JmFT7jCjEO+M4vjO9OQ0Llfb3FMjhf0BHCzwLsYU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=TECxRH7d; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="TECxRH7d" Received: by smtp.kernel.org (Postfix) with ESMTPS id 42006C2BCF7; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=AaF4HXGpP5WD6rmFOZxYKszkVonAtOtfufgz8/0EJFA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=TECxRH7dkgEkaATJlrzxU+2UYhlBdNl/WGlDIixmHZcnS8qBtEDP6PBsEsTstWAef 0mDThIVLhAV5LRd5Qs/zPWXSjzd2Gx4yN9N92LxjrZMVO+rmGR8LHYawy074RML1dI LFxn6Tej0APPQFGIBkAzy9vMIj7gNOAuB6VMjtHpDr41KZlu2s7iI9YNZyaC0lcBiH +rX0bpCw5uGqLqE5S3baeoDoLH9M6HmAAJpduMPK+IE3wGPdW2ut28fG+/hOJ/Kt9r On2BCWmtd4jRB13UFPwUTkBdoB87ePxZUfhltla4Z5eb0yceTzcjwD03qTi4UEvAkF PTO9yweGJ1rrw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 371B8FF8879; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:24:58 -0700 Subject: [PATCH RFC v5 03/53] KVM: Enumerate support for PRIVATE memory iff kvm_arch_has_private_mem is defined Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-3-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1791; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=Wv0T7BRlY/etY57IYCmbdP7OGNUJqEfLohRwRHtaZTY=; b=XT8IsQV/NcpbmHXja8QsL7lhxDNOK+DGwKds9n4+pmWqIZ673ExEPONdT11cUL0EYvx+PL3C0 7Po5/EMzQ5vCB4FICf7wMtQLA6KQ9zUFzGAb+XhGvBwk+v+doKObl2s X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Explicitly guard reporting support for KVM_MEMORY_ATTRIBUTE_PRIVATE based on kvm_arch_has_private_mem being #defined in anticipation of decoupling kvm_supported_mem_attributes() from CONFIG_KVM_VM_MEMORY_ATTRIBUTES. guest_memfd support for memory attributes will be unconditional to avoid yet more macros (all architectures that support guest_memfd are expected to use per-gmem attributes at some point), at which point enumerating support KVM_MEMORY_ATTRIBUTE_PRIVATE based solely on memory attributes being supported _somewhere_ would result in KVM over-reporting support on arm64. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- include/linux/kvm_host.h | 2 +- virt/kvm/kvm_main.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 7b9faa3545300..7d079f9701346 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -722,7 +722,7 @@ static inline int kvm_arch_vcpu_memslots_id(struct kvm_= vcpu *vcpu) } #endif =20 -#ifndef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +#ifndef kvm_arch_has_private_mem static inline bool kvm_arch_has_private_mem(struct kvm *kvm) { return false; diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 306153abbafa5..abb9cfa3eb04d 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2421,8 +2421,10 @@ static int kvm_vm_ioctl_clear_dirty_log(struct kvm *= kvm, #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static u64 kvm_supported_mem_attributes(struct kvm *kvm) { +#ifdef kvm_arch_has_private_mem if (!kvm || kvm_arch_has_private_mem(kvm)) return KVM_MEMORY_ATTRIBUTE_PRIVATE; +#endif =20 return 0; } --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B864138F255; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; cv=none; b=KxjRNVUksC7/bkHpGLrG0+BvrPO3omqpHbQnp+ZnjiMW8sjj8kGI+HWlTLbykynI4ItcRHDrCMIIoyl5VX1/h6TH16GkVWVUU28ArWFg+s/HSGK3008Uv+X8MqwbcYEW3rnrwbQ7VPcNPc2+dfH1ZUgPovjNNW+Re0uLMEt8+DU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; c=relaxed/simple; bh=64YGkKpzXHPhj6YdgvIXt391X4+xsLGL73RfHhfcEuI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=UWY3isTj0Y2fMS8+Jw9JZPVg8OrkDHyE4wnbivik+G/UN2Ak7uAoBEuVRMb8NiXOFKyBnMBcCV/4qJk5OqQUUhDLYUdWyqU3w8f22ueCnEiffJBnW2C8RBdItmwRDB4WZiLZqxB8vvlqg9+NBy/3IRbqQyZTHzZ/hbRv8ofNzMs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jHI5bBGQ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jHI5bBGQ" Received: by smtp.kernel.org (Postfix) with ESMTPS id 5C4F3C2BCF4; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=64YGkKpzXHPhj6YdgvIXt391X4+xsLGL73RfHhfcEuI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=jHI5bBGQuhPXgIdN3cca7fNrTOKq/0vtzWAX3DVk/fyJHmo6d85Wsfu4MO5rOvJbu NdKFdirY+83P2xNWluat9qgAl/gNjf4zff6dy6qrt4XYfcM3gLNShBi8+ppJEBF8Cs coGD+LQdEESiSs1i5Leir4pvGuz8SLwtSqS5r+W03SMuEXI7ECPwkOdL4pg2SJOT19 6N9I8CYJ+cVrCh8TTAdgrePbe0ToKdVSXrhOaGeJMzw+NVkCP9PVV2rHKhbzHRsfn3 FW6A5uiNExpqP53JPfyb0u9PUNUR9uKu5u6e9pXE9yKYvMuwUyJD0+owmD8//tJIlA WReMOMk5fvtbA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BB5DFF887B; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:24:59 -0700 Subject: [PATCH RFC v5 04/53] KVM: Stub in ability to disable per-VM memory attribute tracking Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-4-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=7274; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=bVM9SWT6+BXY7IlOlHx2iVSj3aLvEFs9pM2Wj6Jf7XU=; b=G/c16lNAJNnjM9M0xFeDavYgHOPAIseCNQpYneBLIff/6hxV4k4HuJIAn3NI5RLa4iOfl9bdg IbD5itVpzMOAthtpECMUHU+PfKPvUmzTInmoUzGAnunn5wWQRlPou5f X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Introduce the basic infrastructure to allow per-VM memory attribute tracking to be disabled. This will be built-upon in a later patch, where a module param can disable per-VM memory attribute tracking. Split the Kconfig option into a base KVM_MEMORY_ATTRIBUTES and the existing KVM_VM_MEMORY_ATTRIBUTES. The base option provides the core plumbing, while the latter enables the full per-VM tracking via an xarray and the associated ioctls. kvm_get_memory_attributes() now performs a static call that either looks up kvm->mem_attr_array with CONFIG_KVM_VM_MEMORY_ATTRIBUTES is enabled, or just returns 0 otherwise. The static call can be patched depending on whether per-VM tracking is enabled by the CONFIG. No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/include/asm/kvm_host.h | 2 +- include/linux/kvm_host.h | 23 ++++++++++++--------- virt/kvm/Kconfig | 4 ++++ virt/kvm/kvm_main.c | 44 +++++++++++++++++++++++++++++++++++++= +++- 4 files changed, 62 insertions(+), 11 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_hos= t.h index 60b997764beef..c9aa50bcdac2d 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2369,7 +2369,7 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_force= d_root_level, int tdp_max_root_level, int tdp_huge_page_level); =20 =20 -#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_MEMORY_ATTRIBUTES #define kvm_arch_has_private_mem(kvm) ((kvm)->arch.has_private_mem) #endif =20 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 7d079f9701346..c5ba2cb34e45c 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2528,19 +2528,15 @@ static inline bool kvm_memslot_is_gmem_only(const s= truct kvm_memory_slot *slot) return slot->flags & KVM_MEMSLOT_GMEM_ONLY; } =20 -#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_MEMORY_ATTRIBUTES +typedef unsigned long (kvm_get_memory_attributes_t)(struct kvm *kvm, gfn_t= gfn); +DECLARE_STATIC_CALL(__kvm_get_memory_attributes, kvm_get_memory_attributes= _t); + static inline unsigned long kvm_get_memory_attributes(struct kvm *kvm, gfn= _t gfn) { - return xa_to_value(xa_load(&kvm->mem_attr_array, gfn)); + return static_call(__kvm_get_memory_attributes)(kvm, gfn); } =20 -bool kvm_range_has_memory_attributes(struct kvm *kvm, gfn_t start, gfn_t e= nd, - unsigned long mask, unsigned long attrs); -bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, - struct kvm_gfn_range *range); -bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, - struct kvm_gfn_range *range); - static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) { return kvm_get_memory_attributes(kvm, gfn) & KVM_MEMORY_ATTRIBUTE_PRIVATE; @@ -2550,6 +2546,15 @@ static inline bool kvm_mem_is_private(struct kvm *kv= m, gfn_t gfn) { return false; } +#endif + +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +bool kvm_range_has_memory_attributes(struct kvm *kvm, gfn_t start, gfn_t e= nd, + unsigned long mask, unsigned long attrs); +bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, + struct kvm_gfn_range *range); +bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, + struct kvm_gfn_range *range); #endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 #ifdef CONFIG_KVM_GUEST_MEMFD diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index 5119cb37145fc..3fea89c45cfb4 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -100,7 +100,11 @@ config KVM_ELIDE_TLB_FLUSH_IF_YOUNG config KVM_MMU_LOCKLESS_AGING bool =20 +config KVM_MEMORY_ATTRIBUTES + bool + config KVM_VM_MEMORY_ATTRIBUTES + select KVM_MEMORY_ATTRIBUTES bool =20 config KVM_GUEST_MEMFD diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index abb9cfa3eb04d..ee26f1d9b5fda 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -101,6 +101,17 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(halt_poll_ns_shrink); static bool __ro_after_init allow_unsafe_mappings; module_param(allow_unsafe_mappings, bool, 0444); =20 +#ifdef CONFIG_KVM_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +static bool vm_memory_attributes =3D true; +#else +#define vm_memory_attributes false +#endif +DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, kvm_get_memory_attrib= utes_t); +EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes= )); +EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_TRAMP(__kvm_get_memory_attribut= es)); +#endif + /* * Ordering of locks: * @@ -2418,7 +2429,7 @@ static int kvm_vm_ioctl_clear_dirty_log(struct kvm *k= vm, } #endif /* CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */ =20 -#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +#ifdef CONFIG_KVM_MEMORY_ATTRIBUTES static u64 kvm_supported_mem_attributes(struct kvm *kvm) { #ifdef kvm_arch_has_private_mem @@ -2429,6 +2440,12 @@ static u64 kvm_supported_mem_attributes(struct kvm *= kvm) return 0; } =20 +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES +static unsigned long kvm_get_vm_memory_attributes(struct kvm *kvm, gfn_t g= fn) +{ + return xa_to_value(xa_load(&kvm->mem_attr_array, gfn)); +} + /* * Returns true if _all_ gfns in the range [@start, @end) have attributes * such that the bits in @mask match @attrs. @@ -2625,7 +2642,24 @@ static int kvm_vm_ioctl_set_mem_attributes(struct kv= m *kvm, =20 return kvm_vm_set_mem_attributes(kvm, start, end, attrs->attributes); } +#else /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ +static unsigned long kvm_get_vm_memory_attributes(struct kvm *kvm, gfn_t g= fn) +{ + BUILD_BUG_ON(1); +} #endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ +static void kvm_init_memory_attributes(void) +{ + if (vm_memory_attributes) + static_call_update(__kvm_get_memory_attributes, + kvm_get_vm_memory_attributes); + else + static_call_update(__kvm_get_memory_attributes, + (void *)__static_call_return0); +} +#else /* CONFIG_KVM_MEMORY_ATTRIBUTES */ +static void kvm_init_memory_attributes(void) { } +#endif /* CONFIG_KVM_MEMORY_ATTRIBUTES */ =20 struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn) { @@ -4925,6 +4959,9 @@ static int kvm_vm_ioctl_check_extension_generic(struc= t kvm *kvm, long arg) return 1; #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES case KVM_CAP_MEMORY_ATTRIBUTES: + if (!vm_memory_attributes) + return 0; + return kvm_supported_mem_attributes(kvm); #endif #ifdef CONFIG_KVM_GUEST_MEMFD @@ -5331,6 +5368,10 @@ static long kvm_vm_ioctl(struct file *filp, case KVM_SET_MEMORY_ATTRIBUTES: { struct kvm_memory_attributes attrs; =20 + r =3D -ENOTTY; + if (!vm_memory_attributes) + goto out; + r =3D -EFAULT; if (copy_from_user(&attrs, argp, sizeof(attrs))) goto out; @@ -6527,6 +6568,7 @@ int kvm_init(unsigned vcpu_size, unsigned vcpu_align,= struct module *module) kvm_preempt_ops.sched_in =3D kvm_sched_in; kvm_preempt_ops.sched_out =3D kvm_sched_out; =20 + kvm_init_memory_attributes(); kvm_init_debug(); =20 r =3D kvm_vfio_ops_init(); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DBE3F3909A7; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; cv=none; b=d6fX+o8Y0YvYNgteu3FXWmYRoYwQ7aW2E2cDL0wQMqVzKCu1qzbrcZAiX2RJABpfjp1Gd956NyhcENHznlsC5/HbJATZ2DjWk8XoQw3eclfMGGlNc4V55jJ5ProYExGI7JZQ3U3t8TUzBL8x4kouLQ2EWKCA1hmJHTWnRzPDqYU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418717; c=relaxed/simple; bh=HgpSi9ZTgfE586MD3phUUfSsFvJtrJhDKnFAWPz7lSY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=B/P3smCeZkokHxgjxoAi0ZQovt9TlTyJ1Wo+SktGTCJoVJ8VRDL1q2kqaj29SxRESdiggKhjlBGkhXxBXcWQuWBpSkMiC940TmQSlqryBokeNR1hGl9/ESYpcFHjrjtOExlI3OaNI0O4Ioc1ZAiYC4dWYYZdQn1H7T9CMPL8J4Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pl7ZRH0G; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pl7ZRH0G" Received: by smtp.kernel.org (Postfix) with ESMTPS id 741ABC4AF0E; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=HgpSi9ZTgfE586MD3phUUfSsFvJtrJhDKnFAWPz7lSY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=pl7ZRH0GoG08ArewO7p9PkFpV6g17REgFEIux90fYKvK0tjaViRJPijJXYlb0iwyG VTmDmiu0WrCcp5hn2Kx+O+qgGmCkdDeUkKZb9q0uXwyghG0U2RZ/+TLYLDfUQwOXVy FiXmmCErnKNSOOWqzogbO2BIkKlt5laJvU0KaPaXtu9ELdcze3rLGbgSo36U1x3X/n JZPyT1JAvVAU4D6m7mme+kKcy7UqgEzdu6vX5VCGrsucfXLERioT7aGR2y34K6dwGQ kCHuHNxOAIIuiIjK7Jqnv/VVv7pFdd6FR/F1zoIrWhMyzHYRzGqOnyaLX0rhRc/ynz vgtpRp50FxKQg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 631A5FF8875; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:00 -0700 Subject: [PATCH RFC v5 05/53] KVM: guest_memfd: Wire up kvm_get_memory_attributes() to per-gmem attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-5-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3888; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=EYm5H+HZKG4huNzVvIwI6VbVarVyCkhtRQI1zH0BvXc=; b=l8oQnEGJFxSn4EiTXE9P6FteSO5rSVnbUWVF00usM5p6WOsYdDAKlFUyKJoLPK+1ALTEHeZey 13tyngurIdlAeB99TrW25+XBk4+2F65hxFbWt3QsxqTVrvWAtbflm0S X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Implement kvm_gmem_get_memory_attributes() for guest_memfd to allow the KVM core and architecture code to query per-GFN memory attributes. kvm_gmem_get_memory_attributes() finds the memory slot for a given GFN and queries the guest_memfd file's to determine if the page is marked as private. If vm_memory_attributes is not enabled, there is no shared/private tracking at the VM level. Install the guest_memfd implementation as long as guest_memfd is enabled to give guest_memfd a chance to respond on attributes. guest_memfd should look up attributes regardless of whether this memslot is gmem-only since attributes are now tracked by gmem regardless of whether mmap() is enabled. Signed-off-by: Sean Christopherson Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng --- include/linux/kvm_host.h | 2 ++ virt/kvm/guest_memfd.c | 37 +++++++++++++++++++++++++++++++++++++ virt/kvm/kvm_main.c | 3 +++ 3 files changed, 42 insertions(+) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index c5ba2cb34e45c..28a54298d27db 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2557,6 +2557,8 @@ bool kvm_arch_post_set_memory_attributes(struct kvm *= kvm, struct kvm_gfn_range *range); #endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 +unsigned long kvm_gmem_get_memory_attributes(struct kvm *kvm, gfn_t gfn); + #ifdef CONFIG_KVM_GUEST_MEMFD int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, gfn_t gfn, kvm_pfn_t *pfn, struct page **page, diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 17e5a23fec0a1..e56f89640d050 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -515,6 +515,43 @@ static int kvm_gmem_mmap(struct file *file, struct vm_= area_struct *vma) return 0; } =20 +unsigned long kvm_gmem_get_memory_attributes(struct kvm *kvm, gfn_t gfn) +{ + struct kvm_memory_slot *slot =3D gfn_to_memslot(kvm, gfn); + struct inode *inode; + unsigned long attrs; + + /* + * If this gfn has no associated memslot, there's no chance of the gfn + * being backed by private memory, since guest_memfd must be used for + * private memory, and guest_memfd must be associated with some memslot. + */ + if (!slot) + return 0; + + CLASS(gmem_get_file, file)(slot); + if (!file) + return 0; + + inode =3D file_inode(file); + + /* + * Acquire the filemap lock to ensure the mtree lookup gets a + * stable result. The caller _must_ still protect consumption + * of private vs. shared by checking + * mmu_invalidate_retry_gfn() under mmu_lock to serialize + * against ongoing attribute updates. Acquiring the filemap + * lock only ensures a stable _lookup_, the result can become + * stale as soon as the lock is dropped. + */ + filemap_invalidate_lock_shared(inode->i_mapping); + attrs =3D kvm_gmem_get_attributes(inode, kvm_gmem_get_index(slot, gfn)); + filemap_invalidate_unlock_shared(inode->i_mapping); + + return attrs; +} +EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_memory_attributes); + static struct file_operations kvm_gmem_fops =3D { .mmap =3D kvm_gmem_mmap, .open =3D generic_file_open, diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ee26f1d9b5fda..4139e903f756a 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2653,6 +2653,9 @@ static void kvm_init_memory_attributes(void) if (vm_memory_attributes) static_call_update(__kvm_get_memory_attributes, kvm_get_vm_memory_attributes); + else if (IS_ENABLED(CONFIG_KVM_GUEST_MEMFD)) + static_call_update(__kvm_get_memory_attributes, + kvm_gmem_get_memory_attributes); else static_call_update(__kvm_get_memory_attributes, (void *)__static_call_return0); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED0F0391E78; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=ZhAAVvR7jg91s965ANT9tUNGU1Bc58E3BcDZ/Epb5ICINIGGAhKttH+BxfXnYh8JtAN49fbvaTSB3iFp5e5xaoWlrOj091eMWku28gmQJuNaKvVTKSN9U1XidkPhMQK6cmj6rA2PucjQfRxZ2eA369qXHkfxjxrjCoGLB4cy2U4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=ufUN0hAdqDtY1fVXkXrEJTm6DllO/3WjmsGXjjz/Fsk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Rle/XiAgZLlOmq1XRk2Zb4AO7m5CCoSHZ5/y1AqA531ESLQWQYo3E5Rd9/XmeUfZpjW12L2OcoXTESOsfJPjSHushXRIjryatM0b18RmBWrYJI7mqUP4Qj7Ifv8k7Kap0be45iKbeONIzyxC4y4hx/c/Ad8sS8h3r7Dkyv1EvAg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ledDx784; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ledDx784" Received: by smtp.kernel.org (Postfix) with ESMTPS id 85187C4AF51; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=ufUN0hAdqDtY1fVXkXrEJTm6DllO/3WjmsGXjjz/Fsk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=ledDx784b8qj08pPKN3Kl6FI2Sdyt4JemNMlTSKtuzLqO47dNyLqsTcblx/XVuKwc 1WKjXaJu/tAJW9e+afVzp1a+bVAYPUvBaRRTjlgxKqKXogUkCWQ3+E2srtmngLp0DA dfKl2d32HCrDEwEanpFaMfGs8IfTwewU/aZ29PZTKOyDchMiOvYu8YkKF0L7xfBLgN 9DGZ6nMBf3T64sxXUcuQEOUefIljK25w/NpR6OQZvCXAbbBUhds2LCuMVEnIEjkgQ8 ytJx9BVq04BPVWN2oOMv5NKsxxBz1zKGBSfg+iBkC0ucHCcsev7FFdshWCQv2l633Z CUUOJAHOvPqUA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79A23FF8877; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:01 -0700 Subject: [PATCH RFC v5 06/53] KVM: x86/mmu: Bug the VM if gmem attributes are queried to determine max mapping level Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-6-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1802; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=mE1k3tJABrFyLvPsAUThPSR13SSUuI4MykLoB5ZQsPI=; b=CMxTYYNPO2Cg0DwwVYx4rM0CeYzUOqMMYtEiADkSrj386FCCj4wMlpDsBDm5m+GMCeMOCbzOi lMB9ng0Vh81CYdMxjc8AIWrpzjoE01tqhLnJELjyZNXaKHIOyygmT3c X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng When the maximum mapping level is queried, KVM's MMU lock is held, and while the MMU lock is held, guest_memfd cannot take the filemap_invalidate_lock() to look up the current shared/private state of the gfn, for these reasons: + The MMU lock is a spinlock or rwlock and cannot be held while taking a lock that can sleep. + In guest_memfd's code paths (such as truncate), the filemap_invalidate_lock() is held while taking the MMU lock, and taking the locks in reverse order would introduce a AB-BA deadlock. Currently, the maximum mapping level is only queried from guest_memfd in the process of recovering huge pages, if dirty logging is disabled on a memslot. Dirty logging is not currently supported for guest_memfd, and guest_memfd memslots also cannot be updated. For now, bug the VM if guest_memfd needs to be queried to determine the maximum mapping level. This guard can be removed if/when support is added. Signed-off-by: Ackerley Tng --- arch/x86/kvm/mmu/mmu.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 8276d7ca02036..2cc848bddf190 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3364,6 +3364,15 @@ int kvm_mmu_max_mapping_level(struct kvm *kvm, struc= t kvm_page_fault *fault, max_level =3D fault->max_level; is_private =3D fault->is_private; } else { + /* + * Memory attributes cannot be obtained from guest_memfd while + * the MMU lock is held. + */ + if (KVM_BUG_ON(static_call_query(__kvm_get_memory_attributes) =3D=3D + kvm_gmem_get_memory_attributes, kvm)) { + return 0; + } + max_level =3D PG_LEVEL_NUM; is_private =3D kvm_mem_is_private(kvm, gfn); } --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0050E3921F0; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=NzH5Ea+O57CKQ+bgNH3CDvcl0o7o4DmGZKCuwB9xIsedlBDEKdSNuSkA4s4bfby0LN+KoO1CMfxuh7cOAXr+Da6TswRoEI2JrChB2iH7ssxYCqClh6NMg41DG+U/c7yCxUNwn2fxmEjF86O5BR4jxARdsgPrkoD1/ZZaKAjmxvc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=ubAc1CPxXRSw/UEwcXkAvbq0+n6LQH67PumM7JjBqAs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lWxk6oQah01h9M3NWIm8GZhfEvqAzvolYcn69NJGXMfmP2G5RBhBsBzPqOiTFH5S2Yc6Ff5mDWtqClej8Pa3CZTp1oXN6QY1/LB6sncBrBRoKwPI4nQzvzbnnQMZRZ+VI1MkVXMe8n/X593CT649f+J27z1O41fwrkkBzbPTc3w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FyqA6YHo; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FyqA6YHo" Received: by smtp.kernel.org (Postfix) with ESMTPS id A81F4C2BCF6; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=ubAc1CPxXRSw/UEwcXkAvbq0+n6LQH67PumM7JjBqAs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=FyqA6YHok/aAKoE9OG/UqelbD0Zes24pZmdJORUE8xsJOCzU6Kry5GbZU9jRm8kxq tZ467m7WED6FbFlCmSjVCaFqkj1jUeIOo3hpHWcCImrx78NLOWK9Ed6ChJ3kppRNK/ 22JUo2643hp5KnFRcxK9/ew3PHJZmQEeFAxGrJ1a/d5DhQRj4cOhTx57ai+tEEop7j jqYlHBGJTMLDD/sP8rNtmAB7N0JuCX4+v1JgiNGmodMkJip3GXIpdav4o9PRBbSLzh kwHowqAQ/DUKBgIDV2mALrfRG6Mo/Y7qLwXxxwA0jZXAOmvJA7cv5A0WouaqmpSSWl hon987JeFYo4A== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F6A0FF885A; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:02 -0700 Subject: [PATCH RFC v5 07/53] KVM: guest_memfd: Update kvm_gmem_populate() to use gmem attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-7-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5801; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=QPxDAv4i49Lp2kh12cGxu3WGIDzywKuUGdyQ/nfUisI=; b=H7Gk4J0tyHq3MQv7cJZbXEyzOJDX6sNaPQffh/1UX3d0J6XV3uP86zbyCK+G5WFmDwe9hN+76 0GodstiPPcuDHZU/9hc7J1GoIETKUrg15mUByBNAMgFhtDQkJk6f/4+ X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Update the guest_memfd populate() flow to pull memory attributes from the gmem instance instead of the VM when KVM is not configured to track shared/private status in the VM. Rename the per-VM API to make it clear that it retrieves per-VM attributes, i.e. is not suitable for use outside of flows that are specific to generic per-VM attributes. Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/kvm/mmu/mmu.c | 2 +- include/linux/kvm_host.h | 14 +++++++++++++- virt/kvm/guest_memfd.c | 24 +++++++++++++++++++++--- virt/kvm/kvm_main.c | 8 +++----- 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 2cc848bddf190..d3da387340a9d 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -8004,7 +8004,7 @@ static bool hugepage_has_attrs(struct kvm *kvm, struc= t kvm_memory_slot *slot, const unsigned long end =3D start + KVM_PAGES_PER_HPAGE(level); =20 if (level =3D=3D PG_LEVEL_2M) - return kvm_range_has_memory_attributes(kvm, start, end, ~0, attrs); + return kvm_range_has_vm_memory_attributes(kvm, start, end, ~0, attrs); =20 for (gfn =3D start; gfn < end; gfn +=3D KVM_PAGES_PER_HPAGE(level - 1)) { if (hugepage_test_mixed(slot, gfn, level - 1) || diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 28a54298d27db..1deab76dc0a2c 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2549,12 +2549,24 @@ static inline bool kvm_mem_is_private(struct kvm *k= vm, gfn_t gfn) #endif =20 #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES -bool kvm_range_has_memory_attributes(struct kvm *kvm, gfn_t start, gfn_t e= nd, +extern bool vm_memory_attributes; +bool kvm_range_has_vm_memory_attributes(struct kvm *kvm, gfn_t start, gfn_= t end, unsigned long mask, unsigned long attrs); bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); +#else +#define vm_memory_attributes false +static inline bool kvm_range_has_vm_memory_attributes(struct kvm *kvm, + gfn_t start, gfn_t end, + unsigned long mask, + unsigned long attrs) +{ + WARN_ONCE(1, "Unexpected call to kvm_range_has_vm_memory_attributes()"); + + return false; +} #endif /* CONFIG_KVM_VM_MEMORY_ATTRIBUTES */ =20 unsigned long kvm_gmem_get_memory_attributes(struct kvm *kvm, gfn_t gfn); diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index e56f89640d050..758ac24a0ff40 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -936,12 +936,31 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memo= ry_slot *slot, EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_pfn); =20 #ifdef CONFIG_HAVE_KVM_ARCH_GMEM_POPULATE +static bool kvm_gmem_range_is_private(struct gmem_inode *gi, pgoff_t index, + size_t nr_pages, struct kvm *kvm, gfn_t gfn) +{ + pgoff_t end =3D index + nr_pages - 1; + void *entry; + + if (vm_memory_attributes) + return kvm_range_has_vm_memory_attributes(kvm, gfn, gfn + nr_pages, + KVM_MEMORY_ATTRIBUTE_PRIVATE, + KVM_MEMORY_ATTRIBUTE_PRIVATE); + + mt_for_each(&gi->attributes, entry, index, end) { + if (xa_to_value(entry) !=3D KVM_MEMORY_ATTRIBUTE_PRIVATE) + return false; + } + + return true; +} =20 static long __kvm_gmem_populate(struct kvm *kvm, struct kvm_memory_slot *s= lot, struct file *file, gfn_t gfn, struct page *src_page, kvm_gmem_populate_cb post_populate, void *opaque) { pgoff_t index =3D kvm_gmem_get_index(slot, gfn); + struct gmem_inode *gi; struct folio *folio; kvm_pfn_t pfn; int ret; @@ -956,9 +975,8 @@ static long __kvm_gmem_populate(struct kvm *kvm, struct= kvm_memory_slot *slot, =20 folio_unlock(folio); =20 - if (!kvm_range_has_memory_attributes(kvm, gfn, gfn + 1, - KVM_MEMORY_ATTRIBUTE_PRIVATE, - KVM_MEMORY_ATTRIBUTE_PRIVATE)) { + gi =3D GMEM_I(file_inode(file)); + if (!kvm_gmem_range_is_private(gi, index, 1, kvm, gfn)) { ret =3D -EINVAL; goto out_put_folio; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 4139e903f756a..0a4024948711a 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -103,9 +103,7 @@ module_param(allow_unsafe_mappings, bool, 0444); =20 #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES -static bool vm_memory_attributes =3D true; -#else -#define vm_memory_attributes false +bool vm_memory_attributes =3D true; #endif DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, kvm_get_memory_attrib= utes_t); EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes= )); @@ -2450,7 +2448,7 @@ static unsigned long kvm_get_vm_memory_attributes(str= uct kvm *kvm, gfn_t gfn) * Returns true if _all_ gfns in the range [@start, @end) have attributes * such that the bits in @mask match @attrs. */ -bool kvm_range_has_memory_attributes(struct kvm *kvm, gfn_t start, gfn_t e= nd, +bool kvm_range_has_vm_memory_attributes(struct kvm *kvm, gfn_t start, gfn_= t end, unsigned long mask, unsigned long attrs) { XA_STATE(xas, &kvm->mem_attr_array, start); @@ -2584,7 +2582,7 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm,= gfn_t start, gfn_t end, mutex_lock(&kvm->slots_lock); =20 /* Nothing to do if the entire range has the desired attributes. */ - if (kvm_range_has_memory_attributes(kvm, start, end, ~0, attributes)) + if (kvm_range_has_vm_memory_attributes(kvm, start, end, ~0, attributes)) goto out_unlock; =20 /* --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08B2A3932C2; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=ZFq7flE6X2dr0yoiDDI4az/EyBEYh/KTX8r/Lt4T4KSbaaxGvyJ6ozRL27XWKRFKVQgEoRaa3iJJ0FDdJP7jJAFMT1h9Zm73bMGrg65HVCr0LdEkB+rxrvlGnmovMWVQWU0jZyt+yMmEHc+LHhqIf7hVOLS1FWaOgZgwZPUA/MU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=UV5hwBR4fiJa9vpZQfRgMxlJB3QfygGG9gpvTP6MjZg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OGyHvbZvAUihyZpzYuIiJDZp6leDskRca/V+BNfiGBj/Zm1ZgrFGeBrnvjCVeLqMtrIWS7csalnpUXheiEohrKF9Om4BTxtakAJp0Nw6vTvDeC5ilL7e9jRwzxcE9Pb/kYwFF3IkDNV2YTyfUcsa86sPp7pZayoJOxDnx35BIrI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ClOHpNQg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ClOHpNQg" Received: by smtp.kernel.org (Postfix) with ESMTPS id BC4D2C4DDE9; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=UV5hwBR4fiJa9vpZQfRgMxlJB3QfygGG9gpvTP6MjZg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=ClOHpNQgeV2dRIIzXVIsMRQ0XUho0SpJxD3NGXrli/5Z0GtdjX5rlcAniP18yEnTp ndhWIMqTeQmOIhUuKs9ykIcYb+Xiz5+vu8zr9Y87X6o3I6TjVenkF/Etett1ut6ZBu +hm+QGT8eou3cPYUqCQpQ+w57vuhWtZFSfngJI4L6zH+HtxZY+5Ki2QDIovOXJ08+B QD25Qi7Cz4eZ/S/JwbJsjYjb5K1bXLv3Awy5o+Pp43ETVqvuCZrmlL29RloJMJgRL0 44Sw+h+YJGNCnSeAafhKoKi/zwhk5OH/Dgr+gIWI5gpO/YG34mTnMrVZgTy/WSm4z0 WUA/feZAxDsxw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A679EFF887B; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:03 -0700 Subject: [PATCH RFC v5 08/53] KVM: guest_memfd: Only prepare folios for private pages Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-8-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2198; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=OqIYnMBXTw/n3yXOP4qWHqQMtRm1sk4cJiE4i/xCg1U=; b=yGRr7gPhlI8FntjxRhJIC0FMe/yThO5oZateyTY3fWyRElaN/3eb1/73b2FjJr5Y5u70mlw1J ihXyN6WyW8pD8Lsguxbj3FixDVQIszkBT6nZQ+E0TRmn+mxLz4dXdoN X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng All-shared guest_memfd used to be only supported for non-CoCo VMs where preparation doesn't apply. INIT_SHARED is about to be supported for non-CoCo VMs in a later patch in this series. In addition, KVM_SET_MEMORY_ATTRIBUTES2 is about to be supported in guest_memfd in a later patch in this series. This means that the kvm fault handler may now call kvm_gmem_get_pfn() on a shared folio for a CoCo VM where preparation applies. Add a check to make sure that preparation is only performed for private folios. Preparation will be undone on freeing (see kvm_gmem_free_folio()) and on conversion to shared. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 758ac24a0ff40..506219e2359eb 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -900,6 +900,7 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory= _slot *slot, int *max_order) { pgoff_t index =3D kvm_gmem_get_index(slot, gfn); + struct inode *inode; struct folio *folio; int r =3D 0; =20 @@ -907,7 +908,8 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory= _slot *slot, if (!file) return -EFAULT; =20 - filemap_invalidate_lock_shared(file_inode(file)->i_mapping); + inode =3D file_inode(file); + filemap_invalidate_lock_shared(inode->i_mapping); =20 folio =3D __kvm_gmem_get_pfn(file, slot, index, pfn, max_order); if (IS_ERR(folio)) { @@ -920,7 +922,8 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory= _slot *slot, folio_mark_uptodate(folio); } =20 - r =3D kvm_gmem_prepare_folio(kvm, slot, gfn, folio); + if (kvm_gmem_is_private_mem(inode, index)) + r =3D kvm_gmem_prepare_folio(kvm, slot, gfn, folio); =20 folio_unlock(folio); =20 @@ -930,7 +933,7 @@ int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory= _slot *slot, folio_put(folio); =20 out: - filemap_invalidate_unlock_shared(file_inode(file)->i_mapping); + filemap_invalidate_unlock_shared(inode->i_mapping); return r; } EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_pfn); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1D4963939B0; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=OZQ4RZuTYzQ9Y0bhQnDkmcgIXYMXYmkcDUN374kwaj1GvNNIUALBFXUdrBcOh0tSI2F9qau06fbtnFAkpdZKZtvjaXIr68HaMedvv9LCU7Wac1PIh0RjJiwfC2vko2ly05y7CYHh1y89KJlfJipqHvWI59Rtl5JaWmIJ9nCuyfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=dtwLZrTCdtYF0WQJCPjTeRznnhw4wbsEzLijM5CfNpA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=clj038H83g0ntcQ9ON7w/wp88wvXeYV4N/Z2SRTrXszfqU9AwgW+2hx7JQUgrwBQ0u/77/nTVbTxbBY8U4aN4hhbfE3/VoBdM3ruRM0rairOCudkmE9BEq4WpurA9WtMr830+zlAXiBi4eQax+YARqmblMUPxX+s8Tlv0kNEE6k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Hhi6sSq1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Hhi6sSq1" Received: by smtp.kernel.org (Postfix) with ESMTPS id C9F50C2BCC9; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418717; bh=dtwLZrTCdtYF0WQJCPjTeRznnhw4wbsEzLijM5CfNpA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=Hhi6sSq1dTusGbTEV5YXaLfYZWXv3/OHMw5TZG/7VvSV7Ar/4PfncrK2vpfuVEcve ZoYDCVA37T6Yt7+e6R9eTFqE64ZGuY2+OmIKNEHTEQQGQmHCe6LTbM7YKe2sgZEdDx iLEq810PQ8QLAAbRmTwHpDnE6KCK8DHHBufOOq4nMzxyzdxUWPQ8rrCw8wRkBbqZ0p tSGfShtFGqOjOzjc+tugDVhSIwDe3uXfYpiSlmxNTQAuqqPhM+teGiHV80z0l+2iKL KX/N2Lp2SlokUJrlT2cRYuDwYum/smf/C1UBxrLmXW7gvQQvkJiVratyMuCX4Y+8lo GEx54JWp4lbew== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC3DBFF887C; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:04 -0700 Subject: [PATCH RFC v5 09/53] KVM: Move kvm_supported_mem_attributes() to kvm_host.h Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-9-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1904; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=KgLAU6noveUvf5fI6bj1R5BsJhhYvScuPPA/BlOKlOk=; b=k2Xf4rmjwdl/N8GqDeRUZeG+vf5oIPyQCq1XNAC4f6MtoL0TdhL4DVBhgoajGopGFq4FETryr jbKaEXhTk8cADW9GiGhS1xOa3Dxz4QcX3WkmF+6dbj+4WQxORlleMO8 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Move kvm_supported_mem_attributes() from kvm_main.c to kvm_host.h and make it a static inline function. This allows the helper to be used in other parts of the KVM subsystem outside of kvm_main.c. This helper will be used later by guest_memfd. No functional change intended. Signed-off-by: Ackerley Tng --- include/linux/kvm_host.h | 10 ++++++++++ virt/kvm/kvm_main.c | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 1deab76dc0a2c..f9ea95e33d050 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2529,6 +2529,16 @@ static inline bool kvm_memslot_is_gmem_only(const st= ruct kvm_memory_slot *slot) } =20 #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES +static inline u64 kvm_supported_mem_attributes(struct kvm *kvm) +{ +#ifdef kvm_arch_has_private_mem + if (!kvm || kvm_arch_has_private_mem(kvm)) + return KVM_MEMORY_ATTRIBUTE_PRIVATE; +#endif + + return 0; +} + typedef unsigned long (kvm_get_memory_attributes_t)(struct kvm *kvm, gfn_t= gfn); DECLARE_STATIC_CALL(__kvm_get_memory_attributes, kvm_get_memory_attributes= _t); =20 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 0a4024948711a..ff20e63143642 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2428,16 +2428,6 @@ static int kvm_vm_ioctl_clear_dirty_log(struct kvm *= kvm, #endif /* CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT */ =20 #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES -static u64 kvm_supported_mem_attributes(struct kvm *kvm) -{ -#ifdef kvm_arch_has_private_mem - if (!kvm || kvm_arch_has_private_mem(kvm)) - return KVM_MEMORY_ATTRIBUTE_PRIVATE; -#endif - - return 0; -} - #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES static unsigned long kvm_get_vm_memory_attributes(struct kvm *kvm, gfn_t g= fn) { --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2FF63396B68; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=df152JQOhuL2k6CSLl/xYmII7Snx9oCi9vZEggOzbehqlPOpvozl0/nJ1fGjC1gTc3pvXMmP17+IBaAyN6jGM0nft3BLyAQHaGW5n8qSw2cC6XA5EXthJERT9c6Y/K1eS1h/KJrhu+LUqd/IrGb0ECVZ+QTM27WbxErxVkQdL24= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=cnjGzw9NY1OyzWvnH+SRSy7P0B55lk23vOepqJJFsVY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ch+CavdjRc4ppjWiadtlqHm0NhLHPRcY3QPYjVg7W89s3x7YfiQA23Ylt4niUMJV6GCOBR8tBJWCiV73snfGsb5nHj0FVgNFE69DkH4RKlUMQeNtOjBv5xeqYA0VYo7mVYotFZLqWXm4SXoAYRcc5wZIVnX5AyBEqYTyLR1W3zc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jwHJMNGe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jwHJMNGe" Received: by smtp.kernel.org (Postfix) with ESMTPS id EF043C2BD00; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=cnjGzw9NY1OyzWvnH+SRSy7P0B55lk23vOepqJJFsVY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=jwHJMNGeoiPCdDkdojNZzbaHJwu7NAoMOXNsHYMmkDyI1f8RIquPa+x/2Ymn3LnFv bHxvB7Aj/iFw3sagvvdNKCxycM+YuETLVfG66ERN9+UfSZeavwV/BIvbvBc975SvQe tTAPS2mK1PlFV01rovcyIe1qrU4sfA5fDwTRlbjVXS4hNiG89V3Bp99Em7TWFbCIXQ GzHmofkodfYsMoiJ85UPtE9EPglGSv7XrudRbDnKS+Z2+xPhx3OLTTS8KZ4Mf/sLsk EsWSvcIMN476hD9PJlktXS8mZEhQRzcI4Gob9usIQgBz4nQ9p6/WqVK9oSPWGzSY4J TXmLApN/+d3bQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3AB3FF8875; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:05 -0700 Subject: [PATCH RFC v5 10/53] KVM: guest_memfd: Add basic support for KVM_SET_MEMORY_ATTRIBUTES2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-10-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=7268; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=spJ+/mHdea9KTBTdOi0gNUqMga+eC4IE/RiHVBAOX1g=; b=gsMa4tvF0Nu80a0CXmAst2uq0LQatxfGP0x04q1lWe7t1PnwEX7WF1VJJtclzwbMuXKcPPsi1 p+aKnfQ2cH5D8UaXg+l3l01U2jA5BoDejQ9onrVaAutSp9ImpZBvxsJ X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Introduce basic support for KVM_SET_MEMORY_ATTRIBUTES2 in guest_memfd, which just updates attributes tracked by guest_memfd. Validate input fields in general. Guard usage of KVM_SET_MEMORY_ATTRIBUTES2 by making sure requested attributes are supported for this instance of kvm. A new KVM_SET_MEMORY_ATTRIBUTES2 is defined to support writes (unlike KVM_SET_MEMORY_ATTRIBUTES) in addition to reads so it can provide error details to userspace. This will be used in a later patch. The two ioctls use their corresponding structs with no overlap, but backward compatibility is baked in for future support of KVM_SET_MEMORY_ATTRIBUTES2 and struct kvm_memory_attributes2 in the VM ioctl. The process of setting memory attributes is set up such that the later half will not fail due to allocation. Any necessary checks are performed before the point of no return. Signed-off-by: Ackerley Tng Co-developed-by: Vishal Annapurve Signed-off-by: Vishal Annapurve Co-developed-by: Sean Christoperson Signed-off-by: Sean Christoperson --- include/uapi/linux/kvm.h | 13 ++++++ virt/kvm/Kconfig | 1 + virt/kvm/guest_memfd.c | 114 +++++++++++++++++++++++++++++++++++++++++++= ++++ virt/kvm/kvm_main.c | 12 +++++ 4 files changed, 140 insertions(+) diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 6c8afa2047bf3..e6bbf68a83813 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1648,6 +1648,19 @@ struct kvm_memory_attributes { __u64 flags; }; =20 +#define KVM_SET_MEMORY_ATTRIBUTES2 _IOWR(KVMIO, 0xd2, struct= kvm_memory_attributes2) + +struct kvm_memory_attributes2 { + union { + __u64 address; + __u64 offset; + }; + __u64 size; + __u64 attributes; + __u64 flags; + __u64 reserved[12]; +}; + #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) =20 #define KVM_CREATE_GUEST_MEMFD _IOWR(KVMIO, 0xd4, struct kvm_create_guest= _memfd) diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index 3fea89c45cfb4..e371e079e2c50 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -109,6 +109,7 @@ config KVM_VM_MEMORY_ATTRIBUTES =20 config KVM_GUEST_MEMFD select XARRAY_MULTI + select KVM_MEMORY_ATTRIBUTES bool =20 config HAVE_KVM_ARCH_GMEM_PREPARE diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 506219e2359eb..9a26eca717047 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -552,11 +552,125 @@ unsigned long kvm_gmem_get_memory_attributes(struct = kvm *kvm, gfn_t gfn) } EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_memory_attributes); =20 +/* + * Preallocate memory for attributes to be stored on a maple tree, pointed= to + * by mas. Adjacent ranges with attributes identical to the new attributes + * will be merged. Also sets mas's bounds up for storing attributes. + * + * This maintains the invariant that ranges with the same attributes will + * always be merged. + */ +static int kvm_gmem_mas_preallocate(struct ma_state *mas, u64 attributes, + pgoff_t start, size_t nr_pages) +{ + pgoff_t end =3D start + nr_pages; + pgoff_t last =3D end - 1; + void *entry; + + /* Try extending range. entry is NULL on overflow/wrap-around. */ + mas_set_range(mas, end, end); + entry =3D mas_find(mas, end); + if (entry && xa_to_value(entry) =3D=3D attributes) + last =3D mas->last; + + if (start > 0) { + mas_set_range(mas, start - 1, start - 1); + entry =3D mas_find(mas, start - 1); + if (entry && xa_to_value(entry) =3D=3D attributes) + start =3D mas->index; + } + + mas_set_range(mas, start, last); + return mas_preallocate(mas, xa_mk_value(attributes), GFP_KERNEL); +} + +static int __kvm_gmem_set_attributes(struct inode *inode, pgoff_t start, + size_t nr_pages, uint64_t attrs) +{ + struct address_space *mapping =3D inode->i_mapping; + struct gmem_inode *gi =3D GMEM_I(inode); + pgoff_t end =3D start + nr_pages; + struct maple_tree *mt; + struct ma_state mas; + int r; + + mt =3D &gi->attributes; + + filemap_invalidate_lock(mapping); + + mas_init(&mas, mt, start); + r =3D kvm_gmem_mas_preallocate(&mas, attrs, start, nr_pages); + if (r) + goto out; + + /* + * From this point on guest_memfd has performed necessary + * checks and can proceed to do guest-breaking changes. + */ + + kvm_gmem_invalidate_begin(inode, start, end); + mas_store_prealloc(&mas, xa_mk_value(attrs)); + kvm_gmem_invalidate_end(inode, start, end); +out: + filemap_invalidate_unlock(mapping); + return r; +} + +static long kvm_gmem_set_attributes(struct file *file, void __user *argp) +{ + struct gmem_file *f =3D file->private_data; + struct inode *inode =3D file_inode(file); + struct kvm_memory_attributes2 attrs; + size_t nr_pages; + pgoff_t index; + int i; + + if (copy_from_user(&attrs, argp, sizeof(attrs))) + return -EFAULT; + + if (attrs.flags) + return -EINVAL; + for (i =3D 0; i < ARRAY_SIZE(attrs.reserved); i++) { + if (attrs.reserved[i]) + return -EINVAL; + } + if (attrs.attributes & ~kvm_supported_mem_attributes(f->kvm)) + return -EINVAL; + if (attrs.size =3D=3D 0 || attrs.offset + attrs.size < attrs.offset) + return -EINVAL; + if (!PAGE_ALIGNED(attrs.offset) || !PAGE_ALIGNED(attrs.size)) + return -EINVAL; + + if (attrs.offset >=3D i_size_read(inode) || + attrs.offset + attrs.size > i_size_read(inode)) + return -EINVAL; + + nr_pages =3D attrs.size >> PAGE_SHIFT; + index =3D attrs.offset >> PAGE_SHIFT; + return __kvm_gmem_set_attributes(inode, index, nr_pages, + attrs.attributes); +} + +static long kvm_gmem_ioctl(struct file *file, unsigned int ioctl, + unsigned long arg) +{ + switch (ioctl) { + case KVM_SET_MEMORY_ATTRIBUTES2: + if (vm_memory_attributes) + return -ENOTTY; + + return kvm_gmem_set_attributes(file, (void __user *)arg); + default: + return -ENOTTY; + } +} + static struct file_operations kvm_gmem_fops =3D { .mmap =3D kvm_gmem_mmap, .open =3D generic_file_open, .release =3D kvm_gmem_release, .fallocate =3D kvm_gmem_fallocate, + .unlocked_ioctl =3D kvm_gmem_ioctl, }; =20 static int kvm_gmem_migrate_folio(struct address_space *mapping, diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ff20e63143642..4d7bf52b7b717 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -110,6 +110,18 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_g= et_memory_attributes)); EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_TRAMP(__kvm_get_memory_attribut= es)); #endif =20 +#define MEMORY_ATTRIBUTES_MATCH(one, two) \ + static_assert(offsetof(struct kvm_memory_attributes, one) =3D=3D \ + offsetof(struct kvm_memory_attributes2, two)); \ + static_assert(sizeof_field(struct kvm_memory_attributes, one) =3D=3D\ + sizeof_field(struct kvm_memory_attributes2, two)) + +/* Ensure the common parts of the two structs are identical. */ +MEMORY_ATTRIBUTES_MATCH(address, address); +MEMORY_ATTRIBUTES_MATCH(size, size); +MEMORY_ATTRIBUTES_MATCH(attributes, attributes); +MEMORY_ATTRIBUTES_MATCH(flags, flags); + /* * Ordering of locks: * --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6789239C014; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=eTyWKAF/0BiKXVdlI6N+CpnpXoha5HTrPY8QrU3um3XCOVmIbt2TkUvfYK8lcLPAj3uOI/+Rfb/AdTL8daGo+lz0dux8Xdmc9Aas2TF/PcOumLbmxskwdbJ4MRmd8yaO/N0c1GtQ1ip4zx150Ve1oFSh+SA04I+x7fNeaNLd1LE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=9750fpF1nnzw5FMbcwXBFd8+x1vg6XaBTqinHY5QRdA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=gshHHd3RoZ/gQFO6+2uKILcodvWC6I4d152PCajoz4mPFwG3STvoGcY1rA4xToSsMx12k91YPT3/G/Ji4MnbyPKo99l0FwTy/awIc4AqTjCV0eW7Dnk5oZpRiv2z3PH2Az3l27x4WNyXmJ+UOqyT7bHMQkGMnUrghSzvIh5ucZM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=u6xvBNXG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="u6xvBNXG" Received: by smtp.kernel.org (Postfix) with ESMTPS id 1F4D6C4AF15; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=9750fpF1nnzw5FMbcwXBFd8+x1vg6XaBTqinHY5QRdA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=u6xvBNXGyL7cfftlbzDjeeSOdAU0lmPudk+DWmikdf6BoR8kwwBUVdYUFXaaWz40z I7wF4vpRPI0IrCoC8DkeRM7/EEAvboOITP0u5BD54fK4Y7e+DQTszGtPdpmAcDBb1A A+CE+UFYjFWPPjmURONblE9BrNpiu/KvbgcItIoC7NMbL9tf+PODmKwFYfWyqb7kTo nEhtgGHYEtpsphe0gz+3bXFo2oqTDXA8ow2EELOPKgeu3KGVmFgqBavd7ghfHntb64 Q/Y29xtTY+ZjvHHRixqFJ+rQNiOm3qZgNSQxb7K6xgjyz1yLJQr9WlVxHDB4yIFauz ASz9Z0CSaPxXw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9B4EFF885A; Tue, 28 Apr 2026 23:25:17 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:06 -0700 Subject: [PATCH RFC v5 11/53] KVM: guest_memfd: Ensure pages are not in use before conversion Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-11-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=4739; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=ZesJiMcNapcBxIf6x9eHO95YZTcAmRO50d1ZUK3cJ+M=; b=HWL17Acz1Eb4pA5qXBnsUBEn6SyzbNUQa+McyqKavL8O5iHQaau0JL6oz/botc9bXTWzmzNot jJGdXsm/GCUDE42MsBS0NqMYOiy1mFctd3mo+UQ9FIXhdLizCS44v46 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng When converting memory to private in guest_memfd, it is necessary to ensure that the pages are not currently being accessed by any other part of the kernel or userspace to avoid any current user writing to guest private memory. guest_memfd checks for unexpected refcounts to determine whether a page is still in use. The only expected refcounts after unmapping the range requested for conversion are those that are held by guest_memfd itself. Update the kvm_memory_attributes2 structure to include an error_offset field. This allows KVM to report the exact offset where a conversion failed to userspace. If the safety check fails, return -EAGAIN and copy the error_offset back to userspace so that it can potentially retry the operation or handle the failure gracefully. Suggested-by: David Hildenbrand Signed-off-by: Ackerley Tng Co-developed-by: Vishal Annapurve Signed-off-by: Vishal Annapurve --- include/uapi/linux/kvm.h | 3 ++- virt/kvm/guest_memfd.c | 65 ++++++++++++++++++++++++++++++++++++++++++++= ---- 2 files changed, 62 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index e6bbf68a83813..0b55258573d3d 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1658,7 +1658,8 @@ struct kvm_memory_attributes2 { __u64 size; __u64 attributes; __u64 flags; - __u64 reserved[12]; + __u64 error_offset; + __u64 reserved[11]; }; =20 #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 9a26eca717047..e87a2b72ff802 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -584,9 +584,42 @@ static int kvm_gmem_mas_preallocate(struct ma_state *m= as, u64 attributes, return mas_preallocate(mas, xa_mk_value(attributes), GFP_KERNEL); } =20 +static bool kvm_gmem_is_safe_for_conversion(struct inode *inode, pgoff_t s= tart, + size_t nr_pages, pgoff_t *err_index) +{ + struct address_space *mapping =3D inode->i_mapping; + const int filemap_get_folios_refcount =3D 1; + pgoff_t last =3D start + nr_pages - 1; + struct folio_batch fbatch; + bool safe =3D true; + int i; + + folio_batch_init(&fbatch); + while (safe && filemap_get_folios(mapping, &start, last, &fbatch)) { + + for (i =3D 0; i < folio_batch_count(&fbatch); ++i) { + struct folio *folio =3D fbatch.folios[i]; + + if (folio_ref_count(folio) !=3D + folio_nr_pages(folio) + filemap_get_folios_refcount) { + safe =3D false; + *err_index =3D folio->index; + break; + } + } + + folio_batch_release(&fbatch); + cond_resched(); + } + + return safe; +} + static int __kvm_gmem_set_attributes(struct inode *inode, pgoff_t start, - size_t nr_pages, uint64_t attrs) + size_t nr_pages, uint64_t attrs, + pgoff_t *err_index) { + bool to_private =3D attrs & KVM_MEMORY_ATTRIBUTE_PRIVATE; struct address_space *mapping =3D inode->i_mapping; struct gmem_inode *gi =3D GMEM_I(inode); pgoff_t end =3D start + nr_pages; @@ -600,8 +633,21 @@ static int __kvm_gmem_set_attributes(struct inode *ino= de, pgoff_t start, =20 mas_init(&mas, mt, start); r =3D kvm_gmem_mas_preallocate(&mas, attrs, start, nr_pages); - if (r) + if (r) { + *err_index =3D start; goto out; + } + + if (to_private) { + unmap_mapping_pages(mapping, start, nr_pages, false); + + if (!kvm_gmem_is_safe_for_conversion(inode, start, nr_pages, + err_index)) { + mas_destroy(&mas); + r =3D -EAGAIN; + goto out; + } + } =20 /* * From this point on guest_memfd has performed necessary @@ -621,9 +667,10 @@ static long kvm_gmem_set_attributes(struct file *file,= void __user *argp) struct gmem_file *f =3D file->private_data; struct inode *inode =3D file_inode(file); struct kvm_memory_attributes2 attrs; + pgoff_t err_index; size_t nr_pages; pgoff_t index; - int i; + int i, r; =20 if (copy_from_user(&attrs, argp, sizeof(attrs))) return -EFAULT; @@ -647,8 +694,16 @@ static long kvm_gmem_set_attributes(struct file *file,= void __user *argp) =20 nr_pages =3D attrs.size >> PAGE_SHIFT; index =3D attrs.offset >> PAGE_SHIFT; - return __kvm_gmem_set_attributes(inode, index, nr_pages, - attrs.attributes); + r =3D __kvm_gmem_set_attributes(inode, index, nr_pages, attrs.attributes, + &err_index); + if (r) { + attrs.error_offset =3D ((uint64_t)err_index) << PAGE_SHIFT; + + if (copy_to_user(argp, &attrs, sizeof(attrs))) + return -EFAULT; + } + + return r; } =20 static long kvm_gmem_ioctl(struct file *file, unsigned int ioctl, --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D39739B977; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=IqzSpukaiPhCbGNxUF847OHp8sflXBGCLF8OveboBIbvxwSWMc0iASHuilDy1WNCe5rccukKcNJ3NGYKtBrUJ6c6jMvYZ+IhwUt8GqIRducLpNoS4ffPc1hvL/N3aeftDuDdSkKgP6nTboED32E5v1VUa14TXyXUQDCwDhPOm+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=iJZiLnKh5j71DDrFz6egf458dsQEYwwMP5dds4+D/y0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=I6x9sTImVtUGor5Ef7/xhq/DYYkXiNpuXMoRCc++K4pRXtb+dZFZtdc+g+bpQOHOotMJjHi9+Yzkli1mHv5XKahjZlUiNPBXsFba72L/yw61yuXVCrgJstJ1+QU1K+Ph7h0WHOVDKy5bstvlRjh8vgecVHDOdtKUn+dEDZAF5q4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=M6SinTGx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="M6SinTGx" Received: by smtp.kernel.org (Postfix) with ESMTPS id 24F52C4AF50; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=iJZiLnKh5j71DDrFz6egf458dsQEYwwMP5dds4+D/y0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=M6SinTGx0g7MFmTe7R6QcU6RcvSwjFksWzs6GrX2b7I46sz6+OLV+EC+fNulkDKlN rNgXWZaqV/rpFEPG6DHLFA1mKtSDzZN2rm+Hv8GFWiPrQ2GK8k7aTP4Z90CZJTBeVs sYmWYanDsQ22WtW2AW6T79t5ahzJyHoOalBlwFXKjZJnlllhGjIW5rZM/SdDF1d1yj 6D7YYOyjGsjy64FxfNrzUUtXb594mu2M4yj4IVGt1KIcoXCMQfdykGQu5ciMYe5PdA dNPRQa6mKGGgfmAJZDJJYz9FslS1iVd1Y87NBYdLCSIYFV8S+f4XaIPoyjc04i0957 Bw9+Zm++SJpTA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BA64FF8877; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:07 -0700 Subject: [PATCH RFC v5 12/53] KVM: guest_memfd: Call arch invalidate hooks on conversion Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-12-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2720; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=UsLRLh3AIJ5cVwTgy5fboswwtwHuPjBmzdL4rLOt238=; b=4jHyEI752ecM5CTcqDblAk9LFt1tl5dB2MC/7dEAS40eW5wd6PuSEj1Sj6Qddy+65ypyXOOx8 ZQ2bxZ3At6JC/k3AP/41lDarPCPuqNaQ6DYcaIaLZS/RqW/ekh/abb3 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng When memory in guest_memfd is converted from private to shared, the platform-specific state associated with the guest-private pages must be invalidated or cleaned up. Iterate over the folios in the affected range and call the kvm_arch_gmem_invalidate() hook for each PFN range. This allows architectures to perform necessary teardown, such as updating hardware metadata or encryption states, before the pages are transitioned to the shared state. Invoke this helper after indicating to KVM's mmu code that an invalidation is in progress to stop in-flight page faults from succeeding. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index e87a2b72ff802..d563d80d4accb 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -615,6 +615,42 @@ static bool kvm_gmem_is_safe_for_conversion(struct ino= de *inode, pgoff_t start, return safe; } =20 +#ifdef CONFIG_HAVE_KVM_ARCH_GMEM_INVALIDATE +static void kvm_gmem_invalidate(struct inode *inode, pgoff_t start, pgoff_= t end) +{ + struct folio_batch fbatch; + pgoff_t next =3D start; + int i; + + folio_batch_init(&fbatch); + while (filemap_get_folios(inode->i_mapping, &next, end - 1, &fbatch)) { + for (i =3D 0; i < folio_batch_count(&fbatch); ++i) { + struct folio *folio =3D fbatch.folios[i]; + pgoff_t start_index, end_index; + kvm_pfn_t start_pfn, end_pfn; + + start_index =3D max(start, folio->index); + end_index =3D min(end, folio_next_index(folio)); + /* + * end_index is either in folio or points to + * the first page of the next folio. Hence, + * all pages in range [start_index, end_index) + * are contiguous. + */ + start_pfn =3D folio_file_pfn(folio, start_index); + end_pfn =3D start_pfn + end_index - start_index; + + kvm_arch_gmem_invalidate(start_pfn, end_pfn); + } + + folio_batch_release(&fbatch); + cond_resched(); + } +} +#else +static void kvm_gmem_invalidate(struct inode *inode, pgoff_t start, pgoff_= t end) {} +#endif + static int __kvm_gmem_set_attributes(struct inode *inode, pgoff_t start, size_t nr_pages, uint64_t attrs, pgoff_t *err_index) @@ -655,7 +691,12 @@ static int __kvm_gmem_set_attributes(struct inode *ino= de, pgoff_t start, */ =20 kvm_gmem_invalidate_begin(inode, start, end); + + if (!to_private) + kvm_gmem_invalidate(inode, start, end); + mas_store_prealloc(&mas, xa_mk_value(attrs)); + kvm_gmem_invalidate_end(inode, start, end); out: filemap_invalidate_unlock(mapping); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A0EA39C65E; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=Et0m3sR6+bJQZb4IK58dEpchrc4t+Fr6Z4/rpd1y2TgjGE5REwmBNy0QIkCVPW9uCgOzezRV2FsRJM4OEpk64+RgKTqVXgsai7vCyalZHCBk2gvPyIJqQUHMZs50w0flbUdlgOZ5koyynUud2YaaRRoXV4pkA5/6isqk1JmzwPU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=hBmKFJnOCs0S5g+APYD+DID3z1acALZDNcnsp4e/ipc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ZvBD1qcg/O+BOnHQVtOVy5vJDFiPfstJiiVAMrQmqJY8fHSa4KvqVRHD1cArGQNP5yUNSZEIOmz0VBTlocfTeYsGpXyby69HBdG2sBFYJMLYoUTp4LYn4A6Au93LVSup5BmS+z+fzjTTeXoUW2DBAHImI6Sl2D8MKQwGpV++K7E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=g9sRFF7e; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="g9sRFF7e" Received: by smtp.kernel.org (Postfix) with ESMTPS id 41061C2BCB8; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=hBmKFJnOCs0S5g+APYD+DID3z1acALZDNcnsp4e/ipc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=g9sRFF7el4fEV5s0maeinfAKTleEfhhp6J904O234x5NF5cP7/mqyGqI1TL3At/cF vc5C0L/C1SObDX9GIcocqJ4y2b9TDFB2yNaVHb2Li98zHzuFPsZOzPLgv2loINQBrG 0fSPZbjBQuQtdG3v6RvTjv4lswKBlby+7Lee9R2FmEotsWpMy9bTpmg34g3JLjEbnP Btu10P464zJ77Y8OpywMRHg+q5yVHUd+X5wRgfeIcmwExg4K7+gjjni2+OTWrc0xmH mTivun07fYtU4dpcmuhiOuQJWqvKXM4+rix+MYgK18rEdjSUrpBoUd4VCQm3N77IEY bCjmjOsrMCaqQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2391FFF887E; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:08 -0700 Subject: [PATCH RFC v5 13/53] KVM: guest_memfd: Return early if range already has requested attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-13-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2437; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=2jwl4vZPlGQvOmnwH/oYNhanxNv5t/UdBGux+AjU5aQ=; b=1XrRoXlZ6YyE/8zRKL/CERwfqop5gZw5Z1bMhGmpG5iD5nCUiQ9BfUkM3SKtE7wFQPAeWBH9t qnBc56ZHLjWD+SmyF3p6GdHGVRlIhFa7pRDpwx9wFvKpRHafBXps6VW X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Extract a helper out of kvm_gmem_range_is_private() that checks that a range has given attributes. Optimize setting memory attributes by returning early if all pages in the requested range already has the requested attributes. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index d563d80d4accb..d8bdb51c50cf0 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -92,6 +92,23 @@ static bool kvm_gmem_is_shared_mem(struct inode *inode, = pgoff_t index) return !kvm_gmem_is_private_mem(inode, index); } =20 +static bool kvm_gmem_range_has_attributes(struct maple_tree *mt, + pgoff_t index, size_t nr_pages, + u64 attributes) +{ + pgoff_t end =3D index + nr_pages - 1; + void *entry; + + lockdep_assert(mt_lock_is_held(mt)); + + mt_for_each(mt, entry, index, end) { + if (xa_to_value(entry) !=3D attributes) + return false; + } + + return true; +} + static int __kvm_gmem_prepare_folio(struct kvm *kvm, struct kvm_memory_slo= t *slot, pgoff_t index, struct folio *folio) { @@ -667,6 +684,11 @@ static int __kvm_gmem_set_attributes(struct inode *ino= de, pgoff_t start, =20 filemap_invalidate_lock(mapping); =20 + if (kvm_gmem_range_has_attributes(mt, start, nr_pages, attrs)) { + r =3D 0; + goto out; + } + mas_init(&mas, mt, start); r =3D kvm_gmem_mas_preallocate(&mas, attrs, start, nr_pages); if (r) { @@ -1152,20 +1174,13 @@ EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_gmem_get_pfn); static bool kvm_gmem_range_is_private(struct gmem_inode *gi, pgoff_t index, size_t nr_pages, struct kvm *kvm, gfn_t gfn) { - pgoff_t end =3D index + nr_pages - 1; - void *entry; - if (vm_memory_attributes) return kvm_range_has_vm_memory_attributes(kvm, gfn, gfn + nr_pages, KVM_MEMORY_ATTRIBUTE_PRIVATE, KVM_MEMORY_ATTRIBUTE_PRIVATE); =20 - mt_for_each(&gi->attributes, entry, index, end) { - if (xa_to_value(entry) !=3D KVM_MEMORY_ATTRIBUTE_PRIVATE) - return false; - } - - return true; + return kvm_gmem_range_has_attributes(&gi->attributes, index, nr_pages, + KVM_MEMORY_ATTRIBUTE_PRIVATE); } =20 static long __kvm_gmem_populate(struct kvm *kvm, struct kvm_memory_slot *s= lot, --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9139439D6F4; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=WMnDJQkcHhErPq/etx334vUsumruEEgAWZIK6cd3IC9Ov1PFel0xu/kT/dYFnanv/saQnnpanKfBV9/JKAJUKocEC78hNbp5unCXO6TJedRjGbWa7LYecKoax5d5rdIz5eA/nNjKqMHpRQ1S2RPh4uHgQZqHbX4U+fbZBh9M77g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=EtJm+CLHgfPNJ6px7UjasKC7l622h0ZRyjwTXKMOX3U=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kjhOMTvIhmtALff9C5mzUgQzjTMISBC57APUDTvR5yTaHgXoyJyKOOSF6UC41PNl+yDPBaxOO7yz1004VtZFNUAyyzH9839c5SCUv6ooOAGI3RsYxfNqWGrzBeN2VAVEO8Hz7EAjC2FqVPuofiKYI5PNkj9RMkEmRbZ77PfcnVE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=V0uomQ/J; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="V0uomQ/J" Received: by smtp.kernel.org (Postfix) with ESMTPS id 4DA7EC4AF4D; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=EtJm+CLHgfPNJ6px7UjasKC7l622h0ZRyjwTXKMOX3U=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=V0uomQ/JhXw4yLeGGkngDAxO9P1PdPYD5S2rvZgBxDozaBwEU5jlsmcgi0oHuIiiB G3cHpbjENBALSoK9vtkCfN+PHivZM0Q4SZnEqVTQw9Se9P0H2uA6rkVSAlhaEftBe+ IDyjZIDvLnzqh/da7Qd361zA1wWuIR2swCq+p63hShGpbmqqt4PCV6HH0nYQrYADPH EORNEFG9OId32q0zryQGAyAPJlA+2q7guU3XaHfLLBf9uQro5vApXrJkbN6YF6w+Id 73ZiY/nO4jipWo64F06FhMBxznQkzDXM7ewv32PGWQSlOhQEQ33veOMMBsXCQuF4fr 1m7fks716ZrzA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 39D50FF887C; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:09 -0700 Subject: [PATCH RFC v5 14/53] KVM: guest_memfd: Advertise KVM_SET_MEMORY_ATTRIBUTES2 ioctl Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-14-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5936; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=tu+JlRkYHR1IXTuUBVoULvQy7xjaIDUUYI8NTjhnxms=; b=mrTIaTLDrZxGt/EbqQxPyT5JpCnDYB9pIjvwlVNRpC1BZCmqzBP+bFEx8nXGN2ewa9bJYCDE6 sNYXWkfdQ3/C3Lhmox9HSJZgUHo4eLbBzOaJeyyyVidANnKH7vvxFAF X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Introduce KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES to advertise the availability of the KVM_SET_MEMORY_ATTRIBUTES2 ioctl. KVM_SET_MEMORY_ATTRIBUTES2 is a guest_memfd-scoped version of the existing KVM_SET_MEMORY_ATTRIBUTES VM ioctl. It allows userspace to manage memory attributes, such as KVM_MEMORY_ATTRIBUTE_PRIVATE, directly on a guest_memfd file descriptor. This new version uses struct kvm_memory_attributes2, which adds an error_offset field to the output. This allows KVM to return the specific offset that triggered an error, which is especially useful for handling EAGAIN results caused by transient page reference counts during attribute conversions. Update the KVM API documentation to define the new ioctl and its behavior, and add the necessary UAPI definitions and capability checks. Suggested-by: Sean Christopherson Suggested-by: Michael Roth Signed-off-by: Ackerley Tng --- Documentation/virt/kvm/api.rst | 72 ++++++++++++++++++++++++++++++++++++++= +++- include/uapi/linux/kvm.h | 2 ++ virt/kvm/kvm_main.c | 5 +++ 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 52bbbb553ce10..6ce10c8ddb634 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -117,7 +117,7 @@ description: x86 includes both i386 and x86_64. =20 Type: - system, vm, or vcpu. + system, vm, vcpu or guest_memfd. =20 Parameters: what parameters are accepted by the ioctl. @@ -6361,6 +6361,8 @@ S390: Returns -EINVAL if the VM has the KVM_VM_S390_UCONTROL flag set. Returns -EINVAL if called on a protected VM. =20 +.. _KVM_SET_MEMORY_ATTRIBUTES: + 4.141 KVM_SET_MEMORY_ATTRIBUTES ------------------------------- =20 @@ -6553,6 +6555,74 @@ KVM_S390_KEYOP_SSKE Sets the storage key for the guest address ``guest_addr`` to the key specified in ``key``, returning the previous value in ``key``. =20 +4.145 KVM_SET_MEMORY_ATTRIBUTES2 +--------------------------------- + +:Capability: KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES +:Architectures: all +:Type: guest_memfd ioctl +:Parameters: struct kvm_memory_attributes2 (in/out) +:Returns: 0 on success, <0 on error + +Errors: + + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + EINVAL The specified `offset` or `size` were invalid (e.g. not + page aligned, causes an overflow, or size is zero). + EFAULT The parameter address was invalid. + EAGAIN Some page within requested range had unexpected refcounts. The + offset of the page will be returned in `error_offset`. + ENOMEM Ran out of memory trying to track private/shared state + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +KVM_SET_MEMORY_ATTRIBUTES2 is an extension to +KVM_SET_MEMORY_ATTRIBUTES that supports returning (writing) values to +userspace. The original (pre-extension) fields are shared with +KVM_SET_MEMORY_ATTRIBUTES identically. + +Attribute values are shared with KVM_SET_MEMORY_ATTRIBUTES. + +:: + + struct kvm_memory_attributes2 { + /* in */ + union { + __u64 address; + __u64 offset; + }; + __u64 size; + __u64 attributes; + __u64 flags; + /* out */ + __u64 error_offset; + __u64 reserved[11]; + }; + + #define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3) + +Set attributes for a range of offsets within a guest_memfd to +KVM_MEMORY_ATTRIBUTE_PRIVATE to limit the specified guest_memfd backed +memory range for guest_use. Even if KVM_CAP_GUEST_MEMFD_MMAP is +supported, after a successful call to set +KVM_MEMORY_ATTRIBUTE_PRIVATE, the requested range will not be mappable +into host userspace and will only be mappable by the guest. + +To allow the range to be mappable into host userspace again, call +KVM_SET_MEMORY_ATTRIBUTES2 on the guest_memfd again with +KVM_MEMORY_ATTRIBUTE_PRIVATE unset. + +If this ioctl returns -EAGAIN, the offset of the page with unexpected +refcounts will be returned in `error_offset`. This can occur if there +are transient refcounts on the pages, taken by other parts of the +kernel. + +Userspace is expected to figure out how to remove all known refcounts +on the shared pages, such as refcounts taken by get_user_pages(), and +try the ioctl again. A possible source of these long term refcounts is +if the guest_memfd memory was pinned in IOMMU page tables. + +See also: :ref: `KVM_SET_MEMORY_ATTRIBUTES`. + .. _kvm_run: =20 5. The kvm_run structure diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 0b55258573d3d..f437fd0f1350c 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -996,6 +996,7 @@ struct kvm_enable_cap { #define KVM_CAP_S390_USER_OPEREXEC 246 #define KVM_CAP_S390_KEYOP 247 #define KVM_CAP_S390_VSIE_ESAMODE 248 +#define KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES 249 =20 struct kvm_irq_routing_irqchip { __u32 irqchip; @@ -1648,6 +1649,7 @@ struct kvm_memory_attributes { __u64 flags; }; =20 +/* Available with KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES */ #define KVM_SET_MEMORY_ATTRIBUTES2 _IOWR(KVMIO, 0xd2, struct= kvm_memory_attributes2) =20 struct kvm_memory_attributes2 { diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 4d7bf52b7b717..cec02d68d7039 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4972,6 +4972,11 @@ static int kvm_vm_ioctl_check_extension_generic(stru= ct kvm *kvm, long arg) return 1; case KVM_CAP_GUEST_MEMFD_FLAGS: return kvm_gmem_get_supported_flags(kvm); + case KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES: + if (vm_memory_attributes) + return 0; + + return kvm_supported_mem_attributes(kvm); #endif default: break; --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A35B039DBDD; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=AOOY79cpr3S6MwagA5B8StTQy/xCqx//2aZlY6BRCf0+ZifCA0qxqXwv8YMg3T2E7YKpMp3RsWAVDi8PNrx/8lR4FyfRBmRaKE5BDPoE9uG1KwPc+xDsTiHmFllH660RJ/KnNUBZrlyhDtcvvNy9/sOjKDzX/Mj+YUrH1L1+0zQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=HhJ8C2ULYSnKpU02/tGXtPPTADB2EfVQtqS/uHVIzYg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=FRFQgQUIb/SoiHGVBwl7TKEf/mfTYtNvks4DN1+/IS+cuS/9ArgUdgkum3sixigHjaL/fzPykpZjaMvt5WqxQVh+MrCvgLrOm1xVDOPg1mwc74oqS8ONqPNFDqVtoQuvzStvlAK/xBu1U9w9eRuGaW8shG9DNoW9S0BwKIaAkyo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tSugz+H3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tSugz+H3" Received: by smtp.kernel.org (Postfix) with ESMTPS id 638E1C2BCC4; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=HhJ8C2ULYSnKpU02/tGXtPPTADB2EfVQtqS/uHVIzYg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=tSugz+H3r/bI8vLM/FsW49w2uoH13PWHVcTzFRtrZgLmztYlbaddalMvd/GPTH+OA iybcJYb2OEuzlGIC6yNJfTEkpiT83ARkUZ2JPgi2lXgvwhA8MqYV3aQ8sUW1X83nPU C5w0QpKbTOd/Fs6e787e59kCqffkVfninVVTqOK+iY3ZxBzCmQ1Tr93k/WviiOttt6 ta4n3L6M7bOsywGHXUMUzRNqlaLjeH7/a/Yx5K5BtO4VQp2asnw4k5AnF80Iul28GE xW/Z9ZjMM9oUrbE4k3Y89z0drmZzmP/JwrfdMCuUFnHGJa73yQmhc2IMaiV2HlM7PO U7mb5V9fIagpQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4FFC5FF8875; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:10 -0700 Subject: [PATCH RFC v5 15/53] KVM: guest_memfd: Handle lru_add fbatch refcounts during conversion safety check Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-15-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2931; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=bFm4QUlwLsCLqMqV3YPlW4ZQKVQMPLtcpdDZUrpsyS4=; b=jnKXP7vtqQUPCENWxWAGbQ0dyHE7F1LL90NmrM8GuZj1v4CE7P3RePJ10i1Bn0oSZ+kBtpsLM 59D3dWe3a+IA5MdRKM63mYMm4SKWGoeTvHRJZSGf2oiZZKLmvyKMBTn X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng When checking if a guest_memfd folio is safe for conversion, its refcount is examined. A folio may be present in a per-CPU lru_add fbatch, which temporarily increases its refcount. This can lead to a false positive, incorrectly indicating that the folio is in use and preventing the conversion, even if it is otherwise safe. The conversion process might not be on the same CPU that holds the folio in its fbatch, making a simple per-CPU check insufficient. To address this, drain all CPUs' lru_add fbatches if an unexpectedly high refcount is encountered during the safety check. This is performed at most once per conversion request. Draining only if the folio in question may be lru cached. guest_memfd folios are unevictable, so they can only reside in the lru_add fbatch. If the folio's refcount is still unsafe after draining, then the conversion is truly deemed unsafe. Signed-off-by: Ackerley Tng --- mm/swap.c | 2 ++ virt/kvm/guest_memfd.c | 18 ++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/mm/swap.c b/mm/swap.c index 5cc44f0de9877..3134d9d3d7c30 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -37,6 +37,7 @@ #include #include #include +#include =20 #include "internal.h" =20 @@ -904,6 +905,7 @@ void lru_add_drain_all(void) lru_add_drain(); } #endif /* CONFIG_SMP */ +EXPORT_SYMBOL_FOR_KVM(lru_add_drain_all); =20 atomic_t lru_disable_count =3D ATOMIC_INIT(0); =20 diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index d8bdb51c50cf0..18dec87dd4baa 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -8,6 +8,7 @@ #include #include #include +#include =20 #include "kvm_mm.h" =20 @@ -608,18 +609,27 @@ static bool kvm_gmem_is_safe_for_conversion(struct in= ode *inode, pgoff_t start, const int filemap_get_folios_refcount =3D 1; pgoff_t last =3D start + nr_pages - 1; struct folio_batch fbatch; + bool lru_drained =3D false; bool safe =3D true; int i; =20 folio_batch_init(&fbatch); while (safe && filemap_get_folios(mapping, &start, last, &fbatch)) { =20 - for (i =3D 0; i < folio_batch_count(&fbatch); ++i) { + for (i =3D 0; i < folio_batch_count(&fbatch);) { struct folio *folio =3D fbatch.folios[i]; =20 - if (folio_ref_count(folio) !=3D - folio_nr_pages(folio) + filemap_get_folios_refcount) { - safe =3D false; + safe =3D (folio_ref_count(folio) =3D=3D + folio_nr_pages(folio) + + filemap_get_folios_refcount); + + if (safe) { + ++i; + } else if (folio_may_be_lru_cached(folio) && + !lru_drained) { + lru_add_drain_all(); + lru_drained =3D true; + } else { *err_index =3D folio->index; break; } --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1AF439DBEE; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=YUYWoHY7dKELLgspL5wQPu8axAEi9TkJSXa4apMA5+BAtTGNT5DtW/evOoLWlzfFwz1NUOBAA9FsBTu19spCZBzbqwofXbfAS0rjq4AGjPgC9p35d0pmuufj6NldLUtqgVtr3jnaex4xILP1pKgYGPpt2WEvlo8X7Y2DeCjk7r8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=a2aEfJ6m0j8ZM/bqFoAVOYelACqW9/aXk15li5HxPEQ=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kwR8Xoshc7lD1MffUKUhFQdLY8J/7+XJ1BvKRdB3YJaq8xfw5SkiJnmjz3LUc0smoxqYGCxkgs2XLkse3QkvM4iYIRBc7KhMEYilM3U/ohOYNN0G0MBuKqDKhzjOjJVeNf5YtH0QhWMglm9Ts1ZNF9hsWYQvcZokrY8qQ/WFRbY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=F89sJtWJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="F89sJtWJ" Received: by smtp.kernel.org (Postfix) with ESMTPS id 78745C2BD00; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=a2aEfJ6m0j8ZM/bqFoAVOYelACqW9/aXk15li5HxPEQ=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=F89sJtWJeVjLD9ZPKyzElsVWRALpeCoSfBqOf7qa/fY6Ukl2W+mrJJCaDStQkYgh6 SkhG1T1FEd6yY+Hmc/WCEiY6jsFtNMCFtnzP7VNsqYb8iKOtNKZ8X9LTRLgCnvt7Cq Tq7eE6+aAV7EkIVvZcn7BZyGLRZZ7qR0cgaMjxmQEZb07qvr1ftXqb12qrjgPplQn3 0dJj4PU0ToiR4Y797W2dY9yA5jiJhsDmN//UBFTvX0ypD0Aw/R3nxrUUIwalQmgF39 Al/U0yOHF3qrjA1zyDpn4SeCG+KsycPrQBsHMfZmS6HQKvYyMbzo3Jlq/zdbh3D8zy 0p3lIHeoCeZRg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 667CDFF887B; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:11 -0700 Subject: [PATCH RFC v5 16/53] KVM: guest_memfd: Use actual size for invalidation in kvm_gmem_release() Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-16-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1535; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=8s9srRWtz7f/qUsN6cgFXL8UzY6gobQjxcKA3FAKF1g=; b=nLJzPo61vJJymn23yVtDUejpJ5Rclc0DHXvhXZeTco5UgcVOiVM2sLw/Sj9DreTWilBHd6/8Z E8OVvmbj6tdC7PZj5nGP+GWZKGH+JQXBiitkgPeHEIBwyAL9CCzFqF9 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng __kvm_gmem_invalidate_begin() and __kvm_gmem_invalidate_end() actually do not specially handle -1ul. -1ul is used as a huge number, which legal indices do not exceed, and hence the invalidation works as expected. Since a later patch is going to make use of the exact range, calculate the size of the guest_memfd inode and use it as the end range for invalidating SPTEs. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 18dec87dd4baa..a8a5e37c982a4 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -376,6 +376,7 @@ static int kvm_gmem_release(struct inode *inode, struct= file *file) struct kvm_memory_slot *slot; struct kvm *kvm =3D f->kvm; unsigned long index; + pgoff_t end; =20 /* * Prevent concurrent attempts to *unbind* a memslot. This is the last @@ -402,9 +403,10 @@ static int kvm_gmem_release(struct inode *inode, struc= t file *file) * Zap all SPTEs pointed at by this file. Do not free the backing * memory, as its lifetime is associated with the inode, not the file. */ - __kvm_gmem_invalidate_begin(f, 0, -1ul, + end =3D i_size_read(inode) >> PAGE_SHIFT; + __kvm_gmem_invalidate_begin(f, 0, end, kvm_gmem_get_invalidate_filter(inode)); - __kvm_gmem_invalidate_end(f, 0, -1ul); + __kvm_gmem_invalidate_end(f, 0, end); =20 list_del(&f->entry); =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B2D0139DBF6; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=uFTPDVnNLOLZK6rLU1g6bviB/H/0UoXpJ0E4PnXW+nPxmUCyBRnYpD+lpoPByhq/mFS5vVaOhc+E7hS6lB4at+RwbRsurvhxzhDRRQVIgFXzReyK5p4/2wNcEnTAaOYT/yhaxYCZ//kQAKRB+ERqK2RK53lQNqYm4jnkW9zIK90= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=pnzJsSOdQ2ZKpf+yB2E9JY952czQ9HO2EsQs+cwWkSM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DFthl02nN45WkB2yqTUpWmJ9p2qvrPspt+0bLXZdG+41pBWtEXgU+hUWj5QJutir0ajGMU7Fhbzq2U09YJclCAjwzAdJQv5gSyQdlFjf/neV7kCKoMrzG7MCtExNXkeWofp3WWQniLXLPsGU9RnKTKkQt81alDt9QsdQJHAQmrY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=gt0OTQq2; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="gt0OTQq2" Received: by smtp.kernel.org (Postfix) with ESMTPS id 87DABC2BCC6; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=pnzJsSOdQ2ZKpf+yB2E9JY952czQ9HO2EsQs+cwWkSM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=gt0OTQq2PVfMjCGZ7b46e19ZN8f2WG6JX+4v1Itr92agtRpaD7mm1R5ZFRQzW2PDk t1rp6nxNsK99HQE4ZpGq/hJLkM9wyIJNM/+XswEWUi1QJtFmK3HJpHzgX6CvoRTmUh y3FYzIuSaaNxV3eJ8VUebU9Os5b/VEjQUylrVnTzVN2B2MYSXASICyy9dCI1XmT7uk K34dykLI8MXbtMCQY1xFL0R1MGCSfh/jqlpuugyuD1ggWco0PsRBSzO/loYRndaaiS J4gL1H4XUgNSY/DwFwKd0ddegjRgiV9dY/470EaG8mSEI8HJNWnIlEAtwNfsXF0mQD xLXW+8JQhuRRw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D967FF887E; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:12 -0700 Subject: [PATCH RFC v5 17/53] KVM: guest_memfd: Determine invalidation filter from memory attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-17-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3498; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=rTbN5ompOLk/ZM+5Duak/FZnd2bH0M3Khx+/Wu0/ecI=; b=jwLlCIM76PVRy74xhSINNK9Fe1Gutkg13fkABnTajm9j32KOHvBXPseR/nyk0iXTwD6iNKArG Z7SowX0SxpdBl5ecYYavp5YgGIN4Z8bbR2+vwATRdLwTvw3pj01u7lb X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Before conversion, the range filter doesn't really matter: + For non-CoCo VMs that use guest_memfd, they have no mirrored tdp, so KVM_DIRECT_ROOTS would have been invalidated anyway. + CoCo VMs could not use INIT_SHARED, and there's no conversion support, so always using KVM_FILTER_PRIVATE would have worked. Now with conversion support, update kvm_gmem_get_invalidate_filter to inspect the memory attributes maple tree for a given range. Instead of determining the invalidation filter based on static inode flags, iterate through the attributes maple tree for the specific range being invalidated. This allows KVM to identify if the range contains private pages, shared pages, or both, and set the filter bits accordingly. Update kvm_gmem_invalidate_begin and kvm_gmem_release to pass the range parameters to the filter helper to ensure invalidation accurately targets the memory types present in the affected range. Signed-off-by: Ackerley Tng --- virt/kvm/guest_memfd.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index a8a5e37c982a4..85e8b3a981307 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -199,12 +199,24 @@ static struct folio *kvm_gmem_get_folio(struct inode = *inode, pgoff_t index) return folio; } =20 -static enum kvm_gfn_range_filter kvm_gmem_get_invalidate_filter(struct ino= de *inode) +static enum kvm_gfn_range_filter kvm_gmem_get_invalidate_filter( + struct inode *inode, pgoff_t start, pgoff_t end) { - if (GMEM_I(inode)->flags & GUEST_MEMFD_FLAG_INIT_SHARED) - return KVM_FILTER_SHARED; + struct gmem_inode *gi =3D GMEM_I(inode); + enum kvm_gfn_range_filter filter =3D 0; + void *entry; + + lockdep_assert(mt_lock_is_held(&gi->attributes)); + + mt_for_each(&gi->attributes, entry, start, end - 1) { + filter |=3D (xa_to_value(entry) & KVM_MEMORY_ATTRIBUTE_PRIVATE) ? + KVM_FILTER_PRIVATE : KVM_FILTER_SHARED; + + if (filter =3D=3D (KVM_FILTER_PRIVATE | KVM_FILTER_SHARED)) + break; + } =20 - return KVM_FILTER_PRIVATE; + return filter; } =20 static void __kvm_gmem_invalidate_begin(struct gmem_file *f, pgoff_t start, @@ -250,7 +262,7 @@ static void kvm_gmem_invalidate_begin(struct inode *ino= de, pgoff_t start, enum kvm_gfn_range_filter attr_filter; struct gmem_file *f; =20 - attr_filter =3D kvm_gmem_get_invalidate_filter(inode); + attr_filter =3D kvm_gmem_get_invalidate_filter(inode, start, end); =20 kvm_gmem_for_each_file(f, inode) __kvm_gmem_invalidate_begin(f, start, end, attr_filter); @@ -373,6 +385,7 @@ static long kvm_gmem_fallocate(struct file *file, int m= ode, loff_t offset, static int kvm_gmem_release(struct inode *inode, struct file *file) { struct gmem_file *f =3D file->private_data; + enum kvm_gfn_range_filter filter; struct kvm_memory_slot *slot; struct kvm *kvm =3D f->kvm; unsigned long index; @@ -404,8 +417,8 @@ static int kvm_gmem_release(struct inode *inode, struct= file *file) * memory, as its lifetime is associated with the inode, not the file. */ end =3D i_size_read(inode) >> PAGE_SHIFT; - __kvm_gmem_invalidate_begin(f, 0, end, - kvm_gmem_get_invalidate_filter(inode)); + filter =3D kvm_gmem_get_invalidate_filter(inode, 0, end); + __kvm_gmem_invalidate_begin(f, 0, end, filter); __kvm_gmem_invalidate_end(f, 0, end); =20 list_del(&f->entry); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C9DB439E6F3; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; cv=none; b=qjgtARqe7Nn0Ut/Z1PMyYezPkg3ejt0a24Uno6ojfWp1njUTI0MvP9MprBeZf0ewY2Kczc1gpmHm+LkIwpEjjOmF1Nz5j2XH0dsu1xnbFbCP1e5LZj8ZCi4v8OQ4VZFPb4Vd+gaIeci69q1pHvHEPRJ2FW6j1pVegI6GESthRNA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418718; c=relaxed/simple; bh=aEV4UjQjsWs7N1JMqvCcV481PEAk1tk0BIdV5ZaHEYc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=C2+rcxEquw6vicihvZAu2qdDZtRlwe2XEQFa5I8BF4ecXkBURiBHI+9RMJlLBoH5stpwKTozl3m5+VXRRemFyXxW73B2V28CbblJi8QBZhxr777LyEkYqpyGh8M3X8h7H04NB+bFGIXHP3bIqHoKCZRNXSsKZCiCjCy6PulKXsk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AV2mfwoP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AV2mfwoP" Received: by smtp.kernel.org (Postfix) with ESMTPS id A0E2EC4AF0B; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=aEV4UjQjsWs7N1JMqvCcV481PEAk1tk0BIdV5ZaHEYc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=AV2mfwoPlfsAmvMZOdenWjoLEVnV6nPp8/kveXAHR4yHkjSUc5DKCn2Q8NuaQ0FkH bMIj2MrLgVcmrkIRDdlnR+j5mo/QG0Qv4qGGMClmRmseLCF22QBAFZ2+V4mkppt36e JGfQ62QNBadyRpjO+ekn0LsZdYPNGOwU78o+hS1DowhngG4a80gubQf7F2Nx4yUxNX 3i1wuy53lE/BMra2BZnlWZVtROcBDFcyWosnCJcmsMmwCQH5IefXNP6nixWMo1pkxQ XNY1MdQYEeeoMziQoKXkdCdfr5Olm2vgtFuqQ9VxxibYif6/ju2WgWTaTe61eERsTe U4h9NKRlI8Cig== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91AECFF8877; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:13 -0700 Subject: [PATCH RFC v5 18/53] KVM: Move KVM_VM_MEMORY_ATTRIBUTES config definition to x86 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-18-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1805; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=kWyeQB/GQxPIUPFKfrteI7VrZ53oW8LRRzQh+H0D7K8=; b=ileSfoo1GqxHrOuqoCf1RNEpw8cYUg18NzHzeaEeQ9gn9rjBxsIHBnrST9VvuJIYLv12RU1ss NLpW3opkVhZBMlYJzQm+f0+don3AVOIR3jb95eTU6C1vsyq0Yg/rfeb X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Bury KVM_VM_MEMORY_ATTRIBUTES in x86 to discourage other architectures from adding support for per-VM memory attributes, because tracking private vs. shared memory on a per-VM basis is now deprecated in favor of tracking on a per-guest_memfd basis, and no other memory attributes are on the horizon. This will also allow modifying KVM_VM_MEMORY_ATTRIBUTES to be user-selectable (in x86) without creating weirdness in KVM's Kconfigs. Now that guest_memfd support memory attributes, it's entirely possible to run x86 CoCo VMs without support for KVM_VM_MEMORY_ATTRIBUTES. Leave the code itself in common KVM so that it's trivial to undo this change if new per-VM attributes do come along. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/kvm/Kconfig | 4 ++++ virt/kvm/Kconfig | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 26f6afd51bbdc..b6d65ee664d0f 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -80,6 +80,10 @@ config KVM_WERROR =20 If in doubt, say "N". =20 +config KVM_VM_MEMORY_ATTRIBUTES + select KVM_MEMORY_ATTRIBUTES + bool + config KVM_SW_PROTECTED_VM bool "Enable support for KVM software-protected VMs" depends on EXPERT diff --git a/virt/kvm/Kconfig b/virt/kvm/Kconfig index e371e079e2c50..663de6421eda2 100644 --- a/virt/kvm/Kconfig +++ b/virt/kvm/Kconfig @@ -103,10 +103,6 @@ config KVM_MMU_LOCKLESS_AGING config KVM_MEMORY_ATTRIBUTES bool =20 -config KVM_VM_MEMORY_ATTRIBUTES - select KVM_MEMORY_ATTRIBUTES - bool - config KVM_GUEST_MEMFD select XARRAY_MULTI select KVM_MEMORY_ATTRIBUTES --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEB9739EF21; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=GtrWIGnJQDtGGMP0twX1v/EUS/zklol/e4N2wfPHsGK+WqKB0Mz6ZG1F99tIImnr/1v78I4FT1hiYowqT2hFCCHyEgAAGM8VOwmpmL5RMbxJeXbInzfD9vJZTGqIhDdGwDaWmIe+F+21yQLcejlUxD8svymjRvv1ewA3tQJHQnI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=rNUDxIq4jocmrgka0xACOy4J+7FhQChrkTScBEODUyM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NMmMUJ9meO5BT91bZuDghhGPu7PTsHfO9m11FxlQQpoU1CzkQKJzCkq9bliHoxUkPTmPMLUmk5nvVYh5AWzGVDotRC5RgwHeTPMT3rRFb3G+fRsGI2N0udVrgZ3zkfwMyEgJL1Q93//tLqu9ZeVDSzMuhNJS2+D9GHq5sWWwz2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Ca9A+okb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Ca9A+okb" Received: by smtp.kernel.org (Postfix) with ESMTPS id B50B9C2BCF4; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=rNUDxIq4jocmrgka0xACOy4J+7FhQChrkTScBEODUyM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=Ca9A+okbJ42/LMOJX3Hg3fm2CyxKYzutjxZsaJV3GXu/Ixb9qOA+pQp/CD72LpryS pPZ7cxHGxAMsRP4spwvqc9pBN8piBKO60TK8u4IYPkUf6Sqcqp5IFIFySeC5ywCOQh akZ0sS9lqNpdvfHGl5O7IdSrR3078ZOGrqjZPSnGvh0bDzXL6MA1ht79E4HPrgagJV QiQWRuROhIu4qKDKXvIBCsZf+2wntCirpjfw3XBAoG4a3M/dI5m0DYn3L8NEtoq17b KFWLh4dc+9SEmGjOCBLgr77bBvmZEGbGTcO4r6Jkr1SNX0ZSxWNO7LwqAiLAB7LhXl mkBANszCbAOMA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7BBCFF887B; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:14 -0700 Subject: [PATCH RFC v5 19/53] KVM: Let userspace disable per-VM mem attributes, enable per-gmem attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-19-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2855; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=KMLYlEABtckw6VyhRdQRr8/Kzmu2l2xzD5HnouJ7iBc=; b=Jdi0ySmNlBkaIZQdwgtEYnczV89YWoO2Ir7hJXSA4n679Me76AJw98eYvvPwl09ungXW2s/Zt eaJYqHbxH9XBwPJMgCmoAOHf5xnz8ExWUkcQJXoNn8SqghToUKggEeC X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Make vm_memory_attributes a module parameter so that userspace can disable the use of memory attributes on the VM level. To avoid inconsistencies in the way memory attributes are tracked in KVM and guest_memfd, the vm_memory_attributes module_param is made read-only (0444). Make CONFIG_KVM_VM_MEMORY_ATTRIBUTES selectable, only for (CoCo) VM types that might use vm_memory_attributes. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/kvm/Kconfig | 13 +++++++++---- virt/kvm/kvm_main.c | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index b6d65ee664d0f..8b97d341bd33f 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -82,13 +82,20 @@ config KVM_WERROR =20 config KVM_VM_MEMORY_ATTRIBUTES select KVM_MEMORY_ATTRIBUTES - bool + depends on KVM_SW_PROTECTED_VM || KVM_INTEL_TDX || KVM_AMD_SEV + bool "Enable per-VM memory attributes (for CoCo VMs)" + help + Enable support for per-VM memory attributes, which are deprecated in + favor of tracking memory attributes in guest_memfd. Select this if + you need to run CoCo VMs using a VMM that doesn't support guest_memfd + memory attributes. + + If unsure, say N. =20 config KVM_SW_PROTECTED_VM bool "Enable support for KVM software-protected VMs" depends on EXPERT depends on KVM_X86 && X86_64 - select KVM_VM_MEMORY_ATTRIBUTES help Enable support for KVM software-protected VMs. Currently, software- protected VMs are purely a development and testing vehicle for @@ -139,7 +146,6 @@ config KVM_INTEL_TDX bool "Intel Trust Domain Extensions (TDX) support" default y depends on INTEL_TDX_HOST - select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_POPULATE help Provides support for launching Intel Trust Domain Extensions (TDX) @@ -163,7 +169,6 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=3Dy && CRYPTO_DEV_CCP_DD=3Dm) select ARCH_HAS_CC_PLATFORM - select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_PREPARE select HAVE_KVM_ARCH_GMEM_INVALIDATE select HAVE_KVM_ARCH_GMEM_POPULATE diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index cec02d68d7039..ba195bb239aaa 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -104,6 +104,7 @@ module_param(allow_unsafe_mappings, bool, 0444); #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES bool vm_memory_attributes =3D true; +module_param(vm_memory_attributes, bool, 0444); #endif DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, kvm_get_memory_attrib= utes_t); EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes= )); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFC9739F188; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=a/AC8btwNrLq1xLdVVAD/4UfrP//xSX2ZgRSyS/gMUn6SqdCihDHkH60VNvbNRWWT3EL8N8g1ktCe0tIUSTn4LPBnVcNQOLEAob5JxHqWqMHjmCIweJhEUvrHrJIc4d1ILF5QybkDBX1/064eY1muR35+cPr4ApE1pSTplRStMw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=UjB3Q8xP2+/jLCiODH+4GnaWPfVWe36CvWf3Dh0lyNw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=t0otwK7ohEU1g22HVMM1AFWDTB1CU/p6a37Vf8bVFCbvTtnew6i16Es6E248FAr8G3Bu4qnXw6wkk67Yy+znqN6RDWPRW0cr6hVwKzgR+cHimz7T2/xPWOz0epRmuwKcuCi8RbeoB8p4y9zOV4MY5p0aAfGPLJLm6iRLbJzpNXc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tk8v8nB7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tk8v8nB7" Received: by smtp.kernel.org (Postfix) with ESMTPS id CF6DFC4AF19; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=UjB3Q8xP2+/jLCiODH+4GnaWPfVWe36CvWf3Dh0lyNw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=tk8v8nB7bwg2HgNUKy/3dSbh1sX2By5WJlLidJ1Av30V2f3k8yXSOmd3d+RIsUiTG FKfPonFTqIELdBlrt1T2Ywoi5P6ZM4bQIS8EFRNrUskt+Wspz90GIXlWQhWORJshWf H7K7bd4oD2xfuKY2gyqJZeb89PAcC87zJvPQz97dJjle3Q5+ztTFAk3SvnakeKdPE7 axiMB8p1x8M+XFyPbHFq9CBisWa9EuoFmU2VCWYyK2961IoaKOrxGnTvCveRQ2u4s0 SB+exL1U3B6OIz1E8XCK3DHJaiWTF7AdW3OtQI9znXEO7A03DDQnaFocSs8sFDcrwY oIiepIJK9AfVQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD332FF8875; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:15 -0700 Subject: [PATCH RFC v5 20/53] KVM: guest_memfd: Enable INIT_SHARED on guest_memfd for x86 Coco VMs Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-20-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1390; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=9LP/svD9TvgxKqvednNMupCSsWJ+AFS+3tUCHtCnRqA=; b=7TverXUJlngRxhJ4vEWJkucYIO7XShyfSISUb/HZPT3irzIwFpodwZIaXKo0xt09LhSOu99cl vzzDW2Ybw7TASLiyA7ny4f0JXMSI7+HJSNDTw51rwwdQnOzO+yzu59J X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Now that guest_memfd supports tracking private vs. shared within gmem itself, allow userspace to specify INIT_SHARED on a guest_memfd instance for x86 Confidential Computing (CoCo) VMs, so long as per-VM attributes are disabled, i.e. when it's actually possible for a guest_memfd instance to contain shared memory. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/kvm/x86.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 1560de1e95be0..6609957ecfea3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14172,14 +14172,13 @@ bool kvm_arch_no_poll(struct kvm_vcpu *vcpu) } =20 #ifdef CONFIG_KVM_GUEST_MEMFD -/* - * KVM doesn't yet support initializing guest_memfd memory as shared for V= Ms - * with private memory (the private vs. shared tracking needs to be moved = into - * guest_memfd). - */ bool kvm_arch_supports_gmem_init_shared(struct kvm *kvm) { - return !kvm_arch_has_private_mem(kvm); + /* + * INIT_SHARED isn't supported if the memory attributes are per-VM, + * in which case guest_memfd can _only_ be used for private memory. + */ + return !vm_memory_attributes || !kvm_arch_has_private_mem(kvm); } =20 #ifdef CONFIG_HAVE_KVM_ARCH_GMEM_PREPARE --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0CD533A254A; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=EGELi6ppE4XAF7+yqNEJuRlE51FKh7ZPAi7Nk3MTTL/tZH5jilVNCB8/JccPCQnJ9kSiC9dBVy1aEU3p4GE7E3zhgXf8ghtSnEd7jG16VNRYNnNWjAleovkIfmmfEIJmzuIZvRfAgjKg+i84CeACQKAmKyJwxuHEK+yslp3gpVc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=McDOUCm+isas7jiICyN0E5ubUDEjWu5iEe+R8RHc0CE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=O/uBCO4cF4omzM8GEcFOHlXhbG+08E/q7FiAI4p8ZVnx0yN96URGnTkvfsjfdqmZg0uzzUL26J2N8ueqfT86W2zA8XjLe7lXFaSPzdxrnqnefdeLpUX/Ejt/7Oxkkfmqum7RUJZJLRenfGSD8LKp4ZH0VH4oBdwcR/N3yRsB/w0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=XUUp5bbb; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="XUUp5bbb" Received: by smtp.kernel.org (Postfix) with ESMTPS id E3F15C2BCB9; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418718; bh=McDOUCm+isas7jiICyN0E5ubUDEjWu5iEe+R8RHc0CE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=XUUp5bbbwTk2B138t2zteGlhdTVnCO7z4WnQMsOvSvPNYJhYjOm7WkxlIjPEOzujA v0uYPn9kIsSc7AQkAQHsYfxsOODeuYeEBaEUwdy+1dSJTlI5P/ixTltxPoQDOAGgEo EiCYob/sMLtZavC1mXkFco1QgXUaOFUVPJlpiWPWo/z//Y6VkkT32KKvdgtq/O5D3U gPmuqbqAzi+IXO3PipnC96m4dfAIUygWkgyoU6E1CVJsnWHTOoi/8bV27iALynfHHK FaYsw4TuJ6Z6OBpttpqpP0RXdmM2tFQU3LNG4g915jKHlGy5dyVuvShgnipAsMXBYH sjV8EW9l2QGTw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1E1BFF887E; Tue, 28 Apr 2026 23:25:18 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:16 -0700 Subject: [PATCH RFC v5 21/53] KVM: guest_memfd: Introduce default handlers for content modes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-21-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3682; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=bExntzDH4eJvOXiKEEI4Mzgx/0x0zxgpmzImhSYoC1o=; b=PNbqwo9hcIQwsAQRGjQHX21H24S4wh3bsXFlO6MkquX+OHrZREiPkkpErhDiU7/NBi84pETDV vHMROayf7h/AC/UbqBdSyOejE+v/B0mVu0oQwwqp5Kacfunrp/JDX78 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Currently, when setting memory attributes, KVM provides no guarantees about the memory contents. Introduce default handlers for applying memory content modes, which different architectures should override. These handlers will be used later to apply memory content modes during set memory attributes requests. Signed-off-by: Ackerley Tng --- include/linux/kvm_host.h | 12 +++++++++ virt/kvm/guest_memfd.c | 66 ++++++++++++++++++++++++++++++++++++++++++++= ++++ 2 files changed, 78 insertions(+) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index f9ea95e33d050..458bad0083c37 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -741,6 +741,18 @@ static inline u64 kvm_gmem_get_supported_flags(struct = kvm *kvm) =20 return flags; } + +u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private= ); +int kvm_gmem_apply_content_mode_zero(struct inode *inode, pgoff_t start, + pgoff_t end); +int kvm_arch_gmem_apply_content_mode_zero(struct kvm *kvm, struct inode *i= node, + pgoff_t start, pgoff_t end); +int kvm_arch_gmem_apply_content_mode_preserve(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end); +int kvm_arch_gmem_apply_content_mode_unspecified(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end); #endif =20 #ifndef kvm_arch_has_readonly_mem diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 85e8b3a981307..b0e4bb554cdf3 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -693,6 +693,72 @@ static void kvm_gmem_invalidate(struct inode *inode, p= goff_t start, pgoff_t end) static void kvm_gmem_invalidate(struct inode *inode, pgoff_t start, pgoff_= t end) {} #endif =20 +u64 __weak kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_= private) +{ + /* Architectures must override with supported modes. */ + return 0; +} + +int kvm_gmem_apply_content_mode_zero(struct inode *inode, pgoff_t start, + pgoff_t end) +{ + struct address_space *mapping =3D inode->i_mapping; + struct folio_batch fbatch; + int ret =3D 0; + int i; + + folio_batch_init(&fbatch); + while (!ret && filemap_get_folios(mapping, &start, end - 1, &fbatch)) { + for (i =3D 0; !ret && i < folio_batch_count(&fbatch); ++i) { + struct folio *folio =3D fbatch.folios[i]; + + folio_lock(folio); + + if (folio_test_hwpoison(folio)) { + ret =3D -EHWPOISON; + } else { + /* + * Hard-coding zeroed range since + * guest_memfd only supports PAGE_SIZE + * folios and start and end have been + * checked to be PAGE_SIZE aligned. + */ + WARN_ON_ONCE(folio_test_large(folio)); + folio_zero_segment(folio, 0, PAGE_SIZE); + } + + folio_unlock(folio); + } + + folio_batch_release(&fbatch); + cond_resched(); + } + + return ret; +} + +int __weak kvm_arch_gmem_apply_content_mode_unspecified(struct kvm *kvm, + struct inode *inode, + pgoff_t start, + pgoff_t end) +{ + return 0; +} + +int __weak kvm_arch_gmem_apply_content_mode_zero(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end) +{ + return kvm_gmem_apply_content_mode_zero(inode, start, end); +} + +int __weak kvm_arch_gmem_apply_content_mode_preserve(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end) +{ + return -EOPNOTSUPP; +} + static int __kvm_gmem_set_attributes(struct inode *inode, pgoff_t start, size_t nr_pages, uint64_t attrs, pgoff_t *err_index) --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7494D3A3E7B; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=l0wDXB3ZHDp0D/2wck6yZKRSM6Q8qcukmJelq4ny8Ooq0lbD8emGMs9d8Z6vtxWaVEy6/RezHvtVF+xk6ZHXVHG4R/ZXndk2UeNd9sTXewohdGo+hLsTmMBQ3tBtWvGlofZN3l+MI9l0N/0/XRyIZrq/3/8Gerklis1MmCViyAc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=m2bOW0DUVfOZna9REsWxASypSF6X/t2k8+SwYTvUrgc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OUx82iUYw0i8aUPNFG38VB+mA88DQjIPXa9gQ56DRE8Bo5Apr61VP6uYjz+esW/MzWyHKMkAS9X8NaH3odxpxTDc+0gkcoQbSSX4XP2ORbxIg/hAmu3iWxD6OoR2uJLH3I9IRF259Edw+7uG9Em5W6Iv+ivelGjWsfze+64qfLo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WJlnpg58; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WJlnpg58" Received: by smtp.kernel.org (Postfix) with ESMTPS id 20591C4AF0F; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=m2bOW0DUVfOZna9REsWxASypSF6X/t2k8+SwYTvUrgc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=WJlnpg58o/wMHP8oA2epKzXvuu0F2uImhLPh4i+yCuIuUFUijKUcfQmk+2uN/pT7h 0cWGPK1gsPZsRGlY6uEWokR92R6JrFtTMZNz/hOPFIUyvlJDtPLmgpNGxkQ7BeooAj dXdSHhbv52GEyuZHyAoqqCj8Ggc6dPfwE6ETRPWQ7+uEs90xRB4/aZ5gLE5GdccoCd BepwaMv/5kjxDgHxS+6ycmPBriizSk/vDHl9jYlE2ON+EBB9gKhNOB3vl5A93+hgfg 6uNDvW5/2JlGSqtPjhVPmjyd6jIISjqN47JhWDQGSf+PsEuGcOs/6QTQ1ka9++XE3d ASdkLEjLfl5MA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F5E0FF8875; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:17 -0700 Subject: [PATCH RFC v5 22/53] KVM: guest_memfd: Apply content modes while setting memory attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-22-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=8609; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=MUDFg3cF6c9zZj9eh+GrJ3J5VFbXgeIVHlW3jinLVHw=; b=2XGqE3iV+Vi1bSn0hlNODYxtik3QyF9m9aUmkOk9DiJ6SyFSFBLsOf07/9slTvV8WlFojh1kw cm5zpBbGFbjByQhM6jLEcwU3cELZfDgCodbO76TBbTHf8UHrktag1mF X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Provide defined memory content modes so that KVM can make guarantees about memory content after setting memory attributes, according to userspace requests. Suggested-by: Sean Christoperson Signed-off-by: Ackerley Tng --- Documentation/virt/kvm/api.rst | 61 ++++++++++++++++++++++++++++++++++++++= ++++ include/uapi/linux/kvm.h | 4 +++ virt/kvm/guest_memfd.c | 56 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 119 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 6ce10c8ddb634..61b9974ba52e9 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -6573,6 +6573,8 @@ Errors: EAGAIN Some page within requested range had unexpected refcounts. The offset of the page will be returned in `error_offset`. ENOMEM Ran out of memory trying to track private/shared state + EOPNOTSUPP There is no way for KVM to guarantee in-memory contents as + requested. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 KVM_SET_MEMORY_ATTRIBUTES2 is an extension to @@ -6621,6 +6623,65 @@ on the shared pages, such as refcounts taken by get_= user_pages(), and try the ioctl again. A possible source of these long term refcounts is if the guest_memfd memory was pinned in IOMMU page tables. =20 +By default, KVM makes no guarantees about the in-memory values after +memory is convert to/from shared/private. Optionally, userspace may +instruct KVM to ensure the contents of memory are zeroed or preserved, +e.g. to enable in-place sharing of data, or as an optimization to +avoid having to re-zero memory when userspace could have relied on the +trusted entity to guarantee the memory will be zeroed as part of the +entire conversion process. + +The content modes available are as follows: + +``KVM_SET_MEMORY_ATTRIBUTES2_ZERO`` + + On conversion, KVM guarantees all entities that have "allowed" + access to the memory will read zeros. E.g. on private to shared + conversion, both trusted and untrusted code will read zeros. + + Zeroing is currently only supported for private-to-shared + conversions, as KVM in general is untrusted and thus cannot + guarantee the guest (or any trusted entity) will read zeros after + conversion. Note, some CoCo implementations do zero memory contents + such that the guest reads zeros after conversion, and the guest may + choose to rely on that behavior. However, that's a contract between + the trusted CoCo entity and the guest, not between KVM and the + guest. + +``KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE`` + + On conversion, KVM guarantees memory contents will be preserved with + respect to the last written unencrypted value. As a concrete + example, if the host writes ``0xbeef`` to shared memory and converts + the memory to private, the guest will also read ``0xbeef``, even if + the in-memory data is encrypted as part of the conversion. And vice + versa, if the guest writes ``0xbeef`` to private memory and then + converts the memory to shared, the host (and guest) will read + ``0xbeef`` (if the memory is accessible). + +Note: These content modes apply to the entire requested range, not +just the parts of the range that underwent conversion. For example, if +this was the initial state: + + * [0x0000, 0x1000): shared + * [0x1000, 0x2000): private + * [0x2000, 0x3000): shared + +and range [0x0000, 0x3000) was set to shared, the content mode would +apply to all memory in [0x0000, 0x3000), not just the range that +underwent conversion [0x1000, 0x2000). + +Note: These content modes apply only to allocated memory. No +guarantees are made on offset ranges that do not have memory allocated +(yet). For example, if this was the initial state: + + * [0x0000, 0x1000): shared + * [0x1000, 0x2000): not allocated + * [0x2000, 0x3000): shared + +and range [0x0000, 0x3000) was set to shared, the content mode would +apply to only to offset ranges [0x0000, 0x1000) and [0x2000, 0x3000). + See also: :ref: `KVM_SET_MEMORY_ATTRIBUTES`. =20 .. _kvm_run: diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f437fd0f1350c..c7cc6c22c2023 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1652,6 +1652,10 @@ struct kvm_memory_attributes { /* Available with KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES */ #define KVM_SET_MEMORY_ATTRIBUTES2 _IOWR(KVMIO, 0xd2, struct= kvm_memory_attributes2) =20 +#define KVM_SET_MEMORY_ATTRIBUTES2_MODE_UNSPECIFIED 0 +#define KVM_SET_MEMORY_ATTRIBUTES2_ZERO (1ULL << 0) +#define KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE (1ULL << 1) + struct kvm_memory_attributes2 { union { __u64 address; diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index b0e4bb554cdf3..5c1db67e6fd35 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -699,6 +699,19 @@ u64 __weak kvm_arch_gmem_supported_content_modes(struc= t kvm *kvm, bool to_privat return 0; } =20 +static bool kvm_gmem_content_mode_is_supported(struct kvm *kvm, + u64 content_mode, + bool to_private) +{ + if (content_mode =3D=3D KVM_SET_MEMORY_ATTRIBUTES2_MODE_UNSPECIFIED) + return true; + + if (content_mode =3D=3D KVM_SET_MEMORY_ATTRIBUTES2_ZERO && to_private) + return false; + + return kvm_arch_gmem_supported_content_modes(kvm, to_private) & content_m= ode; +} + int kvm_gmem_apply_content_mode_zero(struct inode *inode, pgoff_t start, pgoff_t end) { @@ -759,8 +772,26 @@ int __weak kvm_arch_gmem_apply_content_mode_preserve(s= truct kvm *kvm, return -EOPNOTSUPP; } =20 +static int kvm_gmem_apply_content_mode(struct kvm *kvm, uint64_t content_m= ode, + struct inode *inode, pgoff_t start, + pgoff_t end) +{ + switch (content_mode) { + case KVM_SET_MEMORY_ATTRIBUTES2_MODE_UNSPECIFIED: + return kvm_arch_gmem_apply_content_mode_unspecified(kvm, inode, start, e= nd); + case KVM_SET_MEMORY_ATTRIBUTES2_ZERO: + return kvm_arch_gmem_apply_content_mode_zero(kvm, inode, start, end); + case KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE: + return kvm_arch_gmem_apply_content_mode_preserve(kvm, inode, start, end); + default: + WARN_ONCE(1, "Unexpected policy requested."); + return -EOPNOTSUPP; + } +} + static int __kvm_gmem_set_attributes(struct inode *inode, pgoff_t start, size_t nr_pages, uint64_t attrs, + struct kvm *kvm, uint64_t content_mode, pgoff_t *err_index) { bool to_private =3D attrs & KVM_MEMORY_ATTRIBUTE_PRIVATE; @@ -775,7 +806,21 @@ static int __kvm_gmem_set_attributes(struct inode *ino= de, pgoff_t start, =20 filemap_invalidate_lock(mapping); =20 + if (!kvm_gmem_content_mode_is_supported(kvm, content_mode, + to_private)) { + r =3D -EOPNOTSUPP; + *err_index =3D start; + goto out; + } + if (kvm_gmem_range_has_attributes(mt, start, nr_pages, attrs)) { + /* + * Even if no update is required to attributes, the + * requested content mode is applied. + */ + WARN_ON(kvm_gmem_apply_content_mode(kvm, content_mode, + inode, start, end)); + r =3D 0; goto out; } @@ -808,6 +853,9 @@ static int __kvm_gmem_set_attributes(struct inode *inod= e, pgoff_t start, if (!to_private) kvm_gmem_invalidate(inode, start, end); =20 + WARN_ON(kvm_gmem_apply_content_mode(kvm, content_mode, inode, + start, end)); + mas_store_prealloc(&mas, xa_mk_value(attrs)); =20 kvm_gmem_invalidate_end(inode, start, end); @@ -829,7 +877,11 @@ static long kvm_gmem_set_attributes(struct file *file,= void __user *argp) if (copy_from_user(&attrs, argp, sizeof(attrs))) return -EFAULT; =20 - if (attrs.flags) + if (attrs.flags & ~(KVM_SET_MEMORY_ATTRIBUTES2_ZERO | + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE)) + return -EINVAL; + if ((attrs.flags & KVM_SET_MEMORY_ATTRIBUTES2_ZERO) && + (attrs.flags & KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE)) return -EINVAL; for (i =3D 0; i < ARRAY_SIZE(attrs.reserved); i++) { if (attrs.reserved[i]) @@ -849,7 +901,7 @@ static long kvm_gmem_set_attributes(struct file *file, = void __user *argp) nr_pages =3D attrs.size >> PAGE_SHIFT; index =3D attrs.offset >> PAGE_SHIFT; r =3D __kvm_gmem_set_attributes(inode, index, nr_pages, attrs.attributes, - &err_index); + f->kvm, attrs.flags, &err_index); if (r) { attrs.error_offset =3D ((uint64_t)err_index) << PAGE_SHIFT; =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C79F395276; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=Sz3+kzrijbvh4niyne0a2mOvHUqx/CEdPQgmsY8stTwvF/b1e8J4mSfl9WhZ7YLtMy09n3DLFoZcnq+Bsv81ZvEYKXn+aOFf/Kke5erFPwX+Tf8ws2QigmLiMRCJmyCHmWNdguSX4UgOJsySVEwHuNXMIsl3asQosSbzRzxBme0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=O5EusdRtRRcBsbLXs41Iht6PiU+kaHavayRHgykcm70=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=iD1AOchk1KyylMPn+BT/+HVPfEIOobd5DjZO2ks6eksYz9nAJlubUSIbFOb5TOsktRUQLGthGdltbombPFe2tisU3ZQaXo8Pm7WeIImFx6A1yTHN6YbTaM+Q9+6/TPnhyZXjPpo71f8ATlbBUNTEnNXhwmitYqdE2DL/WFWlrL0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ILyLZIk7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ILyLZIk7" Received: by smtp.kernel.org (Postfix) with ESMTPS id 2D89AC2BCAF; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=O5EusdRtRRcBsbLXs41Iht6PiU+kaHavayRHgykcm70=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=ILyLZIk7mLcRdFizYiNm5+SQt8Rlc0tM/h5WbkdME+trzC0BLp+ecwawGTzp7X8II DyOCuQHsDjEiKr3ElyRdA9StEXtC2u0lcl+vBpq3qruQkTKF7ILo2PWH1qrxFuEUqR labSI41SqA0y78nZAvZwTa4v1OSrnwqtTBEQ5gDvBOaMyjPGtUXHfk6RW10uLHEtdv hMw93TrV2EjkWkIO0aa0v41/BfUU4ut4DUNRHwSOdUvcdlh6VBc1teBRCTY2afGGDV UI0k7eDX5mu96a/iXr8rn5vo49LfAMB3Z+Q4qdLdrFaN6X+UpYGIFuVd0u2ubwumMc WxYFtlz+uRxhA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23281FF887B; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:18 -0700 Subject: [PATCH RFC v5 23/53] KVM: x86: Support SW_PROTECTED_VM in applying content modes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-23-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3447; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=9ksW1lIO9ZmZXIT5xvo0JGaOScZO9eFAx8q/FWxGah8=; b=Cy4xUfQRFEwNJDgZS17EsIHexFRRfCGZCJzHnrfM2HPN/NoecocgbvmuMuwK8/LWmqP1BNxCk G0AVsZtj4TUBD2z0PWLopI3VJCmZQUh+/Miluf8cH7GpfDGSe8Qxxx0 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Override the architecture-specific guest_memfd content mode functions for x86 to provide support for KVM_X86_SW_PROTECTED_VM. For software-protected VMs, specify KVM_SET_MEMORY_ATTRIBUTES2_ZERO and KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE as supported content modes. Implement the logic for these modes as follows: + ZERO: Zero out the memory using the generic guest_memfd helper. + PRESERVE: Maintain the existing memory content without modification. + UNSPECIFIED: KVM_X86_SW_PROTECTED_VM is guest_memfd's testing vehicle. Scramble the memory range by filling it with random bytes so test behavior will differ from that of PRESERVE. Signed-off-by: Ackerley Tng --- arch/x86/kvm/x86.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++= ++++ 1 file changed, 93 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 6609957ecfea3..e8abff71001eb 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14194,6 +14194,99 @@ void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm= _pfn_t end) kvm_x86_call(gmem_invalidate)(start, end); } #endif + +u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private) +{ + if (!kvm) { + return KVM_SET_MEMORY_ATTRIBUTES2_ZERO | + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE; + } + + switch (kvm->arch.vm_type) { + case KVM_X86_SW_PROTECTED_VM: + return KVM_SET_MEMORY_ATTRIBUTES2_ZERO | + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE; + default: + return 0; + } +} + +int kvm_arch_gmem_apply_content_mode_zero(struct kvm *kvm, struct inode *i= node, + pgoff_t start, pgoff_t end) +{ + switch (kvm->arch.vm_type) { + case KVM_X86_SW_PROTECTED_VM: + return kvm_gmem_apply_content_mode_zero(inode, start, end); + default: + return 0; + } +} + +int kvm_arch_gmem_apply_content_mode_preserve(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end) +{ + switch (kvm->arch.vm_type) { + case KVM_X86_SW_PROTECTED_VM: + /* Do nothing to preserve content. */ + return 0; + default: + /* Not a valid content mode for other types, so do nothing. */ + return 0; + } +} + +static int __scramble_range(struct inode *inode, pgoff_t start, pgoff_t en= d) +{ + struct address_space *mapping =3D inode->i_mapping; + struct folio_batch fbatch; + struct folio *f; + char *kaddr; + int ret =3D 0; + int i; + + folio_batch_init(&fbatch); + while (!ret && filemap_get_folios(mapping, &start, end - 1, &fbatch)) { + for (i =3D 0; !ret && i < folio_batch_count(&fbatch); ++i) { + f =3D fbatch.folios[i]; + + folio_lock(f); + + if (folio_test_hwpoison(f)) { + ret =3D -EHWPOISON; + } else { + /* + * Hard-coding range to scramble since + * guest_memfd only supports PAGE_SIZE + * folios now. + */ + kaddr =3D kmap_local_folio(f, 0); + get_random_bytes(kaddr, PAGE_SIZE); + kunmap_local(kaddr); + } + + folio_unlock(f); + } + + folio_batch_release(&fbatch); + cond_resched(); + } + + return ret; +} + +int kvm_arch_gmem_apply_content_mode_unspecified(struct kvm *kvm, + struct inode *inode, + pgoff_t start, pgoff_t end) +{ + switch (kvm->arch.vm_type) { + case KVM_X86_SW_PROTECTED_VM: + return __scramble_range(inode, start, end); + default: + return 0; + } +} + #endif =20 int kvm_spec_ctrl_test_value(u64 value) --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7466A3A3E75; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=TzNZHIVG5O63AW6yuDfOXJx9CIRODvbvbaIauwUbfqD17ekOlULYs9ELcYDUUgUasUdR+X8bHfNG35rbt/1QXMj/ACmhs7VKSCjrXlimc8qkhINaQdNOstq0foPJsVbmgOqzmBkKk5gVfN0klbLsyMfnkRpfM5TyhmySyjLUsWo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=zncE2hxQkprEk/co3eBc2SR0h1oYBU1WvKX4YOZi9bM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=YsDr90TROPqrjHQXZCxNDYWfj38QFuQ0Nk6Aj5R9F0cqMGCImV6ZGxLRP1KnIb83kB7iRqXeJtB8iSC/zSnLyoJHdE8ZMrJKv1v6N2nrPJ+csMVc3pfINH1t71BBMXqVeC592xXswc5fo9fDDjbvVBDOCDIdLBMCNfGkWIpt8aE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KUZBH2j5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KUZBH2j5" Received: by smtp.kernel.org (Postfix) with ESMTPS id 407DDC2BCB8; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=zncE2hxQkprEk/co3eBc2SR0h1oYBU1WvKX4YOZi9bM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=KUZBH2j5InYqZEArSttoYJSjeqs4A/ExMhyoDcp25A8Wz8G9/mSZcuLXBAodSZ1gl H+1NyM1FpGLECjTF4lXRXex+qmXR7w2YczKNVE7aC5uAH6PfnOC1t8bNkI+CXxpOCb IbsFwKAvIyJ3lkupbeSAizS6VBtk6uCiMgR8oc07MRuR1NoJvL/jfidW7dzpFLZk7b AXsPioKlZqSzlS/QuVwy0nCbbROpVmRVh46/8byaGXZVxoJC5WUclq58cLgnkwEYD9 WcBTlO8VhgdYVxMSG7JJ5ALHLXHVPHnk6PjD95vSto/EySxo9zvPWfdXqUOo8IG219 SMnIfeS3T+BOw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37697FF8877; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:19 -0700 Subject: [PATCH RFC v5 24/53] KVM: SEV: Make 'uaddr' parameter optional for KVM_SEV_SNP_LAUNCH_UPDATE Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-24-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=6631; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=6I5qY356QuKhvOxH1JQe8xcoUJLrBsuBlWTdyFO/bYI=; b=3BKZsofxSpmgNd3PfWxQbf4StcoBe8YmYcPFtSyrf7dW6HwahUfNHnny0P0z2E9XtxJTwkPtk oW/xZZKZ1dNAcwDaMXpkp9YNj3ce2/puK45bRgGtx1pY7P5UFEHe9vZ X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Michael Roth For vm_memory_attributes=3D1, in-place conversion/population is not supported, so the initial contents necessarily must need to come from a separate src address, which is enforced by the current implementation. However, for vm_memory_attributes=3D0, it is possible for guest memory to be initialized directly from userspace by mmap()'ing the guest_memfd and writing to it while the corresponding GPA ranges are in a 'shared' state before converting them to the 'private' state expected by KVM_SEV_SNP_LAUNCH_UPDATE. Update the handling/documentation for KVM_SEV_SNP_LAUNCH_UPDATE to allow for 'uaddr' to be set to NULL when vm_memory_attributes=3D0, which SNP_LAUNCH_UPDATE will then use to determine when it should/shouldn't copy in data from a separate memory location. Continue to enforce non-NULL for the original vm_memory_attributes=3D1 case. Signed-off-by: Michael Roth [Added src_page check in error handling path when the firmware command fail= s] [Dropped ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES] Signed-off-by: Ackerley Tng --- Documentation/virt/kvm/x86/amd-memory-encryption.rst | 19 +++++++++++++++-= --- arch/x86/kvm/svm/sev.c | 18 +++++++++++++---= -- virt/kvm/kvm_main.c | 1 + 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/Documentation/virt/kvm/x86/amd-memory-encryption.rst b/Documen= tation/virt/kvm/x86/amd-memory-encryption.rst index b2395dd4769de..3b9f36a55a95b 100644 --- a/Documentation/virt/kvm/x86/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/x86/amd-memory-encryption.rst @@ -503,7 +503,12 @@ secrets. =20 It is required that the GPA ranges initialized by this command have had the KVM_MEMORY_ATTRIBUTE_PRIVATE attribute set in advance. See the documentati= on -for KVM_SET_MEMORY_ATTRIBUTES for more details on this aspect. +for KVM_SET_MEMORY_ATTRIBUTES/KVM_SET_MEMORY_ATTRIBUTES2 for more details = on +this aspect. If running with kvm.vm_memory_attributes=3D0 (to allow for +guest_memfd to handle memory attributes and allow for in-place conversion = of +pages between shared/private), the 'PRESERVED' flag/content mode (which is +only available via the KVM_SET_MEMORY_ATTRIBUTES2 interface) must be used +when setting the range to private prior to issuing this ioctl. =20 Upon success, this command is not guaranteed to have processed the entire range requested. Instead, the ``gfn_start``, ``uaddr``, and ``len`` fields= of @@ -511,9 +516,15 @@ range requested. Instead, the ``gfn_start``, ``uaddr``= , and ``len`` fields of remaining range that has yet to be processed. The caller should continue calling this command until those fields indicate the entire range has been processed, e.g. ``len`` is 0, ``gfn_start`` is equal to the last GFN in the -range plus 1, and ``uaddr`` is the last byte of the userspace-provided sou= rce -buffer address plus 1. In the case where ``type`` is KVM_SEV_SNP_PAGE_TYPE= _ZERO, -``uaddr`` will be ignored completely. +range plus 1, and ``uaddr`` (if specified) is the last byte of the +userspace-provided source buffer address plus 1. + +In the case where ``type`` is KVM_SEV_SNP_PAGE_TYPE_ZERO, ``uaddr`` will be +ignored completely. Otherwise, ``uaddr`` is required if +kvm.vm_memory_attributes=3D0 and optional if kvm.vm_memory_attributes=3D1,= since +in the latter case guest memory can be initialized directly from userspace +prior to converting it to private and passing the GPA range on to this +interface. =20 Parameters (in): struct kvm_sev_snp_launch_update =20 diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c2126b3c30724..bf10d24907a00 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2343,7 +2343,15 @@ static int sev_gmem_post_populate(struct kvm *kvm, g= fn_t gfn, kvm_pfn_t pfn, int level; int ret; =20 - if (WARN_ON_ONCE(sev_populate_args->type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO = && !src_page)) + /* + * For vm_memory_attributes=3D1, in-place conversion/population is not + * supported, so the initial contents necessarily need to come from a + * separate src address. For vm_memory_attributes=3D0, this isn't + * necessarily the case, since the pages may have been populated + * directly from userspace before calling KVM_SEV_SNP_LAUNCH_UPDATE. + */ + if (vm_memory_attributes && + sev_populate_args->type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO && !src_page) return -EINVAL; =20 ret =3D snp_lookup_rmpentry((u64)pfn, &assigned, &level); @@ -2390,7 +2398,7 @@ static int sev_gmem_post_populate(struct kvm *kvm, gf= n_t gfn, kvm_pfn_t pfn, */ if (ret && !snp_page_reclaim(kvm, pfn) && sev_populate_args->type =3D=3D KVM_SEV_SNP_PAGE_TYPE_CPUID && - sev_populate_args->fw_error =3D=3D SEV_RET_INVALID_PARAM) { + sev_populate_args->fw_error =3D=3D SEV_RET_INVALID_PARAM && src_page)= { void *src_vaddr =3D kmap_local_page(src_page); void *dst_vaddr =3D kmap_local_pfn(pfn); =20 @@ -2422,8 +2430,8 @@ static int snp_launch_update(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (copy_from_user(¶ms, u64_to_user_ptr(argp->data), sizeof(params))) return -EFAULT; =20 - pr_debug("%s: GFN start 0x%llx length 0x%llx type %d flags %d\n", __func_= _, - params.gfn_start, params.len, params.type, params.flags); + pr_debug("%s: GFN start 0x%llx length 0x%llx type %d flags %d src %llx\n"= , __func__, + params.gfn_start, params.len, params.type, params.flags, params.uaddr); =20 if (!params.len || !PAGE_ALIGNED(params.len) || params.flags || (params.type !=3D KVM_SEV_SNP_PAGE_TYPE_NORMAL && @@ -2479,7 +2487,7 @@ static int snp_launch_update(struct kvm *kvm, struct = kvm_sev_cmd *argp) =20 params.gfn_start +=3D count; params.len -=3D count * PAGE_SIZE; - if (params.type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO) + if (src && params.type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO) params.uaddr +=3D count * PAGE_SIZE; =20 if (copy_to_user(u64_to_user_ptr(argp->data), ¶ms, sizeof(params))) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index ba195bb239aaa..3bf212fd99193 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -105,6 +105,7 @@ module_param(allow_unsafe_mappings, bool, 0444); #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES bool vm_memory_attributes =3D true; module_param(vm_memory_attributes, bool, 0444); +EXPORT_SYMBOL_FOR_KVM_INTERNAL(vm_memory_attributes); #endif DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, kvm_get_memory_attrib= utes_t); EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes= )); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8E6323A4523; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=eMYib1y9F/aahQOFny7vZx1Wc/0CKky30QXasNj9wyx5bRKYGlbunfO8lCN69KDAQOZYKMJUiOnH3+D5U46sfpdTfXjJqhA82K+LojQs5zDSewVnJ4eDLZwec4cJ9XMlSeHwVF6CoCZHbyhg1UknXyds1s2XpTRcM7OMksgWQfI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=yIQ1qb/5thBEPl1WW7+A4KzPierGynmKhGiUR/3Ml6c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=XqEaT6JGDXqdgesbmVFh/YZ4cGvMSg4xdJY6F7CjQgcPvGD/2IxN1941YadEYrz8r/lTlmecLFgDxNem8UHXrUXEJQRn/FtRrNlQHy4EKMYMiuw26lj67/9ny5EHuf+0pQRnQiyvjkyri4taodfHRdPwiXOdA868SRac4LkNh+k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=iqzkNOfj; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="iqzkNOfj" Received: by smtp.kernel.org (Postfix) with ESMTPS id 540A2C2BCF7; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=yIQ1qb/5thBEPl1WW7+A4KzPierGynmKhGiUR/3Ml6c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=iqzkNOfjetQv0OkOlMI4tZoTh+sRABN+hK+ANmOFw/Y0SQPFWkuEL1h8joP+JXUaw holJDjTe6B+rq4XlfKj3mAaSD488WXovSxw7VjFVbkk31MlIsZriCcQAUobgbbS5+4 U3vufYnU831eYzE7hnJgsAplr2Sf/lQetR74SIaW6TYCvLC9TnTHOVdX1yhvunNxmR sAZhmVuNPo8Ha+M+kQdBEXi3e+yI+rAc5yHBoH4kzECyKbbnVWSU33aaWelmlFVaur YvVc8MESc7z18FYFcuPypzKc/GC7Ywh8zipYDdvDfBE6GhtkEphZ+kVUEtljAgqH/I bH4JGvvE8VGtw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B007FF8875; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:20 -0700 Subject: [PATCH RFC v5 25/53] KVM: TDX: Make source page optional for KVM_TDX_INIT_MEM_REGION Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-25-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2077; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=ZUVil0lCIwc17luhnyQSnbr0drwWGJzhuW+VIyBKAEE=; b=7+JgXh5IsJ8zEo/B+5TkhpuCJ+LAfF3PUrxanugOqLUqBAxiPXjz3BKUNbVG/YL3JTPBaLNVM Arrpar2DOqaCNzQACmKnSm35p43EbE0LBLcBBsBuSJO2Q79UgEO9KPL X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Update tdx_gmem_post_populate() to handle cases where a source page is not explicitly provided. Instead of returning -EOPNOTSUPP when src_page is NULL, default to using the page associated with the destination PFN. This change allows for in-place memory conversion where the data is already present in the target PFN, ensuring the TDX module has a valid source page reference for the TDH.MEM.PAGE.ADD operation. Signed-off-by: Ackerley Tng --- Documentation/virt/kvm/x86/intel-tdx.rst | 4 ++++ arch/x86/kvm/vmx/tdx.c | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Documentation/virt/kvm/x86/intel-tdx.rst b/Documentation/virt/= kvm/x86/intel-tdx.rst index 6a222e9d09541..fbc0f179dc750 100644 --- a/Documentation/virt/kvm/x86/intel-tdx.rst +++ b/Documentation/virt/kvm/x86/intel-tdx.rst @@ -158,6 +158,10 @@ KVM_TDX_INIT_MEM_REGION Initialize @nr_pages TDX guest private memory starting from @gpa with user= space provided data from @source_addr. @source_addr must be PAGE_SIZE-aligned. =20 +If memory attributes are tracked in guest_memfd, pass NULL for +@source_addr to initialize the memory region using memory contents +already populated in guest_memfd memory. + Note, before calling this sub command, memory attribute of the range [gpa, gpa + nr_pages] needs to be private. Userspace can use KVM_SET_MEMORY_ATTRIBUTES to set the attribute. diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 04ce321ebdf39..10373e606242a 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -3116,8 +3116,12 @@ static int tdx_gmem_post_populate(struct kvm *kvm, g= fn_t gfn, kvm_pfn_t pfn, if (KVM_BUG_ON(kvm_tdx->page_add_src, kvm)) return -EIO; =20 - if (!src_page) - return -EOPNOTSUPP; + if (!src_page) { + if (vm_memory_attributes) + return -EOPNOTSUPP; + + src_page =3D pfn_to_page(pfn); + } =20 kvm_tdx->page_add_src =3D src_page; ret =3D kvm_tdp_mmu_map_private_pfn(arg->vcpu, gfn, pfn); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8120D3A450E; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=aiBkimQjiHKUPLSkULhjOJyP4jD3p1c060Jc9JQ+Os/hNu0KUNMqzH7evDivxOUlZ1ipHoKUpXDa97aBNGkTNhKw5czrKmr63ARXNe2hMdmABeQIou4yybea6Leu/cDMMWtnzF//+ahuxLHXdUCf7OWMvkZ3VbWAI3FzOxKxCKw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=Q2i5UGWinxKGxu+Xi3skJAPhJUuuLkegXOFl75kQp0o=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Bjao3R+n8bHE+qBGExctVJbEvMUW9awfE3Gpwoyx566okgY9GbIq+PCPPMluw513VaNF5tBtunSiBMQZNkTyzPzXiVsWj8qwt2R9lhAF8S1C8LJ9VnZXyHZUf0ArS9pRIsS6Y0YMT+AqEK7F8DeH3VSVZKWE9nUESTExyIAVnxI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=kc3gS6JJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="kc3gS6JJ" Received: by smtp.kernel.org (Postfix) with ESMTPS id 677F4C2BCFD; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=Q2i5UGWinxKGxu+Xi3skJAPhJUuuLkegXOFl75kQp0o=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=kc3gS6JJ+D/sZEMcllPb90lqPHcTZDeI3P8kvpmGeawfufhE8WNrj3bSF28IB5g9y TwB4fwAoybf68c/7BuukvCzRzB4s0lORoA7GeDolLk4r6ae0Z8P4PM9/xI/shqDbj0 fWajpIqFy+KMlLvK4vRIQZRe4wmKjv/HxyWqnMePv+ox4nOnWZN3H313xzy96NEv7O W+k5GkxRnqwDzzhegW+up9Cazf+Jv5E3npUqSRovdAhVD5hOn2rGyBFkb/H3Dx4pcn u3KCPvTZdzYZcWk6LVEAbFNnEb6SKhEX5VKOXvEY7fmb+Kosk+uLy2Lq9N6O65pNmy xB4AFUiaKCAWg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E801FF887E; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:21 -0700 Subject: [PATCH RFC v5 26/53] KVM: x86: Support SNP and TDX applying content modes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-26-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=4286; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=i6q4uvrNtDgNcr9CUmAU4UKURJOJAI1o/insHn6kLI8=; b=foRZV+tCQRN2/9dqQLMIWhiR8IkHAAal9ueWWCez/CvrtzIdOAsEjakqSz8gPfly9NNY9T4yW o8g90xsHHZlBcopXzRcG+cTT1Wpw3RzkLcw9qlFNF/cbBuXd7+GBfv/ X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Define supported content modes for TDX and SNP. For now, content preservation is not generally supported for conversions. Allow conversion only from shared to private before the VM is finalized to support this VM set up flow from userspace: 1. Set up guest_memfd as shared. 2. Write directly to guest_memfd. 3. Set memory attributes to private with the PRESERVE flag 4. Call KVM_TDX_INIT_MEM_REGION/KVM_SEV_SNP_LAUNCH_UPDATE to load and encrypt memory An alternative would be to the work done by the kernel in step 3 into 4, but the process of conversion is complicated (needs to check refcounts, handle failures, etc) and plumbing the errors out through the platform-specific ioctl is complex and pollutes the platform-specific ioctl. Allow conversion with content preservation only to_private since preserving content on a to-shared conversion after population cannot be supported. Suggested-by: Sean Christopherson Signed-off-by: Ackerley Tng Co-developed-by: Michael Roth Signed-off-by: Michael Roth --- Documentation/virt/kvm/api.rst | 3 +++ arch/x86/kvm/x86.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index 61b9974ba52e9..aaa4a82f0b75d 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -6659,6 +6659,9 @@ The content modes available are as follows: converts the memory to shared, the host (and guest) will read ``0xbeef`` (if the memory is accessible). =20 + For TDX and SNP, content preservation is only supported before the + VM is finalized, and only on conversion to private. + Note: These content modes apply to the entire requested range, not just the parts of the range that underwent conversion. For example, if this was the initial state: diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index e8abff71001eb..296ed3b8ace6c 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14206,6 +14206,32 @@ u64 kvm_arch_gmem_supported_content_modes(struct k= vm *kvm, bool to_private) case KVM_X86_SW_PROTECTED_VM: return KVM_SET_MEMORY_ATTRIBUTES2_ZERO | KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE; + case KVM_X86_SNP_VM: + case KVM_X86_TDX_VM: { + u64 supported =3D KVM_SET_MEMORY_ATTRIBUTES2_ZERO; + + /* + * Preservation is only supported for VMs with + * protected state up until the guest is launched and + * vCPUs become capable of generating KVM MMU faults, + * since those faults can be destructive to the + * initial memory contents from the guest point of + * view, i.e. plaintext data will become random data, + * or zeroed, after a shared->private conversion. + * + * Use pre_fault_allowed to guard PRESERVE support, + * since that is set to true when VMs are finalized. + * + * Along the same lines, only support PRESERVE for + * to_private conversions, since when converting to + * shared, memory contents for pages that had already + * been faulted could be zeroed. + */ + if (to_private && !kvm->arch.pre_fault_allowed) + supported |=3D KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE; + + return supported; + } default: return 0; } @@ -14216,6 +14242,16 @@ int kvm_arch_gmem_apply_content_mode_zero(struct k= vm *kvm, struct inode *inode, { switch (kvm->arch.vm_type) { case KVM_X86_SW_PROTECTED_VM: + case KVM_X86_SNP_VM: + case KVM_X86_TDX_VM: + /* + * TDX firmware will zero on unmapping from the + * Secure-EPTs, but suppose a shared page with + * contents was converted to private, and then + * converted back without ever being mapped into + * Secure-EPTs: guest_memfd can't rely on TDX firmware + * for zeroing then. + */ return kvm_gmem_apply_content_mode_zero(inode, start, end); default: return 0; @@ -14228,6 +14264,8 @@ int kvm_arch_gmem_apply_content_mode_preserve(struc= t kvm *kvm, { switch (kvm->arch.vm_type) { case KVM_X86_SW_PROTECTED_VM: + case KVM_X86_SNP_VM: + case KVM_X86_TDX_VM: /* Do nothing to preserve content. */ return 0; default: --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BFE13A4527; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=Ck/n2aC+T4D/LGxDohgL1fEtJhHubFGP+OA9DgCYg+nZVGEgBsPlDL5GUXNR2B/UJfDGPHp/0+oWRgTxZQUdjOTiLu+IMq5wOWeIQoYE3IFPPbCHD7DmVH9VJGd0hnCVUCRsWfc5WegdPY2FTRbhzqIZiqF1/p1gcBxRK31Nvtg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=W95IiIrObMcGrhAhPOa1Lzdp+cLl7f0y7x5Z4Hm0jDM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Bcht6QIghu11XoiK+1rRvccKpADha0BNKRXnzrFd5kC/9F+iyS/SZe7EeCPoTs9gA83ebrFpnPzxJU24hzp7O7OpYZfPWW+ujRa8bLv6mQ1XcJJidUyjhaOd6IvSSsKDPoUnNqrlYG+HaE5ibI9O90g3ht6/Zsl0RBNq0EDSiNM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=tuXGvioN; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="tuXGvioN" Received: by smtp.kernel.org (Postfix) with ESMTPS id 7B95CC2BD05; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=W95IiIrObMcGrhAhPOa1Lzdp+cLl7f0y7x5Z4Hm0jDM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=tuXGvioN52WoQt0JOaZJgEyfTYb1wwe1yCUqqeHib62/xvuhEUZ31BqZd44hMhToV 6qOrYvQ80z8gHDqsw/freo5a0rQPhmRRZL7wi6NXmfLlO8INMI9TgZSE01FxocsyZh PdgbAqT9LB5AnA4k4rD9AwQcSBbDqJjqxKre+9vst80kxdHbSo9NR4JQVKjpz5/8tu 2ZXKwuurxDjsN6bKzHA0WGJAkjcLNVMY+jUQtW1zzPQ9WfgFctAiHu4tjULtMbefBV 0erieBB/MVon+2fFpzaSFknk4l6nJhG1DfdxKJmh9IL+obK+cgZZOs2M8Qbq6+2YEa AgDMxdyHPupvw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 727BAFF8875; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:22 -0700 Subject: [PATCH RFC v5 27/53] KVM: x86: Bug CoCo VM on page fault before finalizing Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-27-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1213; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=tiTenJm2569v5eEA4Z7Xk+parAwNdRT4spl4m/ukMSc=; b=Ddok4n3bkINYasSG44K3iwGimZ3Lx7mZtFodZ99SfqY6+rmIB6rUmN3BUBBQoCmaMltcVCYvA 9LeCHnRTzRhCqSGRL1TQUNOKoyvJhWw8WcEOLkkGetGbfg7UvhxOVAp X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng In-place conversion of guest_memfd memory to private is allowed with the PRESERVE flag to enable populating guest memory only before CoCo VMs are finalized. Allowing CoCo VMs to fault memory could mess up memory contents. Hence, as a second layer check, bug CoCo VMs if they try to fault in memory from guest_memfd before the VMs are finalized. Suggested-by: Sean Christopherson Signed-off-by: Ackerley Tng --- arch/x86/kvm/mmu/mmu.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index d3da387340a9d..8c5a3d2a7470b 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4599,6 +4599,13 @@ static int kvm_mmu_faultin_pfn_gmem(struct kvm_vcpu = *vcpu, return -EFAULT; } =20 + /* Cannot fault from guest_memfd before CoCo VM is finalized. */ + if (KVM_BUG_ON(vcpu->kvm->arch.has_protected_state && + !vcpu->kvm->arch.pre_fault_allowed, + vcpu->kvm)) { + return -EFAULT; + } + r =3D kvm_gmem_get_pfn(vcpu->kvm, fault->slot, fault->gfn, &fault->pfn, &fault->refcounted_page, &max_order); if (r) { --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AFDAA3A4F23; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=jVO643NML90Yt1d7qRaS076bY6NuLRYjYFR/rVGSC8YyGiKJ4hSIfkPIHDJ5X/t0l9G3k9Vk6dj+OP04AIRfcInHqq8LCwaCzCH/9Y1GPYdmbJYVcqEZySTdpBmJlzexDVtm3wKsg8sPQU8vIxF2xyrOs7pC0eAVIx0+QF5Z2pI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=8ldZ9tHAeXetrK8aWEmsZfkrv8T0wMkcO8Q1/+uxlWI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lti/U2xlhkKnevq7fqKdDG5tg9ZAGAZL4lHTI98OZguQnUK//qhqGXIDxszq2RRKIetPWmKmasSypPcYv4MZUdTyvi0FrOcqpmNiR5v1TYAqnxCoje+eWYWKHu2ug7/VaS1apq4zxIlYQ2c+sDBieJpPmdtyHOVazpwoR5pQQns= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KPo1ak4h; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KPo1ak4h" Received: by smtp.kernel.org (Postfix) with ESMTPS id 93FFFC2BCB7; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=8ldZ9tHAeXetrK8aWEmsZfkrv8T0wMkcO8Q1/+uxlWI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=KPo1ak4h7ief2ISZWZW/EZ/7mUK0FEIdHn2SODaZCs0Xf9ufV8ZFGVD+Zvn1XPy16 hOPfyNzOV+QHcobBqaiFHqyiR564LH6VCqekgHYYkg/Y8lwpVVCgKYBlgKuuctko5o enSa0z2IGSPOyRO49DfClhcVZS8kELk+tSkcoG5HsX+wHT9yMv64B6Isrxj/DOkR3d 64p1juXX/MayYcil/tbYNM8OzvEoLcNYa/EoZUr012aUdWyzvQNAQbsxNL+wdycRsN MF6X1JVo+QubUlUkjEa6BJGfJx/+cOZhRxthZAaXtQuEm235OEBXyBl1KbexW7FOGh 8X7sSXG5wpFKw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 88EE9FF8877; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:23 -0700 Subject: [PATCH RFC v5 28/53] KVM: Add CAP to enumerate supported SET_MEMORY_ATTRIBUTES2 flags Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-28-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5528; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=pIqYKdyBIT9N1Rsog/1YD0EZWPUQYi37ZuQ2ZuzAyaY=; b=LQBZ48AGkz7+oQLurDh/BMdAf+VaqtbjZWVqTJOoJUGv/ubksh354Cn4r3Ib2Hs6R4f/Dz53w n3OEKv307fhDKS75Bmp15XQZ4T1xi6Ti7nszk4NxAk+S39eJn3ZXztw X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add CAP to enumerate supported SET_MEMORY_ATTRIBUTES2 flags, so userspace can find out which flags are supported when sending the KVM_SET_MEMORY_ATTRIBUTES2 ioctl to a guest_memfd. Add a parameter for_cap to support enumeration of supported flags irrespective of attribute being set. These flags are only supported by guest_memfd, hence, if vm_memory_attributes is enabled, return 0 - no flags are supported when KVM_SET_MEMORY_ATTRIBUTES2 is sent to a VM fd. Signed-off-by: Ackerley Tng --- Documentation/virt/kvm/api.rst | 3 +++ arch/x86/kvm/x86.c | 5 +++-- include/linux/kvm_host.h | 11 ++++++++++- include/uapi/linux/kvm.h | 1 + virt/kvm/guest_memfd.c | 6 ++++-- virt/kvm/kvm_main.c | 5 +++++ 6 files changed, 26 insertions(+), 5 deletions(-) diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst index aaa4a82f0b75d..38938243c2dfd 100644 --- a/Documentation/virt/kvm/api.rst +++ b/Documentation/virt/kvm/api.rst @@ -6685,6 +6685,9 @@ guarantees are made on offset ranges that do not have= memory allocated and range [0x0000, 0x3000) was set to shared, the content mode would apply to only to offset ranges [0x0000, 0x1000) and [0x2000, 0x3000). =20 +The supported content modes can be queried using +``KVM_CAP_MEMORY_ATTRIBUTES2_FLAGS``. + See also: :ref: `KVM_SET_MEMORY_ATTRIBUTES`. =20 .. _kvm_run: diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 296ed3b8ace6c..92709735613d5 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14195,7 +14195,8 @@ void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm_= pfn_t end) } #endif =20 -u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private) +u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private, + bool for_cap) { if (!kvm) { return KVM_SET_MEMORY_ATTRIBUTES2_ZERO | @@ -14227,7 +14228,7 @@ u64 kvm_arch_gmem_supported_content_modes(struct kv= m *kvm, bool to_private) * shared, memory contents for pages that had already * been faulted could be zeroed. */ - if (to_private && !kvm->arch.pre_fault_allowed) + if (for_cap || (to_private && !kvm->arch.pre_fault_allowed)) supported |=3D KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE; =20 return supported; diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 458bad0083c37..13d126dde32f1 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -742,7 +742,8 @@ static inline u64 kvm_gmem_get_supported_flags(struct k= vm *kvm) return flags; } =20 -u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private= ); +u64 kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_private, + bool for_cap); int kvm_gmem_apply_content_mode_zero(struct inode *inode, pgoff_t start, pgoff_t end); int kvm_arch_gmem_apply_content_mode_zero(struct kvm *kvm, struct inode *i= node, @@ -2551,6 +2552,14 @@ static inline u64 kvm_supported_mem_attributes(struc= t kvm *kvm) return 0; } =20 +static inline u64 kvm_supported_set_mem_attributes2_flags(struct kvm *kvm) +{ + if (!IS_ENABLED(CONFIG_KVM_GUEST_MEMFD)) + return 0; + + return kvm_arch_gmem_supported_content_modes(kvm, false, true); +} + typedef unsigned long (kvm_get_memory_attributes_t)(struct kvm *kvm, gfn_t= gfn); DECLARE_STATIC_CALL(__kvm_get_memory_attributes, kvm_get_memory_attributes= _t); =20 diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index c7cc6c22c2023..c0d465a5577da 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -997,6 +997,7 @@ struct kvm_enable_cap { #define KVM_CAP_S390_KEYOP 247 #define KVM_CAP_S390_VSIE_ESAMODE 248 #define KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES 249 +#define KVM_CAP_MEMORY_ATTRIBUTES2_FLAGS 250 =20 struct kvm_irq_routing_irqchip { __u32 irqchip; diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 5c1db67e6fd35..071bf636ba5c0 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -693,7 +693,8 @@ static void kvm_gmem_invalidate(struct inode *inode, pg= off_t start, pgoff_t end) static void kvm_gmem_invalidate(struct inode *inode, pgoff_t start, pgoff_= t end) {} #endif =20 -u64 __weak kvm_arch_gmem_supported_content_modes(struct kvm *kvm, bool to_= private) +u64 __weak kvm_arch_gmem_supported_content_modes(struct kvm *kvm, + bool to_private, bool for_cap) { /* Architectures must override with supported modes. */ return 0; @@ -709,7 +710,8 @@ static bool kvm_gmem_content_mode_is_supported(struct k= vm *kvm, if (content_mode =3D=3D KVM_SET_MEMORY_ATTRIBUTES2_ZERO && to_private) return false; =20 - return kvm_arch_gmem_supported_content_modes(kvm, to_private) & content_m= ode; + return kvm_arch_gmem_supported_content_modes(kvm, to_private, false) & + content_mode; } =20 int kvm_gmem_apply_content_mode_zero(struct inode *inode, pgoff_t start, diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 3bf212fd99193..9fa6ecebab939 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4979,6 +4979,11 @@ static int kvm_vm_ioctl_check_extension_generic(stru= ct kvm *kvm, long arg) return 0; =20 return kvm_supported_mem_attributes(kvm); + case KVM_CAP_MEMORY_ATTRIBUTES2_FLAGS: + if (vm_memory_attributes) + return 0; + + return kvm_supported_set_mem_attributes2_flags(kvm); #endif default: break; --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C70423A4F5A; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; cv=none; b=MxmHOoy7e29J6Za88aoOYOxh81AmqcQsmRcI11EPHAqQ6DG/sLfU0nbjiB70XB3Sv86KJ0EwVLcwZzo/KVlx3KKtknypZ02mN6hcoeo+rrQdXCITh6SmkPrCSadMXZGrthaP//rEBJZBj1g/ux3RcXROdah9qhAFc6gsrIzb9qw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418719; c=relaxed/simple; bh=h0E8/6sqDBUjmrJANiVtGnaPjc3NqIh4YoXQcBBDZCs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=ksRD5ITPlixljlVWw6P/bTRtcHaExIyZNKeMY7ITJSmjoHGCNI0p86WhwuOVqHllvDLxJEnyQmvkaR0NpbddbpexyIrhLb6RYrRsrYsxlyIiUJ1irc/mhP5dGe3x4uUKtLvs3v3S7d4zZRI5l8rEj6+QtiRMLklI4whDX4mn24w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uIjiu9AO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uIjiu9AO" Received: by smtp.kernel.org (Postfix) with ESMTPS id A9692C2BCC6; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=h0E8/6sqDBUjmrJANiVtGnaPjc3NqIh4YoXQcBBDZCs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=uIjiu9AO2n+mlQXWf2gw8OqrACXNjfOEaBEpNgzz2AfJY/Ri/0V5QqIKx5Sm0HIHx 2rH+cAXJYjtxFT3VJFWkYdnePPg4U/sbXO0O/YI8xkfiCSYRzCDR+txOf27iOTZxlL kRFx73QCeQd8frJF/qhIKV+yLHMTD9+wqiX97Frp3hNJ28Rixfjsl4N6VAARpHtf1q Mxdb2eM7aHAWc+9oomi2DHOAYpiqRUM1OgO3DZRdc7XJpYRkkhvnNhr4eIXimfAzTR SVSJ56X+ixQm0S7s+QCDdmNRkjfBTu4paI9tTQlwwLub5YUawwsKsmCvnhw0aVRIL8 k1lp/kTtuUSCQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DAF7CCF9E3; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:24 -0700 Subject: [PATCH RFC v5 29/53] KVM: selftests: Create gmem fd before "regular" fd when adding memslot Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-29-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2823; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=xIGL1xcJD27ice4aJgoH91ewbUcnazqU1ilqG8uRRXI=; b=KLdpylxs7EMDFFjrINTIXIZrFpXw4Ph7VX2ZjGBd63YJibo+NhqXvS32V8elMg2pLudMsgawf qO+LRqj10LJAlOQU6/3WvHtyA6qVnGYE4bNRtRE7lGHCjeSiqhsT5zA X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson When adding a memslot associated a guest_memfd instance, create/dup the guest_memfd before creating the "normal" backing file. This will allow dup'ing the gmem fd as the normal fd when guest_memfd supports mmap(), i.e. to make guest_memfd the _only_ backing source for the memslot. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/lib/kvm_util.c | 45 +++++++++++++++-----------= ---- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 2a76eca7029d3..df73b23a4c66a 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1054,6 +1054,29 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backi= ng_src_type src_type, if (alignment > 1) region->mmap_size +=3D alignment; =20 + if (flags & KVM_MEM_GUEST_MEMFD) { + if (guest_memfd < 0) { + u32 guest_memfd_flags =3D 0; + + TEST_ASSERT(!guest_memfd_offset, + "Offset must be zero when creating new guest_memfd"); + guest_memfd =3D vm_create_guest_memfd(vm, mem_size, guest_memfd_flags); + } else { + /* + * Install a unique fd for each memslot so that the fd + * can be closed when the region is deleted without + * needing to track if the fd is owned by the framework + * or by the caller. + */ + guest_memfd =3D kvm_dup(guest_memfd); + } + + region->region.guest_memfd =3D guest_memfd; + region->region.guest_memfd_offset =3D guest_memfd_offset; + } else { + region->region.guest_memfd =3D -1; + } + region->fd =3D -1; if (backing_src_is_shared(src_type)) region->fd =3D kvm_memfd_alloc(region->mmap_size, @@ -1083,28 +1106,6 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backi= ng_src_type src_type, =20 region->backing_src_type =3D src_type; =20 - if (flags & KVM_MEM_GUEST_MEMFD) { - if (guest_memfd < 0) { - u32 guest_memfd_flags =3D 0; - TEST_ASSERT(!guest_memfd_offset, - "Offset must be zero when creating new guest_memfd"); - guest_memfd =3D vm_create_guest_memfd(vm, mem_size, guest_memfd_flags); - } else { - /* - * Install a unique fd for each memslot so that the fd - * can be closed when the region is deleted without - * needing to track if the fd is owned by the framework - * or by the caller. - */ - guest_memfd =3D kvm_dup(guest_memfd); - } - - region->region.guest_memfd =3D guest_memfd; - region->region.guest_memfd_offset =3D guest_memfd_offset; - } else { - region->region.guest_memfd =3D -1; - } - region->unused_phy_pages =3D sparsebit_alloc(); if (vm_arch_has_protected_memory(vm)) region->protected_phy_pages =3D sparsebit_alloc(); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E101D3A543D; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=kCONsJh/KMCy8yCjwshs2ptMUeyiVcL5IvlrCky1RPc5af9fC+NdWfn2BcUAL6zDHcxbPjDsTZvcXzIc7H8YMlCOqQQzAdo4c6hD8Z8c91/1UjXGocWzSdU6I4irVw1ibZMC9LpUwNYIbsLSwWAM9pPqqHM2GxRLDhk01ygATAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=yexdFTEVv+31wQtvzDvKuoWyweqmVlE/A5ffXV/oVKM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GE82Rbl3vckpextfC/Ytr3o8x8Pl9zz8t+hcp/8JE/qcuVaFA7FzsheeS0yjMIjF0AcpLMdpePXf99qc2KRcatI7DhEJAmMa3fn6Vu/7qdvLSOXYK+wfqP17wqnSJW6ucQ+tTXgZGp7so5gyYF4YWPx7xkD5TNi/t/AgFDwFX3U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jd9eHhBG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jd9eHhBG" Received: by smtp.kernel.org (Postfix) with ESMTPS id C109CC2BCB9; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=yexdFTEVv+31wQtvzDvKuoWyweqmVlE/A5ffXV/oVKM=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=jd9eHhBGG9P76cOcIzUgEGQ9UJ0wGfPk/RLEXiD1U+PvjyVgIZYtwQbUoYbeg6rqP 8i567fDXh/ea8HxeKj6m4GtSlRGIEusj4p8cyIk4ijJtMVcNXs8JlIAbdzwiuJMIaD p/g6hkjUKhoPPdU47H/7SH5RtUmYQ0XJKdiyfqo+dkUspt+ePTb4rtqF9stpkGwDZj M1PGsUG8lOwdyqTWdYQtctIxJEr51RPwJfFoI80ywz9NgekuuIbaf4h9U/RmfdheNT /CjO27qvnAH/4ss2RiDW9czDu1U5g3X9Ubj9OcMQN7rZtOxKJdrJe6nShf9haQPIgQ 3KeeaDrugq/XQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B264CFF887E; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:25 -0700 Subject: [PATCH RFC v5 30/53] KVM: selftests: Rename guest_memfd{,_offset} to gmem_{fd,offset} Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-30-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=4957; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=ky/Djb4z6u0gPC8eEsebTUyxChuRf79nsfBVLue2KhY=; b=DClKgGB5DXNYnlQTxOI+voCiqTvsj8S8byo1LQy9IRVlRzdSlTL2OVu97+F0n4whjqi9yS2sL 9MLZVcRHgPLCM6a/AXz9qu4i1CCXZKWFxxM7KVeGayOBirO8ORDwLYK X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Rename local variables and function parameters for the guest memory file descriptor and its offset to use a "gmem_" prefix instead of "guest_memfd_". No functional change intended. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/kvm_util.h | 6 +++--- tools/testing/selftests/kvm/lib/kvm_util.c | 26 +++++++++++++---------= ---- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing= /selftests/kvm/include/kvm_util.h index 2ecaaa0e99654..f19383376ee8e 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -690,17 +690,17 @@ int __vm_set_user_memory_region(struct kvm_vm *vm, u3= 2 slot, u32 flags, gpa_t gpa, u64 size, void *hva); void vm_set_user_memory_region2(struct kvm_vm *vm, u32 slot, u32 flags, gpa_t gpa, u64 size, void *hva, - u32 guest_memfd, u64 guest_memfd_offset); + u32 gmem_fd, u64 gmem_offset); int __vm_set_user_memory_region2(struct kvm_vm *vm, u32 slot, u32 flags, gpa_t gpa, u64 size, void *hva, - u32 guest_memfd, u64 guest_memfd_offset); + u32 gmem_fd, u64 gmem_offset); =20 void vm_userspace_mem_region_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags); void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags, - int guest_memfd_fd, u64 guest_memfd_offset); + int gmem_fd, u64 gmem_offset); =20 #ifndef vm_arch_has_protected_memory static inline bool vm_arch_has_protected_memory(struct kvm_vm *vm) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index df73b23a4c66a..11da9b7546d03 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -947,7 +947,7 @@ void vm_set_user_memory_region(struct kvm_vm *vm, u32 s= lot, u32 flags, =20 int __vm_set_user_memory_region2(struct kvm_vm *vm, u32 slot, u32 flags, gpa_t gpa, u64 size, void *hva, - u32 guest_memfd, u64 guest_memfd_offset) + u32 gmem_fd, u64 gmem_offset) { struct kvm_userspace_memory_region2 region =3D { .slot =3D slot, @@ -955,8 +955,8 @@ int __vm_set_user_memory_region2(struct kvm_vm *vm, u32= slot, u32 flags, .guest_phys_addr =3D gpa, .memory_size =3D size, .userspace_addr =3D (uintptr_t)hva, - .guest_memfd =3D guest_memfd, - .guest_memfd_offset =3D guest_memfd_offset, + .guest_memfd =3D gmem_fd, + .guest_memfd_offset =3D gmem_offset, }; =20 TEST_REQUIRE_SET_USER_MEMORY_REGION2(); @@ -966,10 +966,10 @@ int __vm_set_user_memory_region2(struct kvm_vm *vm, u= 32 slot, u32 flags, =20 void vm_set_user_memory_region2(struct kvm_vm *vm, u32 slot, u32 flags, gpa_t gpa, u64 size, void *hva, - u32 guest_memfd, u64 guest_memfd_offset) + u32 gmem_fd, u64 gmem_offset) { int ret =3D __vm_set_user_memory_region2(vm, slot, flags, gpa, size, hva, - guest_memfd, guest_memfd_offset); + gmem_fd, gmem_offset); =20 TEST_ASSERT(!ret, "KVM_SET_USER_MEMORY_REGION2 failed, errno =3D %d (%s)", errno, strerror(errno)); @@ -979,7 +979,7 @@ void vm_set_user_memory_region2(struct kvm_vm *vm, u32 = slot, u32 flags, /* FIXME: This thing needs to be ripped apart and rewritten. */ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags, - int guest_memfd, u64 guest_memfd_offset) + int gmem_fd, u64 gmem_offset) { int ret; struct userspace_mem_region *region; @@ -1055,12 +1055,12 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_back= ing_src_type src_type, region->mmap_size +=3D alignment; =20 if (flags & KVM_MEM_GUEST_MEMFD) { - if (guest_memfd < 0) { - u32 guest_memfd_flags =3D 0; + if (gmem_fd < 0) { + u32 gmem_flags =3D 0; =20 - TEST_ASSERT(!guest_memfd_offset, + TEST_ASSERT(!gmem_offset, "Offset must be zero when creating new guest_memfd"); - guest_memfd =3D vm_create_guest_memfd(vm, mem_size, guest_memfd_flags); + gmem_fd =3D vm_create_guest_memfd(vm, mem_size, gmem_flags); } else { /* * Install a unique fd for each memslot so that the fd @@ -1068,11 +1068,11 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_back= ing_src_type src_type, * needing to track if the fd is owned by the framework * or by the caller. */ - guest_memfd =3D kvm_dup(guest_memfd); + gmem_fd =3D kvm_dup(gmem_fd); } =20 - region->region.guest_memfd =3D guest_memfd; - region->region.guest_memfd_offset =3D guest_memfd_offset; + region->region.guest_memfd =3D gmem_fd; + region->region.guest_memfd_offset =3D gmem_offset; } else { region->region.guest_memfd =3D -1; } --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:44 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F04523A545A; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=N0m/eQ9SQpdf1mVvJ6kd/I8uky58dvgoerElFG+oS4Sw1ppOEZ6TRz+tmtSM7Ndxho7/Rb5PzAJmID8eWLjdC4rQPHACZ5Xoler8ct5cDC32IK4sspZpXWI/ZzFpQxgxzf5otmVr64WeAgysvcBfzQzOEipZ+l2tXn5rA7yHjZA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=Tb5TguUqj83q6EkDS3KK98jP7mZKk3DZAdSKTO+qVyE=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=QO0Nc9oxqXgzt8+m5z2D9IMX4sSyqsOhLII3rd2O/9nR2RuoyZMxPlf7G2S8HD83lhIxJ5J15GreAbwETEAiGFqIUA3puz6ZVFqTEbl3fN6vG27eaFwTqzG+6lIMtLvVmGw8jeM/swdPw7rGxl2481Pyp46K82rxMmTh8dWqtcs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KDSTg4WS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KDSTg4WS" Received: by smtp.kernel.org (Postfix) with ESMTPS id CF426C2BCB3; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=Tb5TguUqj83q6EkDS3KK98jP7mZKk3DZAdSKTO+qVyE=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=KDSTg4WSIZFOC5Ne9UPdjPf11FJ2ufRAsp7BnH1g63i8+JvnsKb1bwRa7IkczuiPz fpYVsVUxrkjgtxLek+knPsaeFBrqT4IVzST2ph6s+zhTp8oJ+coEphM9oVvLpFBtMN bs1FL17Ck7z8IKneb3i7RO4PGF/RADSxwCrp1GqL3Q7VlYPqfo4EMrRW2kd3Cqi110 1akzhK4luTxaYhC3WMAQATv0oETiZj+2Yg6/NSkSASCJjJESareUF2ogoqxZO/DD6u cLSA7FVdL7fHukrZPStXG5d7TrXAB9IyjC8wOH8+KwoDPeEtzuAFPzPDdZ+zTC8UfI gmeixg9KrIrmg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C589FFF8875; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:26 -0700 Subject: [PATCH RFC v5 31/53] KVM: selftests: Add support for mmap() on guest_memfd in core library Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-31-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5449; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=9LuZKo8RnG3pI99RA8uUaagBn7KtPFHLhC8KQm9YV7Q=; b=a5nVRdhvKlIKuUk1DfR/yQJcWLS2+TX8K8rJWDhgYQaX3s6oiuHHkvhGzXMmyHNeeQ16C+zSY 45XzSUi64ncDaYSqmwLop1tZ3QU92mUwgcnpg8HmfrsWfw5lBZhlUqM X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Accept gmem_flags in vm_mem_add() to be able to create a guest_memfd within vm_mem_add(). When vm_mem_add() is used to set up a guest_memfd for a memslot, set up the provided (or created) gmem_fd as the fd for the user memory region. This makes it available to be mmap()-ed from just like fds from other memory sources. mmap() from guest_memfd using the provided gmem_flags and gmem_offset. Add a kvm_slot_to_fd() helper to provide convenient access to the file descriptor of a memslot. Update existing callers of vm_mem_add() to pass 0 for gmem_flags to preserve existing behavior. Signed-off-by: Sean Christopherson [For guest_memfds, mmap() using gmem_offset instead of 0 all the time.] Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/kvm_util.h | 7 ++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 19 +++++++++++----= ---- .../selftests/kvm/x86/private_mem_conversions_test.c | 2 +- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing= /selftests/kvm/include/kvm_util.h index f19383376ee8e..fb54694e6568b 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -700,7 +700,7 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm, gpa_t gpa, u32 slot, u64 npages, u32 flags); void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags, - int gmem_fd, u64 gmem_offset); + int gmem_fd, u64 gmem_offset, u64 gmem_flags); =20 #ifndef vm_arch_has_protected_memory static inline bool vm_arch_has_protected_memory(struct kvm_vm *vm) @@ -732,6 +732,11 @@ void *addr_gva2hva(struct kvm_vm *vm, gva_t gva); gpa_t addr_hva2gpa(struct kvm_vm *vm, void *hva); void *addr_gpa2alias(struct kvm_vm *vm, gpa_t gpa); =20 +static inline int kvm_slot_to_fd(struct kvm_vm *vm, u32 slot) +{ + return memslot2region(vm, slot)->fd; +} + #ifndef vcpu_arch_put_guest #define vcpu_arch_put_guest(mem, val) do { (mem) =3D (val); } while (0) #endif diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 11da9b7546d03..ff301e7c22b2f 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -979,12 +979,13 @@ void vm_set_user_memory_region2(struct kvm_vm *vm, u3= 2 slot, u32 flags, /* FIXME: This thing needs to be ripped apart and rewritten. */ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags, - int gmem_fd, u64 gmem_offset) + int gmem_fd, u64 gmem_offset, u64 gmem_flags) { int ret; struct userspace_mem_region *region; size_t backing_src_pagesz =3D get_backing_src_pagesz(src_type); size_t mem_size =3D npages * vm->page_size; + off_t mmap_offset =3D 0; size_t alignment =3D 1; =20 TEST_REQUIRE_SET_USER_MEMORY_REGION2(); @@ -1056,8 +1057,6 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backin= g_src_type src_type, =20 if (flags & KVM_MEM_GUEST_MEMFD) { if (gmem_fd < 0) { - u32 gmem_flags =3D 0; - TEST_ASSERT(!gmem_offset, "Offset must be zero when creating new guest_memfd"); gmem_fd =3D vm_create_guest_memfd(vm, mem_size, gmem_flags); @@ -1078,13 +1077,17 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_back= ing_src_type src_type, } =20 region->fd =3D -1; - if (backing_src_is_shared(src_type)) + if (flags & KVM_MEM_GUEST_MEMFD && gmem_flags & GUEST_MEMFD_FLAG_MMAP) { + region->fd =3D kvm_dup(gmem_fd); + mmap_offset =3D gmem_offset; + } else if (backing_src_is_shared(src_type)) { region->fd =3D kvm_memfd_alloc(region->mmap_size, src_type =3D=3D VM_MEM_SRC_SHARED_HUGETLB); + } =20 - region->mmap_start =3D kvm_mmap(region->mmap_size, PROT_READ | PROT_WRITE, - vm_mem_backing_src_alias(src_type)->flag, - region->fd); + region->mmap_start =3D __kvm_mmap(region->mmap_size, PROT_READ | PROT_WRI= TE, + vm_mem_backing_src_alias(src_type)->flag, + region->fd, mmap_offset); =20 TEST_ASSERT(!is_backing_src_hugetlb(src_type) || region->mmap_start =3D=3D align_ptr_up(region->mmap_start, backing_s= rc_pagesz), @@ -1144,7 +1147,7 @@ void vm_userspace_mem_region_add(struct kvm_vm *vm, enum vm_mem_backing_src_type src_type, gpa_t gpa, u32 slot, u64 npages, u32 flags) { - vm_mem_add(vm, src_type, gpa, slot, npages, flags, -1, 0); + vm_mem_add(vm, src_type, gpa, slot, npages, flags, -1, 0, 0); } =20 /* diff --git a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c= b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c index 1d2f5d4fd45d7..861baff201e78 100644 --- a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c @@ -399,7 +399,7 @@ static void test_mem_conversions(enum vm_mem_backing_sr= c_type src_type, u32 nr_v for (i =3D 0; i < nr_memslots; i++) vm_mem_add(vm, src_type, BASE_DATA_GPA + slot_size * i, BASE_DATA_SLOT + i, slot_size / vm->page_size, - KVM_MEM_GUEST_MEMFD, memfd, slot_size * i); + KVM_MEM_GUEST_MEMFD, memfd, slot_size * i, 0); =20 for (i =3D 0; i < nr_vcpus; i++) { gpa_t gpa =3D BASE_DATA_GPA + i * per_cpu_size; --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0EEDD3A5E87; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=NzTKe8obY3f+LUgDl846YmbGXCnmDPMGnB4fz6V3/5PLiDALSLe2ebdj0Z0CKvfdW0zeUXc5k7w8Bvq7cLeAWX3rdmv9IiCmSyqIXRuOcfNoN3eHlXi1MEBSmn4h3WTGVhVddgIzvuOqtp9Rvi8ljWbIxRwf8M0Vff1/DL3kDF8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=EiXf6DqQD5zsnxzrND8waxhcXvPTpKL8zj2zCcRqJ6Q=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=mrq2WhrI+9rLY7Xp3Qmsjx35X+tEOh8Shyiac3vWK4YpnEnlTjsu4J/KD0LIcHYktQFoQyaWrEhZDGF8yoqYRnYwj71n07++MLckHKVgUGLv7lLg4ZgwLyJsm528mBV+P8Vv9npZnrsHNlQ7QGzuhl32GCvGcalYuY6ohknhNyA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e1Qu+t0r; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e1Qu+t0r" Received: by smtp.kernel.org (Postfix) with ESMTPS id E11CEC2BCC4; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418719; bh=EiXf6DqQD5zsnxzrND8waxhcXvPTpKL8zj2zCcRqJ6Q=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=e1Qu+t0rxOnyjsoLzMwmuc1U23Z79gWVlswpayaHSxpoy0E2P0zeiLDNV9NQ2aWrP sEVJb1B0ChuFBuwlJ3f5OX7kEFJaTp4YkAzlsqrtsev/Pu35+J5shB5NwfIZJsLqAN nYUCpaqCoaPQJwxGGOJq2YE3tDwtscaCMF9TEQA8s5qMguqMPEU0heWJHuCgBjiShc wXSU826b2i7qp+Em8CXfP9rAqOHaw8F8ZdPA2YpynHaLEyyS3vK0pZ0MuQE/yYYFef FVRZrcRago49cj4KhqEPG/bLbH1jQPKTI3nYy24fUg3Ve6mSwouvtsOYUAhlxGCco4 9EOHQ92/r2V+A== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8725FF8877; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:27 -0700 Subject: [PATCH RFC v5 32/53] KVM: selftests: Add selftests global for guest memory attributes capability Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-32-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2393; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=2uZTwd9pQETPqyenjKlFdMpmnrOuCmY+atU10nYWJ9E=; b=CMaZi1qcTo34olAF8ct+1XgvZcaQuemV2QFt9hlP3ghfeKhnQ//+kuPM3BpNu42zCM4/LlqwF dkfI+RbwmAPBA3KVsmD38J7HNp21dzxElcdQd2x9IXroc7aoac8NxaE X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Add a global variable, kvm_has_gmem_attributes, to make the result of checking for KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES available to all tests. kvm_has_gmem_attributes is true if guest_memfd tracks memory attributes, as opposed to VM-level tracking. This global variable is synced to the guest for testing convenience, to avoid introducing subtle bugs when host/guest state is desynced. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/test_util.h | 2 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/tools/testing/selftests/kvm/include/test_util.h b/tools/testin= g/selftests/kvm/include/test_util.h index d9b433b834f1b..c280c3233f502 100644 --- a/tools/testing/selftests/kvm/include/test_util.h +++ b/tools/testing/selftests/kvm/include/test_util.h @@ -115,6 +115,8 @@ struct guest_random_state { extern u32 guest_random_seed; extern struct guest_random_state guest_rng; =20 +extern bool kvm_has_gmem_attributes; + struct guest_random_state new_guest_random_state(u32 seed); u32 guest_random_u32(struct guest_random_state *state); =20 diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index ff301e7c22b2f..5e34593ad79c4 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -24,6 +24,8 @@ u32 guest_random_seed; struct guest_random_state guest_rng; static u32 last_guest_seed; =20 +bool kvm_has_gmem_attributes; + static size_t vcpu_mmap_sz(void); =20 int __open_path_or_exit(const char *path, int flags, const char *enoent_he= lp) @@ -521,6 +523,7 @@ struct kvm_vm *__vm_create(struct vm_shape shape, u32 n= r_runnable_vcpus, } guest_rng =3D new_guest_random_state(guest_random_seed); sync_global_to_guest(vm, guest_rng); + sync_global_to_guest(vm, kvm_has_gmem_attributes); =20 kvm_arch_vm_post_create(vm, nr_runnable_vcpus); =20 @@ -2287,6 +2290,8 @@ void __attribute((constructor)) kvm_selftest_init(voi= d) guest_random_seed =3D last_guest_seed =3D random(); pr_info("Random seed: 0x%x\n", guest_random_seed); =20 + kvm_has_gmem_attributes =3D kvm_has_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIB= UTES); + kvm_selftest_arch_init(); } =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20A363A63FE; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=damhxgq/8S0DJn+XtFM6pV7paFAs2AOG6/4L9EqgBGopbqirn3so+Zg5frUuKVG9T4qCQJRi7Td9MudPA6UvZlJ5XrmS1pvNo/b4C3e2B3eP+pqnB9VoJuXREfVDXxt85VwxdtdfGFSlvLaTMyJp2xjJpyWbuaiSz6fmeW02Z+U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=oaMCVr675WJC546KIj/mKMjwWvZZUtAMLOTjcjvW/Zg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=fv/Eibs89Zh/ghAGd6soe/sy4ruxsoq2Xl/vxNy16BcUIk0MMHG6sT33R7ZRL658OWhVRbnHg2N8Q1CitDeTo8vuQRP8IoC77bba8x+PTkaJFG2lvTAfSSIhYeWuxX/Bai+MHwQY+3CTE3Y/I7eJOsJTv/7XX105RAt5xAb0w9Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=MhCaGfkS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="MhCaGfkS" Received: by smtp.kernel.org (Postfix) with ESMTPS id 03283C4AF10; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=oaMCVr675WJC546KIj/mKMjwWvZZUtAMLOTjcjvW/Zg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=MhCaGfkSo2e0Gx1wfvAoSnhHc+4VT5ecU+eVZ/vtVAio4FyMM1MQiJebO9BrKagrC DXFx/CFhL29aDunYDYpfewVQ3Kcm5C9Vh7vOJz0jPyoVWSJZNei979sHo2FU3779B3 hszG4qs2ZssVUAIRRtom2lCQ7Z2wlpWgWCu1NSbAUI0jxS+AA/iWUbTsIudcE45TNZ D60St3rZWyjumZDKxD5ICUOu2qr4AFy7V2LZnz+K4/8xHEt85g2jq/ncUHu5qyd4Bw TXikXygO7GVg6BtIGG0h7yZTfG+2wup58/Qn9FtZU9jP11vqtSHkI4ioSSsTep+J3z x/DFudyL0eO7Q== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB594CCFA13; Tue, 28 Apr 2026 23:25:19 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:28 -0700 Subject: [PATCH RFC v5 33/53] KVM: selftests: Add helpers for calling ioctls on guest_memfd Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-33-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5522; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=Zmzepwj0e0uEpvYD+9DInZXExTZ0/J8Xq30KnpI8mbA=; b=WLwccZvFc1hCrzmS+LvCeTiboGB43iB+VTrZ0c3nbl0lNS6dz2+yJAg8q+WpCndvJ8J5zsEhY wuhBVOSWSDFAaKh15J/o5yGY/95Y172ex+GGyvsxHevl9jj/bJCUyV6 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Add helper functions to kvm_util.h to support calling ioctls, specifically KVM_SET_MEMORY_ATTRIBUTES2, on a guest_memfd file descriptor. Introduce gmem_ioctl() and __gmem_ioctl() macros, modeled after the existing vm_ioctl() helpers, to provide a standard way to call ioctls on a guest_memfd. Add gmem_set_memory_attributes() and its derivatives (gmem_set_private(), gmem_set_shared()) to set memory attributes on a guest_memfd region. Also provide "__" variants that return the ioctl error code instead of aborting the test. These helpers will be used by upcoming guest_memfd tests. To avoid code duplication, factor out the check for supported memory attributes into a new macro, TEST_ASSERT_SUPPORTED_ATTRIBUTES, and use it in both the existing vm_set_memory_attributes() and the new gmem_set_memory_attributes() helpers. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/kvm_util.h | 98 ++++++++++++++++++++++= +--- 1 file changed, 90 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing= /selftests/kvm/include/kvm_util.h index fb54694e6568b..62d917a2d2b19 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -392,6 +392,16 @@ static __always_inline void static_assert_is_vcpu(stru= ct kvm_vcpu *vcpu) { } __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, (vcpu)->vm); \ }) =20 +#define __gmem_ioctl(gmem_fd, cmd, arg) \ + kvm_do_ioctl(gmem_fd, cmd, arg) + +#define gmem_ioctl(gmem_fd, cmd, arg) \ +({ \ + int ret =3D __gmem_ioctl(gmem_fd, cmd, arg); \ + \ + TEST_ASSERT(!ret, __KVM_IOCTL_ERROR(#cmd, ret)); \ +}) + /* * Looks up and returns the value corresponding to the capability * (KVM_CAP_*) given by cap. @@ -418,8 +428,16 @@ static inline void vm_enable_cap(struct kvm_vm *vm, u3= 2 cap, u64 arg0) vm_ioctl(vm, KVM_ENABLE_CAP, &enable_cap); } =20 +/* + * KVM_SET_MEMORY_ATTRIBUTES{,2} overwrites _all_ attributes. These + * flows need significant enhancements to support multiple attributes. + */ +#define TEST_ASSERT_SUPPORTED_ATTRIBUTES(attributes) \ + TEST_ASSERT(!(attributes) || (attributes) =3D=3D KVM_MEMORY_ATTRIBUTE_PRI= VATE, \ + "Update me to support multiple attributes!") + static inline void vm_set_memory_attributes(struct kvm_vm *vm, gpa_t gpa, - u64 size, u64 attributes) + size_t size, u64 attributes) { struct kvm_memory_attributes attr =3D { .attributes =3D attributes, @@ -428,17 +446,11 @@ static inline void vm_set_memory_attributes(struct kv= m_vm *vm, gpa_t gpa, .flags =3D 0, }; =20 - /* - * KVM_SET_MEMORY_ATTRIBUTES overwrites _all_ attributes. These flows - * need significant enhancements to support multiple attributes. - */ - TEST_ASSERT(!attributes || attributes =3D=3D KVM_MEMORY_ATTRIBUTE_PRIVATE, - "Update me to support multiple attributes!"); + TEST_ASSERT_SUPPORTED_ATTRIBUTES(attributes); =20 vm_ioctl(vm, KVM_SET_MEMORY_ATTRIBUTES, &attr); } =20 - static inline void vm_mem_set_private(struct kvm_vm *vm, gpa_t gpa, u64 size) { @@ -451,6 +463,76 @@ static inline void vm_mem_set_shared(struct kvm_vm *vm= , gpa_t gpa, vm_set_memory_attributes(vm, gpa, size, 0); } =20 +static inline int __gmem_set_memory_attributes(int fd, loff_t offset, + size_t size, u64 attributes, + loff_t *error_offset, + u64 flags) +{ + struct kvm_memory_attributes2 attr =3D { + .attributes =3D attributes, + .offset =3D offset, + .size =3D size, + .flags =3D flags, + .error_offset =3D error_offset ? *error_offset : 0, + }; + int r; + + TEST_ASSERT_SUPPORTED_ATTRIBUTES(attributes); + + r =3D __gmem_ioctl(fd, KVM_SET_MEMORY_ATTRIBUTES2, &attr); + + /* Copy error_offset regardless of r so caller can check. */ + if (error_offset) + *error_offset =3D attr.error_offset; + + return r; +} + +static inline int __gmem_set_private(int fd, loff_t offset, size_t size, + loff_t *error_offset, u64 flags) +{ + return __gmem_set_memory_attributes(fd, offset, size, + KVM_MEMORY_ATTRIBUTE_PRIVATE, + error_offset, flags); +} + +static inline int __gmem_set_shared(int fd, loff_t offset, size_t size, + loff_t *error_offset, u64 flags) +{ + return __gmem_set_memory_attributes(fd, offset, size, 0, + error_offset, flags); +} + +static inline void gmem_set_memory_attributes(int fd, loff_t offset, + size_t size, u64 attributes, + u64 flags) +{ + struct kvm_memory_attributes2 attr =3D { + .attributes =3D attributes, + .offset =3D offset, + .size =3D size, + .flags =3D flags, + }; + + TEST_ASSERT_SUPPORTED_ATTRIBUTES(attributes); + + __TEST_REQUIRE(kvm_check_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES) > 0, + "No valid attributes for guest_memfd ioctl!"); + + gmem_ioctl(fd, KVM_SET_MEMORY_ATTRIBUTES2, &attr); +} + +static inline void gmem_set_private(int fd, loff_t offset, size_t size, u6= 4 flags) +{ + gmem_set_memory_attributes(fd, offset, size, + KVM_MEMORY_ATTRIBUTE_PRIVATE, flags); +} + +static inline void gmem_set_shared(int fd, loff_t offset, size_t size, u64= flags) +{ + gmem_set_memory_attributes(fd, offset, size, 0, flags); +} + void vm_guest_mem_fallocate(struct kvm_vm *vm, gpa_t gpa, u64 size, bool punch_hole); =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3273F3A6B70; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=hWcrsN50/ztaRvuI8nSPRNXScznPC/MxoF1iXstP/8Yf+I+5HniovswiWfvYD8NZ27LNlBCyNo3cs5luYwEL9x/Ilie5AE0UMKMRETkHK1ws9+uEQx+1Y72RWFkowrvFkvciIVlNM0lKItrYJNu08cDEb2MWC4gfeRwwYB/vtaw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=Tm5pIkikiRa/5P+KWPVOKnVmiYYndntdQl2CGbHQvw8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=m+PlcyMJS5NQfszoVUozgF87mcUqczrpq9LsTtMJa+ryJ2gIGbrHqGANs36QgD0nL7CHaEy0yA2YwuPHiIZhQ+PvyR6Tvx59KsFXq8ENbuldURfY8uIfs/Zj9z4HmtIPbM5MT0XjGW3yOj81HSRa9JvyK84iYWIBjV/xZFnPF2s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=cQmFS7o1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="cQmFS7o1" Received: by smtp.kernel.org (Postfix) with ESMTPS id 17F17C2BCB9; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=Tm5pIkikiRa/5P+KWPVOKnVmiYYndntdQl2CGbHQvw8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=cQmFS7o1tK5SNzwkkUCU1CDcMedFtr11E2pZwz06SwUXJkdA/KYSs8HBHOQVe89rh p7HaxKoETV5T4GmlAktPqVwL1l20TqkwBx5I935Xv0RSBF6yyjmhboPqfhT9AhhHJC Ub4fkWasj7NxuK3eHVQvBqKWeBNYadk/IF65m1D302ba070z08j9monK4sdkf0591O 7cwoKtAfXTd/5HDznSkZuH74cQ/Vv9HX/HCrFlm2EZ63Uenh7qJB9GJIDDZnweG+VL tRjeETEcQzWnt3o7NELsy01dSCsZiXJ58IBZZ0hU7iofYDfuqQJr7povCpox5Y80YX f0Y2gNqQFnt5Q== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BB3DFF887E; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:29 -0700 Subject: [PATCH RFC v5 34/53] KVM: selftests: Test basic single-page conversion flow Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-34-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=7876; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=sx2H7+V7wdx36U9JogbDYJd9w9BeCuAcXUkYAXZWrZg=; b=NN0aJqOPvmcG8+2w49Co39yBLPnRowPq0fnH0eT60bfq8zm02oM4+DMne0fJ7vOu1CB1/rcah +/KD0+9U1J4Cgy6GA4HnC3gzh5xgZyHNQjBP64tJBHr0IHGYh3gqAez X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a selftest for the guest_memfd memory attribute conversion ioctls. The test starts the guest_memfd as all-private (the default state), and verifies the basic flow of converting a single page to shared and then back to private. Add infrastructure that supports extensions to other conversion flow tests. This infrastructure will be used in upcoming patches for other conversion tests. Add test as an x86-specific test since guest_memfd's testing vehicle (KVM_X86_SW_PROTECTED_VM) is x86-specific. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../kvm/x86/guest_memfd_conversions_test.c | 205 +++++++++++++++++= ++++ 2 files changed, 206 insertions(+) diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 9118a5a51b89f..6232881be500a 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -148,6 +148,7 @@ TEST_GEN_PROGS_x86 +=3D x86/max_vcpuid_cap_test TEST_GEN_PROGS_x86 +=3D x86/triple_fault_event_test TEST_GEN_PROGS_x86 +=3D x86/recalc_apic_map_test TEST_GEN_PROGS_x86 +=3D x86/aperfmperf_test +TEST_GEN_PROGS_x86 +=3D x86/guest_memfd_conversions_test TEST_GEN_PROGS_x86 +=3D access_tracking_perf_test TEST_GEN_PROGS_x86 +=3D coalesced_io_test TEST_GEN_PROGS_x86 +=3D dirty_log_perf_test diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c new file mode 100644 index 0000000000000..1299935689e5b --- /dev/null +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -0,0 +1,205 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2024, Google LLC. + */ +#include +#include + +#include +#include +#include + +#include "kvm_util.h" +#include "kselftest_harness.h" +#include "test_util.h" +#include "ucall_common.h" + +FIXTURE(gmem_conversions) { + struct kvm_vcpu *vcpu; + int gmem_fd; + /* HVA of the first byte of the memory mmap()-ed from gmem_fd. */ + char *mem; +}; + +typedef FIXTURE_DATA(gmem_conversions) test_data_t; + +FIXTURE_SETUP(gmem_conversions) { } + +static size_t page_size; + +static void guest_do_rmw(void); +#define GUEST_MEMFD_SHARING_TEST_GVA 0x90000000ULL + +/* + * Defer setup until the individual test is invoked so that tests can spec= ify + * the number of pages and flags for the guest_memfd instance. + */ +static void gmem_conversions_do_setup(test_data_t *t, int nr_pages, + int gmem_flags) +{ + const struct vm_shape shape =3D { + .mode =3D VM_MODE_DEFAULT, + .type =3D KVM_X86_SW_PROTECTED_VM, + }; + /* + * Use high GPA above APIC_DEFAULT_PHYS_BASE to avoid clashing with + * APIC_DEFAULT_PHYS_BASE. + */ + const gpa_t gpa =3D SZ_4G; + const u32 slot =3D 1; + u64 supported_flags; + struct kvm_vm *vm; + + vm =3D __vm_create_shape_with_one_vcpu(shape, &t->vcpu, nr_pages, guest_d= o_rmw); + + supported_flags =3D vm_check_cap(vm, KVM_CAP_MEMORY_ATTRIBUTES2_FLAGS); + TEST_REQUIRE(supported_flags & KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + + vm_mem_add(vm, VM_MEM_SRC_SHMEM, gpa, slot, nr_pages, + KVM_MEM_GUEST_MEMFD, -1, 0, gmem_flags); + + t->gmem_fd =3D kvm_slot_to_fd(vm, slot); + t->mem =3D addr_gpa2hva(vm, gpa); + virt_map(vm, GUEST_MEMFD_SHARING_TEST_GVA, gpa, nr_pages); +} + +static void gmem_conversions_do_teardown(test_data_t *t) +{ + /* No need to close gmem_fd, it's owned by the VM structure. */ + kvm_vm_free(t->vcpu->vm); +} + +FIXTURE_TEARDOWN(gmem_conversions) +{ + gmem_conversions_do_teardown(self); +} + +/* + * In these test definition macros, __nr_pages and nr_pages is used to set= up + * the total number of pages in the guest_memfd under test. This will be + * available in the test definitions as nr_pages. + */ + +#define __GMEM_CONVERSION_TEST(test, __nr_pages, flags) \ +static void __gmem_conversions_##test(test_data_t *t, int nr_pages); \ + \ +TEST_F(gmem_conversions, test) \ +{ \ + gmem_conversions_do_setup(self, __nr_pages, flags); \ + __gmem_conversions_##test(self, __nr_pages); \ +} \ +static void __gmem_conversions_##test(test_data_t *t, int nr_pages) \ + +#define GMEM_CONVERSION_TEST(test, __nr_pages, flags) \ + __GMEM_CONVERSION_TEST(test, __nr_pages, (flags) | GUEST_MEMFD_FLAG_MMAP) + +#define __GMEM_CONVERSION_TEST_INIT_PRIVATE(test, __nr_pages) \ + GMEM_CONVERSION_TEST(test, __nr_pages, 0) + +#define GMEM_CONVERSION_TEST_INIT_PRIVATE(test) \ + __GMEM_CONVERSION_TEST_INIT_PRIVATE(test, 1) + +struct guest_check_data { + void *mem; + char expected_val; + char write_val; +}; +static struct guest_check_data guest_data; + +static void guest_do_rmw(void) +{ + for (;;) { + char *mem =3D READ_ONCE(guest_data.mem); + + GUEST_ASSERT_EQ(READ_ONCE(*mem), READ_ONCE(guest_data.expected_val)); + WRITE_ONCE(*mem, READ_ONCE(guest_data.write_val)); + + GUEST_SYNC(0); + } +} + +static void run_guest_do_rmw(struct kvm_vcpu *vcpu, loff_t pgoff, + char expected_val, char write_val) +{ + struct ucall uc; + int r; + + guest_data.mem =3D (void *)GUEST_MEMFD_SHARING_TEST_GVA + pgoff * page_si= ze; + guest_data.expected_val =3D expected_val; + guest_data.write_val =3D write_val; + sync_global_to_guest(vcpu->vm, guest_data); + + do { + r =3D __vcpu_run(vcpu); + } while (r =3D=3D -1 && errno =3D=3D EINTR); + + TEST_ASSERT_EQ(r, 0); + + switch (get_ucall(vcpu, &uc)) { + case UCALL_ABORT: + REPORT_GUEST_ASSERT(uc); + case UCALL_SYNC: + break; + default: + TEST_FAIL("Unexpected ucall %lu", uc.cmd); + } +} + +static void host_do_rmw(char *mem, loff_t pgoff, char expected_val, + char write_val) +{ + TEST_ASSERT_EQ(READ_ONCE(mem[pgoff * page_size]), expected_val); + WRITE_ONCE(mem[pgoff * page_size], write_val); +} + +static void test_private(test_data_t *t, loff_t pgoff, char starting_val, + char write_val) +{ + TEST_EXPECT_SIGBUS(WRITE_ONCE(t->mem[pgoff * page_size], write_val)); + run_guest_do_rmw(t->vcpu, pgoff, starting_val, write_val); + TEST_EXPECT_SIGBUS(READ_ONCE(t->mem[pgoff * page_size])); +} + +static void test_convert_to_private(test_data_t *t, loff_t pgoff, + char starting_val, char write_val) +{ + gmem_set_private(t->gmem_fd, pgoff * page_size, page_size, + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + test_private(t, pgoff, starting_val, write_val); +} + +static void test_shared(test_data_t *t, loff_t pgoff, char starting_val, + char host_write_val, char write_val) +{ + host_do_rmw(t->mem, pgoff, starting_val, host_write_val); + run_guest_do_rmw(t->vcpu, pgoff, host_write_val, write_val); + TEST_ASSERT_EQ(READ_ONCE(t->mem[pgoff * page_size]), write_val); +} + +static void test_convert_to_shared(test_data_t *t, loff_t pgoff, + char starting_val, char host_write_val, + char write_val) +{ + gmem_set_shared(t->gmem_fd, pgoff * page_size, page_size, + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + test_shared(t, pgoff, starting_val, host_write_val, write_val); +} + +GMEM_CONVERSION_TEST_INIT_PRIVATE(init_private) +{ + test_private(t, 0, 0, 'A'); + test_convert_to_shared(t, 0, 'A', 'B', 'C'); + test_convert_to_private(t, 0, 'C', 'E'); +} + + +int main(int argc, char *argv[]) +{ + TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); + TEST_REQUIRE(kvm_check_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES) & + KVM_MEMORY_ATTRIBUTE_PRIVATE); + + page_size =3D getpagesize(); + + return test_harness_run(argc, argv); +} --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DA433B2FDF; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=GnMzpEYg4a0CEanoCZzJGKgrR9wFHfhY83aqHywJgG/C3naG2xTpDWIpPaya67N76i3VJPI1ztNdzgMkFa7+HdB0Co0/yn7kv6pzmkXwhmWFXk7MNH3ke7UE97LmsSeAtXHmGPo9EETBWl2+nsYih0u46+frE9XlFWuN4JCPQsg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=Nf2uujmY9VcGyGCk6p4BfNja9Ll9DL7iKX2wZF1qGok=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=deCY1f/n6va331WYAjC8u2OX6nedPLgt5Jfn0LhltNHUJd+XgRzoiAVyDE27rlC7hfhvw2u+pEPiOmyOuxtgKyoKy8tvkVBbIuIlFIrKM005sQAv3ecTYrtLQzr+vIku2Dll8Y96HGwXIf9aBEJI8d5uGCOxeTwCgko5p+fOkwQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=WrF+40OJ; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="WrF+40OJ" Received: by smtp.kernel.org (Postfix) with ESMTPS id 2FA8BC4AF18; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=Nf2uujmY9VcGyGCk6p4BfNja9Ll9DL7iKX2wZF1qGok=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=WrF+40OJeQqWWnSmUHqpMz3NFp9zHeX5q9ij7o6oAPIS4XEJZOG8keQzgMpuXb5zj Wqkg/urSXGlB/2vGQJqwSMbBsCMmLrGYAs2zSkEXEcsdP4wLy+cbLgTCSCpV8MwpkV icSfPBUIFSYL+6v8mCnnVbWQvXwmsR1ND6XgJuhwVd/C6wnQ/3N89jgObvctEekx5l NwnnnitD+95TGli4j2lvygH7r9OAKloP76A+uWf53wEbt8cmGkZfiQDTbeFoWpZsg2 cH6yGyhj8zkLefU3HwA4/Fe24NXDjkLWkhdSHRILrMZBoszWR8ST3AaUMhelWF3Hxd xzBeQ8NielxTA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22A65FF8875; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:30 -0700 Subject: [PATCH RFC v5 35/53] KVM: selftests: Test conversion flow when INIT_SHARED Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-35-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1651; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=d3diFsGfXmDo2adM4qAr4NDT6FCtct/he0WqILialfA=; b=F2ouDv5e83vQrUQe+V+yDI0Ntg/VBAboJtH84k8Y287idIlHcPCLvX47Bctui/LXKS9D7iBMn 7LsbwypaN9wBM0XghTDCutRLzAiGYO5GECLGthQFpEKChNvrFoy+hi4 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a test case to verify that conversions between private and shared memory work correctly when the memory is initially created as shared. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../testing/selftests/kvm/x86/guest_memfd_conversions_test.c | 12 ++++++++= ++++ 1 file changed, 12 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 1299935689e5b..40ac1b3769af1 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -99,6 +99,12 @@ static void __gmem_conversions_##test(test_data_t *t, in= t nr_pages) \ #define GMEM_CONVERSION_TEST_INIT_PRIVATE(test) \ __GMEM_CONVERSION_TEST_INIT_PRIVATE(test, 1) =20 +#define __GMEM_CONVERSION_TEST_INIT_SHARED(test, __nr_pages) \ + GMEM_CONVERSION_TEST(test, __nr_pages, GUEST_MEMFD_FLAG_INIT_SHARED) + +#define GMEM_CONVERSION_TEST_INIT_SHARED(test) \ + __GMEM_CONVERSION_TEST_INIT_SHARED(test, 1) + struct guest_check_data { void *mem; char expected_val; @@ -192,6 +198,12 @@ GMEM_CONVERSION_TEST_INIT_PRIVATE(init_private) test_convert_to_private(t, 0, 'C', 'E'); } =20 +GMEM_CONVERSION_TEST_INIT_SHARED(init_shared) +{ + test_shared(t, 0, 0, 'A', 'B'); + test_convert_to_private(t, 0, 'B', 'C'); + test_convert_to_shared(t, 0, 'C', 'D', 'E'); +} =20 int main(int argc, char *argv[]) { --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 622343B894A; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=OBeL8aE/UaYTLKSCYa7nyZSJmvHStozcqf/uZfI3QGmEPSXuHKWCOvT/slrTGkHBU1n9TI0yqasL94Xckm91oRQRq+GI8XGr7beh8V3nEjBFip1uVavhfrJnoQBX8NL88DOrZ2XhK4+hhuR09mCz6MoFT1qhVAmRJaXgOYldDLA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=sBN0h+hAvY4kNZLEDPJgJDjLNnhtjXYYJqN0Dnxr2Po=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=SWyXUnYVr8b74dpTQAvcUP8eAm0wGkMRnkhipODXpbw975dwRFa6OudyahellxsM38y2GMImYCx5ASQ88Bku/QgZvZycumlOY0wem4vAGJSu9MeE6KCKkzaNmiNt0D+7koftMBjbaV+RPy0RpfdexDWEH7mKceyJnrLqynOiRo8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=BNsITGgp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="BNsITGgp" Received: by smtp.kernel.org (Postfix) with ESMTPS id 45123C2BCB8; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=sBN0h+hAvY4kNZLEDPJgJDjLNnhtjXYYJqN0Dnxr2Po=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=BNsITGgpdEa/FLWM7c1vj4FHAz3KBfI7YZfj38qSTyRWKqYISJe269cfKs8+v1ayt n7uOHUB39QmkC8YPp1P+q2Cr9PRG71C4oGiQdMwVSdvShr9egNxp44HVjjd75fCtI/ JPFVIG3YsD+U+jaHvRakxZTjamyRYXVdzyvrj2ot0L2BNpyahQzEiaZX6kqwxqLYRd +4ogPkIl0fURXuWFteMM9m5sqU8wI9H5ni0L6sZcE/4m2UL6oj49S7CsyeG+ygGMeT 6QogDt1wZvgz8cGoP2QwxedfIGHxKUWfCYCLWAkLYxZx/cYUT+XFL5l1xgzPil2/xC dw+DnkEp7yAQQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35C72FF8877; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:31 -0700 Subject: [PATCH RFC v5 36/53] KVM: selftests: Test conversion precision in guest_memfd Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-36-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=4475; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=YNDxiD1D/UeS0bOub6DUeHdSR87Xs3I++ttjrV0QqyU=; b=NLYnFgBo2Gpr5x06ieUdK+BOSHCCOAcVrCvIuE55RGZ4yINojPIaxgBdsaBoKXBUI2/o/be7D NkKZmV5UnN5BWuR0cPm/qbBDbjA8VVWYDhM0cxkjfA1Wu3umAvB4gWo X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng The existing guest_memfd conversion tests only use single-page memory regions. This provides no coverage for multi-page guest_memfd objects, specifically whether KVM correctly handles the page index for conversion operations. An incorrect implementation could, for example, always operate on the first page regardless of the index provided. Add a new test case to verify that conversions between private and shared memory correctly target the specified page within a multi-page guest_memfd. This test also verifies the precision of memory conversions by converting a single page an then iterating through all other pages ensure they remain in their original state. To support this test, add a new GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED macro that handles setting up and tearing down the VM for each page iteration. The teardown logic is adjusted to prevent a double-free in this new scenario. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../kvm/x86/guest_memfd_conversions_test.c | 70 ++++++++++++++++++= ++++ 1 file changed, 70 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 40ac1b3769af1..25f463bc9da52 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -65,8 +65,13 @@ static void gmem_conversions_do_setup(test_data_t *t, in= t nr_pages, =20 static void gmem_conversions_do_teardown(test_data_t *t) { + /* Use NULL to avoid second free in FIXTURE_TEARDOWN (multipage tests). */ + if (!t->vcpu) + return; + /* No need to close gmem_fd, it's owned by the VM structure. */ kvm_vm_free(t->vcpu->vm); + t->vcpu =3D NULL; } =20 FIXTURE_TEARDOWN(gmem_conversions) @@ -105,6 +110,29 @@ static void __gmem_conversions_##test(test_data_t *t, = int nr_pages) \ #define GMEM_CONVERSION_TEST_INIT_SHARED(test) \ __GMEM_CONVERSION_TEST_INIT_SHARED(test, 1) =20 +/* + * Repeats test over nr_pages in a guest_memfd of size nr_pages, providing= each + * test iteration with test_page, the index of the page under test in + * guest_memfd. test_page takes values 0..(nr_pages - 1) inclusive. + */ +#define GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(test, __nr_pages) \ +static void __gmem_conversions_multipage_##test(test_data_t *t, int nr_pag= es, \ + const int test_page); \ + \ +TEST_F(gmem_conversions, test) \ +{ \ + const u64 flags =3D GUEST_MEMFD_FLAG_MMAP | GUEST_MEMFD_FLAG_INIT_SHARED;= \ + int i; \ + \ + for (i =3D 0; i < __nr_pages; ++i) { \ + gmem_conversions_do_setup(self, __nr_pages, flags); \ + __gmem_conversions_multipage_##test(self, __nr_pages, i); \ + gmem_conversions_do_teardown(self); \ + } \ +} \ +static void __gmem_conversions_multipage_##test(test_data_t *t, int nr_pag= es, \ + const int test_page) + struct guest_check_data { void *mem; char expected_val; @@ -205,6 +233,48 @@ GMEM_CONVERSION_TEST_INIT_SHARED(init_shared) test_convert_to_shared(t, 0, 'C', 'D', 'E'); } =20 +/* + * Test indexing of pages within guest_memfd, using test data that is a mu= ltiple + * of page index. + */ +GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(indexing, 4) +{ + int i; + + /* Get a char that varies with both i and v. */ +#define f(x, v) ((x << 4) + (v)) +#define r(v) (f(i, v)) +#define c(v) (f(test_page, v)) + + /* + * Start with the highest index, to catch any errors when, perhaps, the + * first page is returned even for the last index. + */ + for (i =3D nr_pages - 1; i >=3D 0; --i) + test_shared(t, i, 0, r(0), r(2)); + + test_convert_to_private(t, test_page, c(2), c(3)); + + for (i =3D 0; i < nr_pages; ++i) { + if (i =3D=3D test_page) + test_private(t, i, r(3), r(4)); + else + test_shared(t, i, r(2), r(3), r(4)); + } + + test_convert_to_shared(t, test_page, c(4), c(5), c(6)); + + for (i =3D 0; i < nr_pages; ++i) { + char expected =3D i =3D=3D test_page ? r(6) : r(4); + + test_shared(t, i, expected, r(7), r(8)); + } + +#undef c +#undef r +#undef f +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71AF23B9DB7; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=g+LU8O9KiS0RH1xCSd6wGNE5xCnaeAFlZgIESKRVPuEj2vfacjGY4V/43zdOpF4mSKw4hiT2cAKw6cs7r756RJAuECIo360Yk2Bpn9uu5ipqZc8Jl0Nm144qCqcnuT5Wx+oIhh1Nd9/pYZxw/mCBKS8X5hBFkvx7IZzPqEs20k8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=0SjVPRO4Z/23E55mrkb6GG4DyIoejAGIeB+G9ojCMgc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=GuewOJ6tlAAMds41UP1su4AEmJN2xsrEr02ijVXqqJXy31k6/Q3e7fRGJmvBoAWibZX8ZKBynkZMRFNFIbNqEoaHY0iIk3FGL+abKDqktm4mO4DYNf38GswwU2kLK4gAsMf5LlpXDxgviJt9wbdFEJbWXtg2sszfbJxUFTWdO48= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=KMDuQVTR; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="KMDuQVTR" Received: by smtp.kernel.org (Postfix) with ESMTPS id 55815C2BCB3; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=0SjVPRO4Z/23E55mrkb6GG4DyIoejAGIeB+G9ojCMgc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=KMDuQVTRFq/SjweNl+dvCcuHqLllfpg1Cr+EnV8PVzJwQ6pehIj6k8BkRJFB5u8o9 7KSwraOttoyGZEElJJSyxx9pqYKnvWLbQw01FGpP5KFyGEO0oCWj1ACGhKVQSDd4cE zGx0Ep/hyVNIV5Uxg9tBcmb64ULO69hlO9Sn9QywAf55LJ+wyx1l7HhvLh6k7zyt8p 8rgUJ5otQHKdYpgUwMhQohH9x77tO+PB5cfd8Eo9/OYDMEDzepuSQiXiMDapB2rfFJ gWVUIOWvNuPrdgmHA3jbJJXmCmvIYRSQYI5MYNJRJHuXX5MoIPaT7O9zaKpSX7WaWw /ZyJ++DcE+qDA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49CC5CCF9E3; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:32 -0700 Subject: [PATCH RFC v5 37/53] KVM: selftests: Test conversion before allocation Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-37-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1717; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=R2wZQC9Rl/28rBzV/KkPj9FBUgmPcyYP86nHAFudBWE=; b=/i2LTbFszjp0Vo39iGn4dfkVeMzGR59QOCC/Arn1GW2lpZqVsU0x6gH9VKriOoBrPoXdYRE2e cgcVK1Qnf3cAUEzP1oidALyBhLnBWMewTJ966oSkktFmtf2mzBC7ON4 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add two test cases to the guest_memfd conversions selftest to cover the scenario where a conversion is requested before any memory has been allocated in the guest_memfd region. The KVM_SET_MEMORY_ATTRIBUTES2 ioctl can be called on a memory region at any time. If the guest had not yet faulted in any pages for that region, the kernel must record the conversion request and apply the requested state when the pages are eventually allocated. The new tests cover both conversion directions. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../selftests/kvm/x86/guest_memfd_conversions_test.c | 14 ++++++++++= ++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 25f463bc9da52..92b18373a17f1 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -275,6 +275,20 @@ GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(indexing, 4) #undef f } =20 +/* + * Test that even if there are no folios yet, conversion requests are reco= rded + * in guest_memfd. + */ +GMEM_CONVERSION_TEST_INIT_SHARED(before_allocation_shared) +{ + test_convert_to_private(t, 0, 0, 'A'); +} + +GMEM_CONVERSION_TEST_INIT_PRIVATE(before_allocation_private) +{ + test_convert_to_shared(t, 0, 0, 'A', 'B'); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8724F3C060B; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=MYHKwgMFrBgIN+y+T0lLeo12EgEvKQCM+SA0Rk9COzVl+lfRkZe+SfrXD4qCRRvQrgrGD/l4z9LdCqGeAmWjZviK3dgEMOgsEQOsfN5bSPZqMjnZWZTbfw72Kq33/j7iF8cCK9dz38NPWoUL7LNfbjf9sfJ9y2msRFvZ8GeJecE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=9d08KMUaeq0JwnPQVzadWhlNCrfVvqp26fVJSl//L24=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NTCwNNjh+BHQUsLEKEhTfxEQ0cL47UgrQXvGpcu4IEso+mTAs4jwvfAiWydi4DMf3YZRUWmwc8f2yveTxPLip97FXDTx1RS2CfQPDZ2mxM5yeoyXTk+sxR4KRiGWRQrJG9rcTMZr2b0iEanynZgCaL0/d6uedGz1uSOBj1iomtw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Nk0SOiwP; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Nk0SOiwP" Received: by smtp.kernel.org (Postfix) with ESMTPS id 681A4C2BCB7; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=9d08KMUaeq0JwnPQVzadWhlNCrfVvqp26fVJSl//L24=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=Nk0SOiwP8dVt93Vx7geCUuDFtG/Ot6FF9mRvq15Ufcm+AqdkyfXe8VaXQmYrILxZe npvr2Vml3+8rLlo0+v+FT6JTeti31hB53c/EeixK13kXfFXDJPgUhtbjbcNrqvItWs xr8eCkmTs+qjUt71lxfULBhR0qotU0zklUgaXORvG8GpAp8vh3O7qGM0WLpyMozmDR cdmS5DFr+Fts/vvPTVWgplRy1hJcAn2DWsu4uHq40I/jPCMiiwZ4d9RnbyZ37xV6Ja Nu9xsUAI/pA9v4oxlPLgaupIxvq//TLB4oc7LJRwtE2JUX1uU0RUGleq489OjsfIX6 +npw8SHJRrP1Q== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5D8B9FF887E; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:33 -0700 Subject: [PATCH RFC v5 38/53] KVM: selftests: Convert with allocated folios in different layouts Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-38-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2272; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=pf9NAC8k9OqEq5nwWVMZcJrfB1uS9zn83YJxtzZTu78=; b=CUCvrnQOlfUsZcPml9jjAvIchu4UtLbbdCH6GMthqWb/FfPeIaOgkJQhZfmyUQk33deZAT0/w ka64QhgQOAtB8HaovxxkYYVEWHifg8tBH6pTrCJoZ7rhmY1o7fesM4Y X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a guest_memfd selftest to verify that memory conversions work correctly with allocated folios in different layouts. By iterating through which pages are initially faulted, the test covers various layouts of contiguous allocated and unallocated regions, exercising conversion with different range layouts. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../kvm/x86/guest_memfd_conversions_test.c | 31 ++++++++++++++++++= ++++ 1 file changed, 31 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 92b18373a17f1..2312592c4076b 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -289,6 +289,37 @@ GMEM_CONVERSION_TEST_INIT_PRIVATE(before_allocation_pr= ivate) test_convert_to_shared(t, 0, 0, 'A', 'B'); } =20 +/* + * Test that when some of the folios in the conversion range are allocated, + * conversion requests are handled correctly in guest_memfd. Vary the ran= ges + * allocated before conversion, using test_page, to cover various layouts = of + * contiguous allocated and unallocated regions. + */ +GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(unallocated_folios, 8) +{ + const int second_page_to_fault =3D 4; + int i; + + /* + * Fault 2 of the pages to test filemap range operations except when + * test_page =3D=3D second_page_to_fault. + */ + host_do_rmw(t->mem, test_page, 0, 'A'); + if (test_page !=3D second_page_to_fault) + host_do_rmw(t->mem, second_page_to_fault, 0, 'A'); + + gmem_set_private(t->gmem_fd, 0, nr_pages * page_size, + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + for (i =3D 0; i < nr_pages; ++i) { + char expected =3D (i =3D=3D test_page || i =3D=3D second_page_to_fault) = ? 'A' : 0; + + test_private(t, i, expected, 'B'); + } + + for (i =3D 0; i < nr_pages; ++i) + test_convert_to_shared(t, i, 'B', 'C', 'D'); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3E503CA4A0; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=hKlIP6z8l/bRgJt4uSJDY9PnMutbiE0beAayj6TNru1Jpc4zzBtxQ29HGi1jjf2fMtuqbCJA+/0LbQEDSMhQaImY21wzP0Jk+LNax8B+a/cxnzMmYBsdB9YSOWEYsxPUBw2OSUfVEM8Glq31Y4LT9mVWamyH7Z3MtbAR5Vka+pk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=wdLoj8HH8Ns1xI8zoSpP1xSUU4YJ7JLqU9N7Wg1Hrz0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=NqljaZHyg7fQ6h5MuMx9A6nEKBZjbzHkUkumxU1OPWQDQN5evcrYo2JfGIXAy8axdPSnnnQh1RFSr/I9WIowzAmQ/YYF5E1YDIHC47AanXcru95EeL3H1HLRaFMEyG+hWowGO4izTKdYVEbuK5uzu2YOrCnIeU9/Tt3ZyG0J8J8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VVOYp38t; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VVOYp38t" Received: by smtp.kernel.org (Postfix) with ESMTPS id 7ED6AC2BCFA; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=wdLoj8HH8Ns1xI8zoSpP1xSUU4YJ7JLqU9N7Wg1Hrz0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=VVOYp38tDjUKY+lrdJC7aR7qz8kMFuqNZpBLzDkfG6IRhjfGsPWMpGGOHl4z77Rk6 J3sdvSPB7VUnU3vCX73wAaYDp8rsUodfc5LsB5r3/xVF35wBkBwJcdV/6FQupgtdBG 9Dn2XHEnTEfFJwAhaB20qXDXWUib5ZRhAtXzht1S8HQQj30ZPQ/K4MpmejzrX631UB e4zHW2BxJtZii/IbBildVt5eTcQYlE1nc+mchzY3WalFToQBLRkP/W8Y3S9eP+ToWv F5tQ9t/R1HNRc7sW2MSpPYUGLV787DrXs0Phn0kbDwl+pyRiUZzDhVf81fSZbuAebl ifs0Ft1NbLapg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7229AFF8875; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:34 -0700 Subject: [PATCH RFC v5 39/53] KVM: selftests: Test that truncation does not change shared/private status Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-39-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1978; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=Bf9VYURnTgb4TwvCJyU5mwma0raoYBRglUIu1BddfsA=; b=Sy3fBvTvGT1l7P1754XNGwhnHr5V9qJNv9e3LC5taI2eQg7S9WzmF2LhNSMc6bbYXC5UjP7XV g61CrfU/Av3A6d5LctiXFLDMlkZ9ifHKNPN3O6xFeLM86WNKXhjnss1 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a test to verify that deallocating a page in a guest memfd region via fallocate() with FALLOC_FL_PUNCH_HOLE does not alter the shared or private status of the corresponding memory range. When a page backing a guest memfd mapping is deallocated, e.g., by punching a hole or truncating the file, and then subsequently faulted back in, the new page must inherit the correct shared/private status tracked by guest_memfd. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../selftests/kvm/x86/guest_memfd_conversions_test.c | 14 ++++++++++= ++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 2312592c4076b..8dfbf3630cec2 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -10,6 +10,7 @@ #include =20 #include "kvm_util.h" +#include "kvm_syscalls.h" #include "kselftest_harness.h" #include "test_util.h" #include "ucall_common.h" @@ -320,6 +321,19 @@ GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(unallocated= _folios, 8) test_convert_to_shared(t, i, 'B', 'C', 'D'); } =20 +/* Truncation should not affect shared/private status. */ +GMEM_CONVERSION_TEST_INIT_SHARED(truncate) +{ + host_do_rmw(t->mem, 0, 0, 'A'); + kvm_fallocate(t->gmem_fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 0, = page_size); + host_do_rmw(t->mem, 0, 0, 'A'); + + test_convert_to_private(t, 0, 'A', 'B'); + + kvm_fallocate(t->gmem_fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, 0, = page_size); + test_private(t, 0, 0, 'A'); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD8AD38947A; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=rFBbJpQdOq5iJol1ntQGZ4gFD94fVvGNpr21j0v294JADt9q+DAbz0jAFXhBexAVA1YzIkPRPnt+wHi0SKI3zYOTfH1rO7flIPHU0KObwtQNFrUlbUWc92UOVgmc6H6HcuUuW8rCNOpj4PrQ+AqZyyDdtayo+O6SFBWnxr8PTJ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=k74W65/sgUamQSqwCX6QPTIXutTYcok2/gXOIvWj2PA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=X9rZenK/7eet4SdCTb9lDuraKIgMO5OWTAOSCmule1KPPBO0FMK+OP0vmavsxvh59+wwaapFjlVW5P5n64UOdYC5fLltdvI/qVZ69TEPgMOzJHfBD9VgjuIJytCmYlIAE76pn7Vc+H6us3fDJNMQ/MvA8cK4lnQxWxrep5k3ZZw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=LSi4BCso; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="LSi4BCso" Received: by smtp.kernel.org (Postfix) with ESMTPS id 9152DC2BCFD; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=k74W65/sgUamQSqwCX6QPTIXutTYcok2/gXOIvWj2PA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=LSi4BCsoodSXa1Wtr13JwRzUK7xTLAqk5OWVYFi2qSZPJ8zA7D+SSEZ1D48CUQuT+ rWdSDWpaqxHqFxy+C8tpaeex+3XlA/tdpLIO8UDkK6nnXxZD/h7cmmE++U6gJk3C2D veEGJHjGxJutmaCwOy1blzJNkJVTaVSnd+qKK+/ZDF65hFJXLzL5k55DQNEwpVZJjs chf90qFJ55yGB1MFvKtI6gllnnUEiMFUB29cB6ag4flt/+o5SeW/liCAjjEA/ap/W+ KqNkstYd+cJqeIILMDbXblEpphRxwalJU5tVTSbo+mhaujLAi01uGpsdsuhmLwv/N+ 8Rv/jZsXG7DMA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 868DAFF8877; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:35 -0700 Subject: [PATCH RFC v5 40/53] KVM: selftests: Test that shared/private status is consistent across processes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-40-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3473; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=za9mbinhXQlrBGNX8T7yWO9RNCSzSfL649W98OVJnA0=; b=lkg9YFQlIbB1hlTVjPrGIukY3fzR7s6d2zyamzlqVzgGFcxL3JfBdyNqZw0C9MA3wGvekD5Qw vGC5eHP/UQ6DLO56Vn4ZHsd+yy/F3u/Qr3S2vgUpUxAbrEbmXmlAi+g X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Add a test to verify that a guest_memfd's shared/private status is consistent across processes, and that any shared pages previously mapped in any process are unmapped from all processes. The test forks a child process after creating the shared guest_memfd region so that the second process exists alongside the main process for the entire test. The processes then take turns to access memory to check that the shared/private status is consistent across processes. Signed-off-by: Sean Christopherson Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng --- .../kvm/x86/guest_memfd_conversions_test.c | 74 ++++++++++++++++++= ++++ 1 file changed, 74 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 8dfbf3630cec2..21918b83d3792 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -334,6 +334,80 @@ GMEM_CONVERSION_TEST_INIT_SHARED(truncate) test_private(t, 0, 0, 'A'); } =20 +/* Test that shared/private memory protections work and are seen from any = process. */ +GMEM_CONVERSION_TEST_INIT_SHARED(forked_accesses) +{ + /* + * No races are intended in this test, shared memory is only used to + * coordinate between processes. + */ + static enum { + STATE_INIT, + STATE_CHECK_SHARED, + STATE_DONE_CHECKING_SHARED, + STATE_CHECK_PRIVATE, + STATE_DONE_CHECKING_PRIVATE, + } *test_state; + pid_t child_pid; + + test_state =3D kvm_mmap(sizeof(*test_state), PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANONYMOUS, -1); + +#define TEST_STATE_AWAIT(__state) \ + while (READ_ONCE(*test_state) !=3D __state) { \ + if (child_pid !=3D 0) { \ + int status; \ + pid_t pid; \ + do { \ + pid =3D waitpid(child_pid, &status, WNOHANG); \ + } while (pid =3D=3D -1 && errno =3D=3D EINTR); \ + if (pid =3D=3D -1) \ + TEST_FAIL("Couldn't check child status."); \ + else if (pid !=3D 0) \ + TEST_FAIL("Child exited prematurely."); \ + } \ + } + +#define TEST_STATE_SET(__state) WRITE_ONCE(*test_state, __state) + + child_pid =3D fork(); + TEST_ASSERT(child_pid !=3D -1, "fork failed"); + + if (child_pid =3D=3D 0) { + const char inconsequential =3D 0xdd; + + TEST_STATE_AWAIT(STATE_CHECK_SHARED); + + /* + * This maps the pages into the child process as well, and tests + * that the conversion process will unmap the guest_memfd memory + * from all processes. + */ + host_do_rmw(t->mem, 0, 0xB, 0xC); + + TEST_STATE_SET(STATE_DONE_CHECKING_SHARED); + TEST_STATE_AWAIT(STATE_CHECK_PRIVATE); + + TEST_EXPECT_SIGBUS(READ_ONCE(t->mem[0])); + TEST_EXPECT_SIGBUS(WRITE_ONCE(t->mem[0], inconsequential)); + + TEST_STATE_SET(STATE_DONE_CHECKING_PRIVATE); + exit(0); + } + + test_shared(t, 0, 0, 0xA, 0xB); + + TEST_STATE_SET(STATE_CHECK_SHARED); + TEST_STATE_AWAIT(STATE_DONE_CHECKING_SHARED); + + test_convert_to_private(t, 0, 0xC, 0xD); + + TEST_STATE_SET(STATE_CHECK_PRIVATE); + TEST_STATE_AWAIT(STATE_DONE_CHECKING_PRIVATE); + + kvm_munmap(test_state, sizeof(*test_state)); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BF3823CD8C2; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=NKfqBago1siHjv4MZneEqbC0t4wSRgRhD+4ID99EHQffgrGT3eXP6mZnb4cU8K1vMaWKj4L6a/FvJBQsI05tYvHVwbbtNdN/KbthpO91fGc5Vn0ZNLMUQXHZBqQ9WvLmKCQaB1UX4Sxcqm3gR7ZuIBm2jyGZgK+oM+i1bhZrnh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=ss+F6HkF7cTK/9DopAjbmtDjE1NKfuiz72DZgsQjSIg=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=t0OkjqCFDOWVwbqg3c6nmFblQ8gRY/HJMWQtG1C9FdF4P+f3ul5ItlzD+M5guN7kyZ1BFYkpy/nM3YpqkLa9o9MRfUnJB8N8B4bCvS2JWs3iE+wyd/38eOMzUNL1UBqstdLt7nQPt/XGE7tHT3q2wpJ2ivpa62FU56BrL0P20gk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lp/+cg/W; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lp/+cg/W" Received: by smtp.kernel.org (Postfix) with ESMTPS id A4ADFC2BCFF; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=ss+F6HkF7cTK/9DopAjbmtDjE1NKfuiz72DZgsQjSIg=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=lp/+cg/Wy+tb64EDULPzJO6K1JR9dDvh3pBnCpW8Jrt3gO3LUt9CqgP99lbhVKzea LK5EEFcFEp4HEuobUYBOGhc4+sujDTSy0D/kivPtSfIRVam3fG40BG9/whNLdNbcjO nL1hbvhqPklXteycKpud7RPAvXwKErf4Wz7VO750HNlAxTAidS8H2au1n79+nrnVte Drd/dPETRdFerWJgZdUD8hp0+e83ZWYh3QRVI0IIpPDAqqsIFqGHUJohEgLqhvmlEt gf31cm2hv6aNoincOMEVcrfMR4fHLoEP6Ii0XGQoN2T2MC9NfPwS7onsbHCICq3KZo /j5E69Q8xGEQQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AE35CCF9E3; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:36 -0700 Subject: [PATCH RFC v5 41/53] KVM: selftests: Test conversion with elevated page refcount Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-41-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3828; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=/d2k8NxefQGN/ufZ9LnHGnYMKu34ADHcjvHKBhIXD7M=; b=1ULjpSvvqj0ZTKtSpsiMXgqtnYm7Snt35jmtyNxH17oWl3wy/V4Zf+IcNqc9/2lh+FZYBo3Rq O2h2lMIWdAOD1Tm3Ek0K9e45/q64b7b1AAg3Q7GDSAgbTfaw74Lzcqm X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a selftest to verify that converting a shared guest_memfd page to a private page fails if the page has an elevated reference count. When KVM converts a shared page to a private one, it expects the page to have a reference count equal to the reference counts taken by the filemap. If another kernel subsystem holds a reference to the page, for example via pin_user_pages(), the conversion must be aborted. This test uses vmsplice to increment the refcount of a specific page. The reference is kept on the page by not reading data out from vmsplice's destination pipe. It then attempts to convert a range of pages, including the page with elevated refcount, from shared to private. The test asserts that both bulk and single-page conversion attempts correctly fail with EAGAIN for the pinned page. After the page is unpinned, the test verifies that subsequent conversions succeed. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../kvm/x86/guest_memfd_conversions_test.c | 80 ++++++++++++++++++= ++++ 1 file changed, 80 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 21918b83d3792..13bbc361eaeda 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -408,6 +408,86 @@ GMEM_CONVERSION_TEST_INIT_SHARED(forked_accesses) kvm_munmap(test_state, sizeof(*test_state)); } =20 +static int pin_pipe[2] =3D { -1, -1 }; + +static void pin_pages(void *vaddr, size_t size) +{ + struct iovec iov =3D { + .iov_base =3D vaddr, + .iov_len =3D size, + }; + + if (pin_pipe[1] < 0) + TEST_ASSERT_EQ(pipe(pin_pipe), 0); + + TEST_ASSERT_EQ(vmsplice(pin_pipe[1], &iov, 1, 0), size); +} + +static void unpin_pages(void) +{ + close(pin_pipe[1]); + pin_pipe[1] =3D -1; + close(pin_pipe[0]); + pin_pipe[0] =3D -1; +} + +static void test_convert_to_private_fails(test_data_t *t, loff_t pgoff, + size_t nr_pages, + loff_t expected_error_offset) +{ + loff_t offset =3D pgoff * page_size; + loff_t error_offset =3D 0; + int ret; + + do { + ret =3D __gmem_set_private(t->gmem_fd, offset, + nr_pages * page_size, &error_offset, + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + } while (ret =3D=3D -1 && errno =3D=3D EINTR); + TEST_ASSERT(ret =3D=3D -1 && errno =3D=3D EAGAIN, + "Wanted EAGAIN on page %lu, got %d (ret =3D %d)", pgoff, + errno, ret); + TEST_ASSERT_EQ(error_offset, expected_error_offset); +} + +GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(elevated_refcount, 4) +{ + int i; + + pin_pages(t->mem + test_page * page_size, page_size); + + for (i =3D 0; i < nr_pages; i++) + test_shared(t, i, 0, 'A', 'B'); + + /* + * Converting in bulk should fail as long any page in the range has + * unexpected refcounts. + */ + test_convert_to_private_fails(t, 0, nr_pages, test_page * page_size); + + for (i =3D 0; i < nr_pages; i++) { + /* + * Converting page-wise should also fail as long any page in the + * range has unexpected refcounts. + */ + if (i =3D=3D test_page) + test_convert_to_private_fails(t, i, 1, test_page * page_size); + else + test_convert_to_private(t, i, 'B', 'C'); + } + + unpin_pages(); + + gmem_set_private(t->gmem_fd, 0, nr_pages * page_size, + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE); + + for (i =3D 0; i < nr_pages; i++) { + char expected =3D i =3D=3D test_page ? 'B' : 'C'; + + test_private(t, i, expected, 'D'); + } +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D59D93D3336; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; cv=none; b=YywaVd1ccjRNUFsaDrkwmx30eCLL/FnPn7bMQn9kKBvZ4w0p7CgWb9wycpZWA261dEmeraauAHIJ8ccuyntPrKQA9iaGeP12bnq31aP6LyKKTuq1yd9D9XyceMtwhKFFqhZXRoH4rm9mBtfYPpIRjmp8HEYn4gCiuCDfY/DR444= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418720; c=relaxed/simple; bh=IkAEdxgFQSCePcOD0KI1OLzhhzwrFCotUetQZ59Ws/c=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=dZalwm9SoZNSHI199TsMFrTBGcor4fGs9NwDxdsNV+19nGvi1fpgVJLzs6WAoT2PuFirBRWunAGFkLWgPwoMsyFHtmClMcNa0OeUSWbwceHk0rv5NonaQdbekm1ZFy6h0hWyxQzvSxkMcSyIanCnNwajSG+OFCnOAu3L2wZW7qo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=a5SAxy13; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="a5SAxy13" Received: by smtp.kernel.org (Postfix) with ESMTPS id B70D3C2BCB9; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=IkAEdxgFQSCePcOD0KI1OLzhhzwrFCotUetQZ59Ws/c=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=a5SAxy130HMQEbD8PsBjsAfQVJ8v5McxRo1t0frjQsvW+fhm/mdth96pFJvKEw5km iFXSxPCCSbFwmHfgHuAXjGfzRcO7nmJ187/MjgpGpD2YeMMcP1lXBvyN/GVhoJJvG7 7lvDBH5ysmzlD/sV6xntrX4TBgtzwUDPGbe+spSBoXTMzmGENv8SZ/SgkSRyhEDqU9 +whyviMabBlg+/7saH6ETlKbn+Dd62+XH/AZIEF3rwGBM6i4llNXNcuZGW9+egxZET ZcQ1n7xhxAb/XkzsEwWJvw8nYbCYXL16h4IBnnqlqYGKpwaohzHfHUXmo8G1KbjnsZ hM3C6FdqJ66Ng== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD820FF887E; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:37 -0700 Subject: [PATCH RFC v5 42/53] KVM: selftests: Test that conversion to private does not support ZERO Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-42-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1307; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=1/xHeFjZTWhRZczDGwQ1Jx9lj8BRoFI4Rw461HTrIgs=; b=9CgTbYMxC9JsFpzII614O+d7fbdprDVtfo6d7D8lw8ni08UNZgZcln0uVEjpkx6k04MiPFJfg QxJe2dg02RkACTOyS3Hdd2KOFVsbBQx6ftQ808D36NvFDwoR9KUB/VQ X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Test that conversion to private specifying the KVM_SET_MEMORY_ATTRIBUTES2_ZERO flag returns -1 and sets errno to EOPNOTSUPP. Signed-off-by: Ackerley Tng --- .../selftests/kvm/x86/guest_memfd_conversions_test.c | 15 +++++++++++= ++++ 1 file changed, 15 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 13bbc361eaeda..922261ebaff96 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -488,6 +488,21 @@ GMEM_CONVERSION_MULTIPAGE_TEST_INIT_SHARED(elevated_re= fcount, 4) } } =20 +GMEM_CONVERSION_TEST_INIT_SHARED(convert_to_private_does_not_support_zero) +{ + const loff_t start_offset =3D 0; + loff_t error_offset =3D 0; + int ret; + + ret =3D __gmem_set_private(t->gmem_fd, start_offset, nr_pages * page_size, + &error_offset, + KVM_SET_MEMORY_ATTRIBUTES2_ZERO); + + TEST_ASSERT_EQ(ret, -1); + TEST_ASSERT_EQ(errno, EOPNOTSUPP); + TEST_ASSERT_EQ(error_offset, start_offset); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E98313D34B1; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=JtNf9sP3c1aCQDMyAcbL+cPNx5uei+C99uj7nZZdtWgQH+1jj5l8Z29/jgXiVgN9l1VLAT1aF5R97R4SedggX1N1SIgfc2SpoP/vUr8/6hv0dFgrZ4xlm/AmGgTxeijFCJ0d3SPDqCIECua/POawWCsAsetkFFR/LR0BszaciBs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=fi5qoarFijE2lWp5XxDoESzLwDXl1eAEmD22R/fPyIs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=aneW6fn3P5w8HOpjRjC7S6qtEP/dVNND2vMzgGU63JjPCY7I19iVm3LUzThagOByew3J/PRkx6h+MdghoFHO8pbxFLZNtljAP7JRyqyjjCAQlOzZwYZPrgefEEl9qdVqORyRZpI8ysu1E5nzxZNf79uWDwMy+FXjhiTgOL3dz5I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=L4evB6Kh; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="L4evB6Kh" Received: by smtp.kernel.org (Postfix) with ESMTPS id CD0C0C2BCB8; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=fi5qoarFijE2lWp5XxDoESzLwDXl1eAEmD22R/fPyIs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=L4evB6Khg1O5ByRuDGL14styXW8AJIiKNKNXoWZY9e310k/C1vn/SFuMfURWGVPFa gmcf5CnqjWieP74atQhouofZc1jF9je/jvHIb2aj1JJzmii3hehhvgLLnm5sj0brlu dbs1VTzi6/6YkWGIV7yKlsstePw0fGeyRcvtCTvXNaPoq9KPmTdISzS7P1goc8gLUS G8OhlMs7Y38okfdUbOYcZt5aQ31hutAwW3ekCzM/0Z+Xak0kDlDBY1XWhlNWJQqq7t gMFsCtoXPdhd8zTHv/g8h6xFzjf1B4Oex42GzYC+1o16QTkAzhBve/XweR6s1j956U AuOFKb5gEIM6A== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1014FF8875; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:38 -0700 Subject: [PATCH RFC v5 43/53] KVM: selftests: Support checking that data not equal expected Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-43-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2851; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=7gz8kf/n4ixOaF8MVfsAM6UcG2xye98XFNb81uX9/Q0=; b=K0nhoHtw+bHDcFt0NTXB9H8IY5KufQrx9yXWXRDB44IJvZWG6vgqoP88UFkyWNZSvMMA4sjKx IeEHazMTIeLBYKybYfkuwhPvhexJMT5hxbaymArE73yb7zsZfD59Xn1 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Expand run_guest_do_rmw() to support checking that data at given pgoff is not equal to expected_val. This will be used in a later patch that tests that memory contents are scrambled. Signed-off-by: Ackerley Tng --- .../selftests/kvm/x86/guest_memfd_conversions_test.c | 17 +++++++++++++= ---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 922261ebaff96..57adb6d84a053 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -137,6 +137,7 @@ static void __gmem_conversions_multipage_##test(test_da= ta_t *t, int nr_pages, \ struct guest_check_data { void *mem; char expected_val; + bool assert_not_equal; char write_val; }; static struct guest_check_data guest_data; @@ -146,7 +147,13 @@ static void guest_do_rmw(void) for (;;) { char *mem =3D READ_ONCE(guest_data.mem); =20 - GUEST_ASSERT_EQ(READ_ONCE(*mem), READ_ONCE(guest_data.expected_val)); + if (READ_ONCE(guest_data.assert_not_equal)) { + GUEST_ASSERT_NE(READ_ONCE(*mem), + READ_ONCE(guest_data.expected_val)); + } else { + GUEST_ASSERT_EQ(READ_ONCE(*mem), + READ_ONCE(guest_data.expected_val)); + } WRITE_ONCE(*mem, READ_ONCE(guest_data.write_val)); =20 GUEST_SYNC(0); @@ -154,13 +161,15 @@ static void guest_do_rmw(void) } =20 static void run_guest_do_rmw(struct kvm_vcpu *vcpu, loff_t pgoff, - char expected_val, char write_val) + char expected_val, char write_val, + bool assert_not_equal) { struct ucall uc; int r; =20 guest_data.mem =3D (void *)GUEST_MEMFD_SHARING_TEST_GVA + pgoff * page_si= ze; guest_data.expected_val =3D expected_val; + guest_data.assert_not_equal =3D assert_not_equal; guest_data.write_val =3D write_val; sync_global_to_guest(vcpu->vm, guest_data); =20 @@ -191,7 +200,7 @@ static void test_private(test_data_t *t, loff_t pgoff, = char starting_val, char write_val) { TEST_EXPECT_SIGBUS(WRITE_ONCE(t->mem[pgoff * page_size], write_val)); - run_guest_do_rmw(t->vcpu, pgoff, starting_val, write_val); + run_guest_do_rmw(t->vcpu, pgoff, starting_val, write_val, false); TEST_EXPECT_SIGBUS(READ_ONCE(t->mem[pgoff * page_size])); } =20 @@ -207,7 +216,7 @@ static void test_shared(test_data_t *t, loff_t pgoff, c= har starting_val, char host_write_val, char write_val) { host_do_rmw(t->mem, pgoff, starting_val, host_write_val); - run_guest_do_rmw(t->vcpu, pgoff, host_write_val, write_val); + run_guest_do_rmw(t->vcpu, pgoff, host_write_val, write_val, false); TEST_ASSERT_EQ(READ_ONCE(t->mem[pgoff * page_size]), write_val); } =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0725B3D412D; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=cA1r1v44y/GBmrRc63INfDwz1C+t8q3yL4DeyqRl1VcW3lolcAAZKQKjk7HHtFhqWYv02WM0oL1RbnUbLKi1lriw2Qjw1wcRxSGfHRsNSPszYTw/SfGE8K/Udx3HK8YN+Yqt9rDFWPF2B9DcvXJovfpW0KQ7JMjGRHErta/vBr0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=Vgze5D+bN0AcyWszSG1YlA0S2f1gEtod7TQDybNpW/k=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=cP84kN6m/lVkbx8j3ZX4vS64PkAYyEyqJ/B0Q0qRnsfK14hiLoBpa6XZxzPQlFtQfg2S4uIkvdi4lsAAX+Z35vEBRivHpLW5BGq/INuSni6d2Bo/4G1SG5y6m8j3q83c06g5yt82BorCWfXJA6YOt4Uqxz35Ikm23biJZqu95ps= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=HcXbivY7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="HcXbivY7" Received: by smtp.kernel.org (Postfix) with ESMTPS id DD9E0C2BCF4; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418720; bh=Vgze5D+bN0AcyWszSG1YlA0S2f1gEtod7TQDybNpW/k=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=HcXbivY7zdv/RmF1UVmwhwUKKrjRdHI4Pitvra7t/6Sr8tS0A7tyunNzyMPwnwdRV NZJmyGLoA1nSGDuCm6QPXSuHgfTrMv36avF+EcQe/UPPrfralU+t57Ny6qFLfUJXJV 7gq0aZ8pSdlm2k2tvfK34LKR5LzCkgxKmKGzU7LMxOTHJKZiHosi/JRdd8DI+fPpjK q2zE2/eTZjQMkpg7v+55vBlah5Xqtua7lNusx2XZJ5trpGKEu1yc2bMMha1J0F6wm5 KC3OO4ja5fK8B+J7GV8W8GTjIoN5aRrcgcGLsNdBe8V03ZMpgInh1RPc4GckwbKFnI lhUfIiTaYjfyw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D4581FF8877; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:39 -0700 Subject: [PATCH RFC v5 44/53] KVM: selftests: Test that not specifying a conversion flag scrambles memory contents Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-44-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2091; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=Avy1yjuj5TLXjW+gFYQvsB+PRbonfW+tVbhN8u3NZik=; b=fb9rZViAfwmrwJD9SGoXVoob6TT9WaSRJ4Wrr/TWhXnHc57g7FFxpcP7viuqXx3r+qwjvVnmr KXKhGbWj4CZCYiavrYR0ULbUfm3YqEoUTcfGzy/jE7G4hkJglBe7CP0 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng When using KVM_SET_MEMORY_ATTRIBUTES2, not specifying flags for the ioctl implies no guarantees on memory contents. For KVM_X86_SW_PROTECTED_VM, this mode is implemented by scrambling contents of converted memory ranges. Add a test to check that the unspecified conversion mode was handled in KVM by checking the expected behavior, that existing memory contents are scrambled. Signed-off-by: Ackerley Tng --- .../kvm/x86/guest_memfd_conversions_test.c | 28 ++++++++++++++++++= ++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c= b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c index 57adb6d84a053..f4705dc700879 100644 --- a/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/guest_memfd_conversions_test.c @@ -512,6 +512,34 @@ GMEM_CONVERSION_TEST_INIT_SHARED(convert_to_private_do= es_not_support_zero) TEST_ASSERT_EQ(error_offset, start_offset); } =20 +GMEM_CONVERSION_TEST_INIT_SHARED(convert_mode_unspecified_scrambles) +{ + loff_t error_offset =3D 0; + int ret; + + test_shared(t, 0, 0, 'A', 'B'); + ret =3D __gmem_set_private(t->gmem_fd, 0, nr_pages * page_size, + &error_offset, 0); + TEST_ASSERT_EQ(ret, 0); + TEST_ASSERT_EQ(error_offset, 0); + + /* + * Since the content mode 0 scrambles data in memory, there is + * a small chance that this test will falsely fail when the + * scrambled value matches the initial value. + */ + run_guest_do_rmw(t->vcpu, 0, 'B', 'C', true); + + ret =3D __gmem_set_shared(t->gmem_fd, 0, nr_pages * page_size, + &error_offset, 0); + TEST_ASSERT_EQ(ret, 0); + TEST_ASSERT_EQ(error_offset, 0); + + /* Same small chance of falsely failing test applies here. */ + TEST_ASSERT(READ_ONCE(t->mem[0]) !=3D 'C', + "Conversion without specifying mode should scramble memory."); +} + int main(int argc, char *argv[]) { TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1BFFF3D47D9; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=o2X4C+mjTMmpLFmXE9k7xKMCaLiNBFnVSRq9zWxtl0IVNEmILF+pnK5uAytAVmenL1XtskipGVEvBHvmHh7WJdAvbPDKDNBUQjaoN+8zBJHASeep6n/SCdriRoRYRHHy1pgU/7vw/ozkChqxypK3RVNqFz4CGWAiiWnzvkSgZRU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=QI0czbPihibpXCD2kQtktaad48rPB1vkWaJ1I6GpYvk=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Df6D2h/C1w/6A3rNvnrXMVgGrEYp5Zyv0ZBqoPEvkxORJJ+lL71zliEuyWKKTLW3bxqcoTznO1a06f8wYIefxP1Osl5muCOGOvFyYKq1qAbJnbjoL6E1HnkgScF0EIKFfXJ/5VDRQeNf/LVf8XXgreQq248fpKzdKo6lMXR7ILY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=orkSpLeY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="orkSpLeY" Received: by smtp.kernel.org (Postfix) with ESMTPS id F1086C2BCC4; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=QI0czbPihibpXCD2kQtktaad48rPB1vkWaJ1I6GpYvk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=orkSpLeYcwzAa7qy5LM48A13FLHgij2k51J6yMyjX1stw7i/KE5YLcpXL7eSvB4uf zZcdEDlTRbY/9aPbl4y3IMYf4OCAjGOhvboey3xBFzIiByYL9HaUV/oiYCT5/+xxBX i6JZPg73USXXRrfhUdYGQ0VbKQ+zR6Smr9Evmae8eQw7+1fYFokYwwhQqoNTHZBuZv Nn8YFETKZ4ncjN5HcgAuAgkUhg8gmEt48NRaQuFg4DL5+l2kyIZY6MFKdUcPQu0or1 xDdNwv6egPsHnqKRsTCmkoF7JV+TimZk5lw9gUXXn7OtQwJPv+tIq/bVg/bqih8iTR Kt+WH9S3KQgug== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7395CCF9E3; Tue, 28 Apr 2026 23:25:20 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:40 -0700 Subject: [PATCH RFC v5 45/53] KVM: selftests: Reset shared memory after hole-punching Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-45-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=2491; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=WSIF8DMlvu4DIEQtmUrMjtQfocHXchi9Geu1zzxLD0I=; b=kuPxD2GFOGoFfxlviY04qf8Sq3zByZ44zvRNeBcRqsFNI56KizuLJBgckTtLQ4utLIPJ7dv8b EBG4IOrjJg1ApGbwerboMAotA0X/Wbh8yTgowQ9HiOfeFlD83CgcFa6 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng private_mem_conversions_test used to reset the shared memory that was used for the test to an initial pattern at the end of each test iteration. Then, it would punch out the pages, which would zero memory. Without in-place conversion, the resetting would write shared memory, and hole-punching will zero private memory, hence resetting the test to the state at the beginning of the for loop. With in-place conversion, resetting writes memory as shared, and hole-punching zeroes the same physical memory, hence undoing the reset done before the hole punch. Move the resetting after the hole-punching, and reset the entire PER_CPU_DATA_SIZE instead of just the tested range. With in-place conversion, this zeroes and then resets the same physical memory. Without in-place conversion, the private memory is zeroed, and the shared memory is reset to init_p. This is sufficient since at each test stage, the memory is assumed to start as shared, and private memory is always assumed to start zeroed. Conversion zeroes memory, so the future test stages will work as expected. Fixes: 43f623f350ce1 ("KVM: selftests: Add x86-only selftest for private me= mory conversions") Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/x86/private_mem_conversions_test.c | 9 ++++++-= -- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c= b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c index 861baff201e78..289ad10063fca 100644 --- a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c @@ -202,15 +202,18 @@ static void guest_test_explicit_conversion(u64 base_g= pa, bool do_fallocate) guest_sync_shared(gpa, size, p3, p4); memcmp_g(gpa, p4, size); =20 - /* Reset the shared memory back to the initial pattern. */ - memset((void *)gpa, init_p, size); - /* * Free (via PUNCH_HOLE) *all* private memory so that the next * iteration starts from a clean slate, e.g. with respect to * whether or not there are pages/folios in guest_mem. */ guest_map_shared(base_gpa, PER_CPU_DATA_SIZE, true); + + /* + * Hole-punching above zeroed private memory. Reset shared + * memory in preparation for the next GUEST_STAGE. + */ + memset((void *)base_gpa, init_p, PER_CPU_DATA_SIZE); } } =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D31A3D566D; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=X+caBavdoBO9Lh6PoLWKAl47tuDDPvbZ0JNKsvKYVU29YhX754YEedOCGVw642Gy8DCszopJ5P60LJHp8w72sTRqGSBkEVVdJMLfPpzW/KMyG1+qQSiHjudachT0WQZmhI+6GHL2V/iMUzi+1oW1Zb4O1SUe3yo4Vjf5qNK7rSM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=mwkgk7A8hFc2PxDEeFm6pEnfqmPWkj5TqPujEB8TS+w=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=rjzWPcDimGquQOfZQRExnfazXdqwA/KflBsdJGYZrPa56Br/P3QoKD8GE446bKdpgw3cjkRJxByXUQqptMBgai1vA0I7zMpQuODiPx4yHytF1qffQ/VoDS+aH2tvn/gb6D+J6t6QhCz+q+xdmRqrumW7d1Ctqwt1bCGnpmNNIh4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Rp401V6E; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Rp401V6E" Received: by smtp.kernel.org (Postfix) with ESMTPS id 10E47C2BCC9; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=mwkgk7A8hFc2PxDEeFm6pEnfqmPWkj5TqPujEB8TS+w=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=Rp401V6ECX1gEsLEV0pf4PelPwAttxOwivufPzzsFK8aTbzDeJ9a6Ak/BWLzVv9Ax M2SbzjBE6/+Q3tz6O7UJEhputyg261KcRHxp6J2LFGYIXNg35pTo+Q4IATJNrSk7Wd tVMCESXsE0P6tZQWNpba/YRrlPnOu+4D+J4TF04k0nnxvZr3K0ryvTsCxLFx1A7UlF xa7pxZ/W94Iztd6sNrmUhPjcW6gHXjeelgo0gKZJWCCqS0D1AlM7Ggt56J6b5xafmm KDVOc/SlT7c2EXDB3SNaKZOnTTxlMj3tExcjxTWpwpiH15g+jKzMl8b6gtybuKbLYx Tv+4jjYPfb3Jw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0740BFF887E; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:41 -0700 Subject: [PATCH RFC v5 46/53] KVM: selftests: Provide function to look up guest_memfd details from gpa Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-46-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3877; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=Xc+MUzeFyBLqIxQeeove1J/69O/NRCP9DFI9k+NHIr0=; b=W1wuVqqKA/T+YKlV9bCqGjI4UHZ9nsom3khaNv6fjoqr4kJjIUCGS7SXpK1EaP4DvoNqg9660 JNsOz0AnsxQDhxWPEMKtEImjgwdIt1LCW9dYvUMi4MOuu95MmbCZLK2 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Introduce a new helper, kvm_gpa_to_guest_memfd(), to find the guest_memfd-related details of a memory region that contains a given guest physical address (GPA). The function returns the file descriptor for the memfd, the offset into the file that corresponds to the GPA, and the number of bytes remaining in the region from that GPA. kvm_gpa_to_guest_memfd() was factored out from vm_guest_mem_fallocate(); refactor vm_guest_mem_fallocate() to use the new helper. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/include/kvm_util.h | 3 +++ tools/testing/selftests/kvm/lib/kvm_util.c | 34 ++++++++++++++++------= ---- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing= /selftests/kvm/include/kvm_util.h index 62d917a2d2b19..7de88cbdfd2b8 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -428,6 +428,9 @@ static inline void vm_enable_cap(struct kvm_vm *vm, u32= cap, u64 arg0) vm_ioctl(vm, KVM_ENABLE_CAP, &enable_cap); } =20 +int kvm_gpa_to_guest_memfd(struct kvm_vm *vm, gpa_t gpa, off_t *fd_offset, + size_t *nr_bytes); + /* * KVM_SET_MEMORY_ATTRIBUTES{,2} overwrites _all_ attributes. These * flows need significant enhancements to support multiple attributes. diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 5e34593ad79c4..12e031a8fc20d 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1283,27 +1283,19 @@ void vm_guest_mem_fallocate(struct kvm_vm *vm, u64 = base, u64 size, bool punch_hole) { const int mode =3D FALLOC_FL_KEEP_SIZE | (punch_hole ? FALLOC_FL_PUNCH_HO= LE : 0); - struct userspace_mem_region *region; u64 end =3D base + size; gpa_t gpa, len; off_t fd_offset; - int ret; + int fd, ret; =20 for (gpa =3D base; gpa < end; gpa +=3D len) { - u64 offset; - - region =3D userspace_mem_region_find(vm, gpa, gpa); - TEST_ASSERT(region && region->region.flags & KVM_MEM_GUEST_MEMFD, - "Private memory region not found for GPA 0x%lx", gpa); + fd =3D kvm_gpa_to_guest_memfd(vm, gpa, &fd_offset, &len); + len =3D min(end - gpa, len); =20 - offset =3D gpa - region->region.guest_phys_addr; - fd_offset =3D region->region.guest_memfd_offset + offset; - len =3D min_t(u64, end - gpa, region->region.memory_size - offset); - - ret =3D fallocate(region->region.guest_memfd, mode, fd_offset, len); + ret =3D fallocate(fd, mode, fd_offset, len); TEST_ASSERT(!ret, "fallocate() failed to %s at %lx (len =3D %lu), fd =3D= %d, mode =3D %x, offset =3D %lx", punch_hole ? "punch hole" : "allocate", gpa, len, - region->region.guest_memfd, mode, fd_offset); + fd, mode, fd_offset); } } =20 @@ -1640,6 +1632,22 @@ void *addr_gpa2alias(struct kvm_vm *vm, gpa_t gpa) return (void *) ((uintptr_t) region->host_alias + offset); } =20 +int kvm_gpa_to_guest_memfd(struct kvm_vm *vm, gpa_t gpa, off_t *fd_offset, + size_t *nr_bytes) +{ + struct userspace_mem_region *region; + gpa_t gpa_offset; + + region =3D userspace_mem_region_find(vm, gpa, gpa); + TEST_ASSERT(region && region->region.flags & KVM_MEM_GUEST_MEMFD, + "guest_memfd memory region not found for GPA 0x%lx", gpa); + + gpa_offset =3D gpa - region->region.guest_phys_addr; + *fd_offset =3D region->region.guest_memfd_offset + gpa_offset; + *nr_bytes =3D region->region.memory_size - gpa_offset; + return region->region.guest_memfd; +} + /* Create an interrupt controller chip for the specified VM. */ void vm_create_irqchip(struct kvm_vm *vm) { --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9017E3D9DA0; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=S/02cqE8s5UMx+WeNQQvLxJiDn8fPsJimC4nSpstKH2xK48vivh5dzs2Pt9LBI8gh8HvrODqyptIO7dKyOj+yf2qIStxGnTfzTvchNlYRNbgJvCoCmLX61QLtgbBGWc/NMLJGs298DyauaT4+71eF9tJnmTtXZBmRWd4RRMmSeA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=sREAP2MxGPEbvXSq5SRQ/nStAIIJ5drv06P6dsUlKj0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IqQBDGgT5N3SRh5kZmAJyxvXvoM/b8BDLuZXULZSIlT2PyJrUHXMxkJUaVyLAkC6G/CCvjtz2nLKS0+1WdSZ/F4eu0SY78q4uwEFh+QJJm8i1JDpkfxIlKBMXGuezrpl22KYynUPcw68p7Ll93lU+zX3xehNs5St6fezfifkpYE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=VezrHNtt; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="VezrHNtt" Received: by smtp.kernel.org (Postfix) with ESMTPS id 415E5C2BCAF; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=sREAP2MxGPEbvXSq5SRQ/nStAIIJ5drv06P6dsUlKj0=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=VezrHNtt59Dx1C2KXiPFAf1qGG5aL14O7Xt7SsmDPsDSSgIbQWWaGeuzsqrPzSKEp JbuN/2lpgyJygOhSexN9SK8JmQITv7LcE5VPw0t7fmbkqA8tyW/2yefChZdspqpq60 vavvHsIuCVZ3BZLh/OT5DUdnktWbZTJEWoEd+ccLzkzVqipIku1AgZveNH624/W5Lm H6h9LdzhdIjBf5Mjj4hertntX+O19dQ3qTFpUSSgNeTkHD1OojScPF4znehmOfb9cu kZPWaAyYk2QJjJy68GT56xz7R6rRm23XpttVgdhFpBDUNWcw5TbRweBE/BzCVpkORH deJqVab1J4ijQ== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38514FF8875; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:42 -0700 Subject: [PATCH RFC v5 47/53] KVM: selftests: Provide common function to set memory attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-47-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5499; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=x8WxP9zvytzuqL5tzXmnvDO35wF0Bk1eLqxImWMw/aQ=; b=iV5e1pQisdMevCU5CiJtojdosppLVl1PRMIYiUBBT/pi9FZox4TCPglLIzytx0XkHy9Ph9bsO xFjPgwK5wRvAwZzt6Lx1VOzRt2Hz4eVHfIO3i7PgOCUXg601spXNW2d X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Introduce vm_mem_set_memory_attributes(), which handles setting of memory attributes for a range of guest physical addresses, regardless of whether the attributes should be set via guest_memfd or via the memory attributes at the VM level. Refactor existing vm_mem_set_{shared,private} functions to use the new function. Opportunistically update the size parameter to use size_t instead of u64. Update existing caller of vm_mem_set_private(). Signed-off-by: Sean Christopherson Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/kvm_util.h | 47 ++++++++++++++++--= ---- tools/testing/selftests/kvm/lib/x86/sev.c | 2 +- .../testing/selftests/kvm/pre_fault_memory_test.c | 2 +- .../selftests/kvm/x86/private_mem_kvm_exits_test.c | 4 +- 4 files changed, 39 insertions(+), 16 deletions(-) diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing= /selftests/kvm/include/kvm_util.h index 7de88cbdfd2b8..c9dba44ce6bf9 100644 --- a/tools/testing/selftests/kvm/include/kvm_util.h +++ b/tools/testing/selftests/kvm/include/kvm_util.h @@ -454,18 +454,6 @@ static inline void vm_set_memory_attributes(struct kvm= _vm *vm, gpa_t gpa, vm_ioctl(vm, KVM_SET_MEMORY_ATTRIBUTES, &attr); } =20 -static inline void vm_mem_set_private(struct kvm_vm *vm, gpa_t gpa, - u64 size) -{ - vm_set_memory_attributes(vm, gpa, size, KVM_MEMORY_ATTRIBUTE_PRIVATE); -} - -static inline void vm_mem_set_shared(struct kvm_vm *vm, gpa_t gpa, - u64 size) -{ - vm_set_memory_attributes(vm, gpa, size, 0); -} - static inline int __gmem_set_memory_attributes(int fd, loff_t offset, size_t size, u64 attributes, loff_t *error_offset, @@ -536,6 +524,41 @@ static inline void gmem_set_shared(int fd, loff_t offs= et, size_t size, u64 flags gmem_set_memory_attributes(fd, offset, size, 0, flags); } =20 +static inline void vm_mem_set_memory_attributes(struct kvm_vm *vm, gpa_t g= pa, + size_t size, u64 attrs, u64 flags) +{ + if (kvm_has_gmem_attributes) { + gpa_t end =3D gpa + size; + off_t fd_offset; + gpa_t addr; + size_t len; + int fd; + + for (addr =3D gpa; addr < end; addr +=3D len) { + fd =3D kvm_gpa_to_guest_memfd(vm, addr, &fd_offset, &len); + len =3D min(end - addr, len); + + gmem_set_memory_attributes(fd, fd_offset, len, attrs, flags); + } + } else { + TEST_ASSERT(!flags, "Flags are not supported."); + vm_set_memory_attributes(vm, gpa, size, attrs); + } +} + +static inline void vm_mem_set_private(struct kvm_vm *vm, gpa_t gpa, + size_t size, u64 flags) +{ + vm_mem_set_memory_attributes(vm, gpa, size, + KVM_MEMORY_ATTRIBUTE_PRIVATE, flags); +} + +static inline void vm_mem_set_shared(struct kvm_vm *vm, gpa_t gpa, + size_t size, u64 flags) +{ + vm_mem_set_memory_attributes(vm, gpa, size, 0, flags); +} + void vm_guest_mem_fallocate(struct kvm_vm *vm, gpa_t gpa, u64 size, bool punch_hole); =20 diff --git a/tools/testing/selftests/kvm/lib/x86/sev.c b/tools/testing/self= tests/kvm/lib/x86/sev.c index 93f9169034617..d0205b3299e0b 100644 --- a/tools/testing/selftests/kvm/lib/x86/sev.c +++ b/tools/testing/selftests/kvm/lib/x86/sev.c @@ -33,7 +33,7 @@ static void encrypt_region(struct kvm_vm *vm, struct user= space_mem_region *regio const u64 offset =3D (i - lowest_page_in_region) * vm->page_size; =20 if (private) - vm_mem_set_private(vm, gpa_base + offset, size); + vm_mem_set_private(vm, gpa_base + offset, size, 0); =20 if (is_sev_snp_vm(vm)) snp_launch_update_data(vm, gpa_base + offset, diff --git a/tools/testing/selftests/kvm/pre_fault_memory_test.c b/tools/te= sting/selftests/kvm/pre_fault_memory_test.c index fcb57fd034e67..9d16a277696ce 100644 --- a/tools/testing/selftests/kvm/pre_fault_memory_test.c +++ b/tools/testing/selftests/kvm/pre_fault_memory_test.c @@ -184,7 +184,7 @@ static void __test_pre_fault_memory(unsigned long vm_ty= pe, bool private) virt_map(vm, gva, gpa, TEST_NPAGES); =20 if (private) - vm_mem_set_private(vm, gpa, TEST_SIZE); + vm_mem_set_private(vm, gpa, TEST_SIZE, 0); =20 pre_fault_memory(vcpu, gpa, 0, SZ_2M, 0, private); pre_fault_memory(vcpu, gpa, SZ_2M, PAGE_SIZE * 2, PAGE_SIZE, private); diff --git a/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c b= /tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c index 10db9fe6d9063..9309d67841482 100644 --- a/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c +++ b/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c @@ -63,7 +63,7 @@ static void test_private_access_memslot_deleted(void) virt_map(vm, EXITS_TEST_GVA, EXITS_TEST_GPA, EXITS_TEST_NPAGES); =20 /* Request to access page privately */ - vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE); + vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE, 0); =20 pthread_create(&vm_thread, NULL, (void *(*)(void *))run_vcpu_get_exit_reason, @@ -99,7 +99,7 @@ static void test_private_access_memslot_not_private(void) virt_map(vm, EXITS_TEST_GVA, EXITS_TEST_GPA, EXITS_TEST_NPAGES); =20 /* Request to access page privately */ - vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE); + vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE, 0); =20 exit_reason =3D run_vcpu_get_exit_reason(vcpu); =20 --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FEEF3D905F; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=JLk92IkbbY0Ok73BvrD9ipk8AAbLwjHnOjWxz/aWDUEjKkXclgharoC3GkNmSUXWR3APgcM0rL0FRGVsuHA94OYNe9qaOLHEGRCoUkWi45qXMvy/ZMPwq+KRLZjls5JHuV4nWfQg6WY2VkItKPm35HGqmTKq7DZY2yr4vIIHeB0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=SAmPYY8ikK4ezlQwpFa0qJSjGj7Hehm7adP1PCdg64M=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=IosZk5zxfU2ikZ/01CmSnOSMIWU4xJ7+RfTH9n5DnjcpJUxCCozu7adaMVmzM9sSbqRgsdk8j5YVxvd6LBP9TFeCsHjkZy+XoVMRnqkZ2ktzmzRu1+KU+lsTqBPB5Koh2W4NUMDNCwc2h9C4aTbvEOtty8pKlLNkkF/2kajv1w4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=sbiu4tt9; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="sbiu4tt9" Received: by smtp.kernel.org (Postfix) with ESMTPS id 538FFC2BCB8; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=SAmPYY8ikK4ezlQwpFa0qJSjGj7Hehm7adP1PCdg64M=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=sbiu4tt9r3333B2m0VI4lNS1EPVTgi1gSvQG257nZ0yeOBC04OLCI7S8P1OKje+KO OOI8LK2gNImg+0V2pPVZsRqr614T7l8D64kUrbZ164sgfOCdjhdLJdzlLJ0zhlfgLt L9+yfg86gwoyUrUXj+spY2zQNgjD7y7+IVm5gfJ7vKOpnO+Fx4m7wJzln6xfV81pd7 ff7ZZczkzB45dnDbShWr28sTNyJtDAwBxaOfswmWlD+0lWWgY/nY5ya9rokXj5AEle zR34Acdgw1V7LCYve3zsXffG+mqNYAVkUWoxQ1W/7GEZzluPLgfAYuWMuajrl6Ehnw yVraDDJW9ePEg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AA54FF8877; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:43 -0700 Subject: [PATCH RFC v5 48/53] KVM: selftests: Check fd/flags provided to mmap() when setting up memslot Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-48-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1296; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=IxI4eTFElDaAEgNuCkIQkVDl6ebpJJNnDFRZJGqwXQw=; b=WwmI5IeOHhkqMGZ/qG56oUC8AyqB97cuGsLr6zsOzEnvokGwUPESMchcaDt2kB3vL7wLTuZ9f DlnHwXKVjgEANKol0SPOqnV8OKYSDjJDIZc+57uveI/Ja+R6yt668Wm X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Check that a valid fd provided to mmap() must be accompanied by MAP_SHARED. With an invalid fd (usually used for anonymous mappings), there are no constraints on mmap() flags. Add this check to make sure that when a guest_memfd is used as region->fd, the flag provided to mmap() will include MAP_SHARED. Signed-off-by: Sean Christopherson [Rephrase assertion message.] Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/lib/kvm_util.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 12e031a8fc20d..29b3f4e9fb4a7 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1088,6 +1088,9 @@ void vm_mem_add(struct kvm_vm *vm, enum vm_mem_backin= g_src_type src_type, src_type =3D=3D VM_MEM_SRC_SHARED_HUGETLB); } =20 + TEST_ASSERT(region->fd =3D=3D -1 || backing_src_is_shared(src_type), + "A valid fd provided to mmap() must be accompanied by MAP_SHARED."); + region->mmap_start =3D __kvm_mmap(region->mmap_size, PROT_READ | PROT_WRI= TE, vm_mem_backing_src_alias(src_type)->flag, region->fd, mmap_offset); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8FDFB3D9051; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=d5JOZAbGjTj2pPC6GaP3jylYIRaWUgyL4z1dBbTMApnvS3CS1w1wgeEDu0OxBjGdg1JK/WmXQawF9RPFinft78srwSJ+bH93AKaVKN3FrW9WI/shNNpmajVDb2mzR5iiCvPVjMyVEwon34i7YBniFDFfUamDlQ6noRAwKSmGBmo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=77AfCyy0TZKZY8M+m/fRDXWBuiG8frWm/87F2tNKLKU=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=Gpt8nWGUnMUycHTf5sZP00zIkwYqTyhcftWhWfc8I6SwNZdPcG4cn4k5NIKJaTGMN1qYodBje/vxHbPYEE2P9XTpRd+Isdv0ila952ajIsz4DAkIudfCxZH3h2WDEm44tjwgRy6r29X2K5bAWHYBeXryLVTiQWt4f+QU/GgdGr8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=V4vK3oO7; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="V4vK3oO7" Received: by smtp.kernel.org (Postfix) with ESMTPS id 67221C2BCF4; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=77AfCyy0TZKZY8M+m/fRDXWBuiG8frWm/87F2tNKLKU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=V4vK3oO7RZ8jWuVqNxCJtfzBIxG/R2HLeirUs3CLmcnHv1X9IOMHxf4kDdf2GuXva rxQpgkML9qbn4RnJ+4CshDhGBWO/GJYRX3GLkagI3BmRBFK301S5kP4u1a0U2gsxsc lamT7spts5F9EofouwKNOuFiztv4vo6ZniOlUkiDx1lx8lMByB8aOzmDANxOvRW2l8 YVma+UnjjdFwjacCIpagTYwZdj4bNKpKX1fgXIV4MElAuLkCDTKkL0OChyr0CkvcK1 AXrYN9R3oWKBf+HnvjQCU4mq3TBLN09EvcIGWSXOhIyhAwAoiMoof2821G44rksz93 44WbRxAJd8K7Q== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CAA6FF887E; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:44 -0700 Subject: [PATCH RFC v5 49/53] KVM: selftests: Make TEST_EXPECT_SIGBUS thread-safe Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-49-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5282; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=0FRAfF/jF5XXL7xhsrzKptfhFbdK2TYEtnUzquHFP9I=; b=qB3KieSgkAM8PqZhU/SxTptXaG604bVeELOKgLnMk0D44YFLH7hxE/g/9rLtr6RzQc1o9AIji Nnjk8PoXK40B4kU/M3q2Rau4Wd7tkPFGg+1iSJJ3/lZUn81V9Jpmdxb X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng The TEST_EXPECT_SIGBUS macro is not thread-safe as it uses a global sigjmp_buf and installs a global SIGBUS signal handler. If multiple threads execute the macro concurrently, they will race on installing the signal handler and stomp on other threads' jump buffers, leading to incorrect test behavior. Make TEST_EXPECT_SIGBUS thread-safe with the following changes: Share the KVM tests' global signal handler. sigaction() applies to all threads; without sharing a global signal handler, one thread may have removed the signal handler that another thread added, hence leading to unexpected signals. The alternative of layering signal handlers was considered, but calling sigaction() within TEST_EXPECT_SIGBUS() necessarily creates a race. To avoid adding new setup and teardown routines to do sigaction() and keep usage of TEST_EXPECT_SIGBUS() simple, share the KVM tests' global signal handler. Opportunistically rename report_unexpected_signal to catchall_signal_handler. To continue to only expect SIGBUS within specific regions of code, use a thread-specific variable, expecting_sigbus, to replace installing and removing signal handlers. Make the execution environment for the thread, sigjmp_buf, a thread-specific variable. As part of TEST_EXPECT_SIGBUS(), assert the prerequisite for this setup, that the current signal handler is the catchall_signal_handler. Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/include/test_util.h | 32 +++++++++++++--------= ---- tools/testing/selftests/kvm/lib/kvm_util.c | 18 ++++++++++---- tools/testing/selftests/kvm/lib/test_util.c | 7 ------ 3 files changed, 30 insertions(+), 27 deletions(-) diff --git a/tools/testing/selftests/kvm/include/test_util.h b/tools/testin= g/selftests/kvm/include/test_util.h index c280c3233f502..6907b99fe564b 100644 --- a/tools/testing/selftests/kvm/include/test_util.h +++ b/tools/testing/selftests/kvm/include/test_util.h @@ -82,21 +82,23 @@ do { \ __builtin_unreachable(); \ } while (0) =20 -extern sigjmp_buf expect_sigbus_jmpbuf; -void expect_sigbus_handler(int signum); - -#define TEST_EXPECT_SIGBUS(action) \ -do { \ - struct sigaction sa_old, sa_new =3D { \ - .sa_handler =3D expect_sigbus_handler, \ - }; \ - \ - sigaction(SIGBUS, &sa_new, &sa_old); \ - if (sigsetjmp(expect_sigbus_jmpbuf, 1) =3D=3D 0) { \ - action; \ - TEST_FAIL("'%s' should have triggered SIGBUS", #action); \ - } \ - sigaction(SIGBUS, &sa_old, NULL); \ +extern __thread sigjmp_buf expect_sigbus_jmpbuf; +extern __thread volatile sig_atomic_t expecting_sigbus; +extern void catchall_signal_handler(int signum); + +#define TEST_EXPECT_SIGBUS(action) \ +do { \ + struct sigaction sa =3D {}; \ + \ + TEST_ASSERT_EQ(sigaction(SIGBUS, NULL, &sa), 0); \ + TEST_ASSERT_EQ(sa.sa_handler, &catchall_signal_handler); \ + \ + expecting_sigbus =3D true; \ + if (sigsetjmp(expect_sigbus_jmpbuf, 1) =3D=3D 0) { \ + action; \ + TEST_FAIL("'%s' should have triggered SIGBUS", #action);\ + } \ + expecting_sigbus =3D false; \ } while (0) =20 size_t parse_size(const char *size); diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index 29b3f4e9fb4a7..216d6e037153c 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -2269,13 +2269,20 @@ __weak void kvm_selftest_arch_init(void) { } =20 -static void report_unexpected_signal(int signum) +__thread sigjmp_buf expect_sigbus_jmpbuf; +__thread volatile sig_atomic_t expecting_sigbus; + +void catchall_signal_handler(int signum) { + switch (signum) { + case SIGBUS: { + if (expecting_sigbus) + siglongjmp(expect_sigbus_jmpbuf, 1); + + TEST_FAIL("Unexpected SIGBUS (%d)\n", signum); + } #define KVM_CASE_SIGNUM(sig) \ case sig: TEST_FAIL("Unexpected " #sig " (%d)\n", signum) - - switch (signum) { - KVM_CASE_SIGNUM(SIGBUS); KVM_CASE_SIGNUM(SIGSEGV); KVM_CASE_SIGNUM(SIGILL); KVM_CASE_SIGNUM(SIGFPE); @@ -2287,12 +2294,13 @@ static void report_unexpected_signal(int signum) void __attribute((constructor)) kvm_selftest_init(void) { struct sigaction sig_sa =3D { - .sa_handler =3D report_unexpected_signal, + .sa_handler =3D catchall_signal_handler, }; =20 /* Tell stdout not to buffer its content. */ setbuf(stdout, NULL); =20 + expecting_sigbus =3D false; sigaction(SIGBUS, &sig_sa, NULL); sigaction(SIGSEGV, &sig_sa, NULL); sigaction(SIGILL, &sig_sa, NULL); diff --git a/tools/testing/selftests/kvm/lib/test_util.c b/tools/testing/se= lftests/kvm/lib/test_util.c index bab1bd2b775b6..30eb701e4becd 100644 --- a/tools/testing/selftests/kvm/lib/test_util.c +++ b/tools/testing/selftests/kvm/lib/test_util.c @@ -18,13 +18,6 @@ =20 #include "test_util.h" =20 -sigjmp_buf expect_sigbus_jmpbuf; - -void __attribute__((used)) expect_sigbus_handler(int signum) -{ - siglongjmp(expect_sigbus_jmpbuf, 1); -} - /* * Random number generator that is usable from guest code. This is the * Park-Miller LCG using standard constants. --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A24C03D9DD1; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=t9nEGZ9As2xXarB0J36zsQzHx0NumMQAnaWj99TSsbuk7kwOZ+sCjhWaZGT8guE16TEzaW5GnFBZsAIexVp8x7mfJ5cuwq+GGHmYHfHt1tm3ZjXdhTORFHJaog3byC7QxVZKTjXoEtco55maS2+KdLyk/j3QOXnSOHdcudeIkO4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=QOGgIebHJ3oA3+irXcl9BGohiofC0zjPb2yCAcdjnIs=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=t/wtiVRGQX1RcuFqPWawq/erAu7H93tRfDZsqnLg6HGjkRgKBgYUskw5IYeZUUl9nouuOMq+gb2JMoh3QB8j/hFSrtXc3WT/wbbZDL7tSmzibPcKSPY3yyLeoA7xxDZSNykhVRBLdlnrclPIMEm2VbRfZZPvNUeihQm+DlpMEec= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=o4902lTI; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="o4902lTI" Received: by smtp.kernel.org (Postfix) with ESMTPS id 7B689C2BCC7; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=QOGgIebHJ3oA3+irXcl9BGohiofC0zjPb2yCAcdjnIs=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=o4902lTIWzSn6RzsWqcaiQDbh2wnM0mdoLAb88h3ELQ7OieeKgo7+GMVVdvUqiV0J w0/uZkJXzZoMnkIpOi0Pmzx4qtKhrHkT2CSL67nxORoT+5SLewiI6Mmv0Hmp3+x4c6 /kVa7kB9ocNok0mYRG+Yzd8R5z/te9/PFUYl0usHbWBdGPIhvuYtMRw/ISNZwcUlB7 vT4po+oUH4joJO0bZKQrfD6ObATcLYarBEVojSqs9Haw2AQcyx7QWvGdlgj2sxszyz MLyrXIgcQfxjdrxM81od9at/yoXpiDuImpj0Vz7Rf3Qy0RN6DilEkF6AqVVWwITO7d 1N0z314mgkPqw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 706D0FF8877; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:45 -0700 Subject: [PATCH RFC v5 50/53] KVM: selftests: Update private_mem_conversions_test to mmap() guest_memfd Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-50-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=5312; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=bwPTkwZvDxfUUFYwlpNeKbRuK99+tHHLhQpgIWpmwPw=; b=28SKjyLa2IUqWFkTFjnKcnXy6T655u38NWUOOjx5dHDE7NQ0XXqy7HzAEe1gatNHcYlDdkdLP iBUvyWpIELZDJMKOlTTxgvHdfQJaPjRG4mNsaWlhLHBlWjYGDHA1rYg X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Update the private memory conversions selftest to also test conversions that are done "in-place" via per-guest_memfd memory attributes. In-place conversions require the host to be able to mmap() the guest_memfd so that the host and guest can share the same backing physical memory. This includes several updates, that are conditioned on the system supporting per-guest_memfd attributes (kvm_has_gmem_attributes): 1. Set up guest_memfd requesting MMAP and INIT_SHARED. 2. With in-place conversions, the host's mapping points directly to the guest's memory. When the guest converts a region to private, host access to that region is blocked. Update the test to expect a SIGBUS when attempting to access the host virtual address (HVA) of private memory. 3. Use vm_mem_set_memory_attributes(), which chooses how to set memory attributes based on whether kvm_has_gmem_attributes. Restrict the test to using VM_MEM_SRC_SHMEM because guest_memfd's required mmap() flags and page sizes happens to align with those of VM_MEM_SRC_SHMEM. As long as VM_MEM_SRC_SHMEM is used for src_type, vm_mem_add() works as intended. Signed-off-by: Ackerley Tng Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- .../kvm/x86/private_mem_conversions_test.c | 46 ++++++++++++++++++= ---- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c= b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c index 289ad10063fca..14a25609a8a35 100644 --- a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c +++ b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.c @@ -306,9 +306,14 @@ static void handle_exit_hypercall(struct kvm_vcpu *vcp= u) if (do_fallocate) vm_guest_mem_fallocate(vm, gpa, size, map_shared); =20 - if (set_attributes) - vm_set_memory_attributes(vm, gpa, size, - map_shared ? 0 : KVM_MEMORY_ATTRIBUTE_PRIVATE); + if (set_attributes) { + u64 attrs =3D map_shared ? 0 : KVM_MEMORY_ATTRIBUTE_PRIVATE; + u64 flags =3D kvm_has_gmem_attributes ? + KVM_SET_MEMORY_ATTRIBUTES2_PRESERVE : 0; + + vm_mem_set_memory_attributes(vm, gpa, size, attrs, flags); + } + run->hypercall.ret =3D 0; } =20 @@ -352,8 +357,20 @@ static void *__test_mem_conversions(void *__vcpu) size_t nr_bytes =3D min_t(size_t, vm->page_size, size - i); u8 *hva =3D addr_gpa2hva(vm, gpa + i); =20 - /* In all cases, the host should observe the shared data. */ - memcmp_h(hva, gpa + i, uc.args[3], nr_bytes); + /* + * When using per-guest_memfd memory attributes, + * i.e. in-place conversion, host accesses will + * point at guest memory and should SIGBUS when + * guest memory is private. When using per-VM + * attributes, i.e. separate backing for shared + * vs. private, the host should always observe + * the shared data. + */ + if (kvm_has_gmem_attributes && + uc.args[0] =3D=3D SYNC_PRIVATE) + TEST_EXPECT_SIGBUS(READ_ONCE(*hva)); + else + memcmp_h(hva, gpa + i, uc.args[3], nr_bytes); =20 /* For shared, write the new pattern to guest memory. */ if (uc.args[0] =3D=3D SYNC_SHARED) @@ -382,6 +399,7 @@ static void test_mem_conversions(enum vm_mem_backing_sr= c_type src_type, u32 nr_v const size_t slot_size =3D memfd_size / nr_memslots; struct kvm_vcpu *vcpus[KVM_MAX_VCPUS]; pthread_t threads[KVM_MAX_VCPUS]; + u64 gmem_flags; struct kvm_vm *vm; int memfd, i; =20 @@ -397,12 +415,17 @@ static void test_mem_conversions(enum vm_mem_backing_= src_type src_type, u32 nr_v =20 vm_enable_cap(vm, KVM_CAP_EXIT_HYPERCALL, (1 << KVM_HC_MAP_GPA_RANGE)); =20 - memfd =3D vm_create_guest_memfd(vm, memfd_size, 0); + if (kvm_has_gmem_attributes) + gmem_flags =3D GUEST_MEMFD_FLAG_MMAP | GUEST_MEMFD_FLAG_INIT_SHARED; + else + gmem_flags =3D 0; + + memfd =3D vm_create_guest_memfd(vm, memfd_size, gmem_flags); =20 for (i =3D 0; i < nr_memslots; i++) vm_mem_add(vm, src_type, BASE_DATA_GPA + slot_size * i, BASE_DATA_SLOT + i, slot_size / vm->page_size, - KVM_MEM_GUEST_MEMFD, memfd, slot_size * i, 0); + KVM_MEM_GUEST_MEMFD, memfd, slot_size * i, gmem_flags); =20 for (i =3D 0; i < nr_vcpus; i++) { gpa_t gpa =3D BASE_DATA_GPA + i * per_cpu_size; @@ -452,17 +475,24 @@ static void usage(const char *cmd) =20 int main(int argc, char *argv[]) { - enum vm_mem_backing_src_type src_type =3D DEFAULT_VM_MEM_SRC; + enum vm_mem_backing_src_type src_type; u32 nr_memslots =3D 1; u32 nr_vcpus =3D 1; int opt; =20 TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SW_PROTECTED_V= M)); =20 + src_type =3D kvm_has_gmem_attributes ? VM_MEM_SRC_SHMEM : + DEFAULT_VM_MEM_SRC; + while ((opt =3D getopt(argc, argv, "hm:s:n:")) !=3D -1) { switch (opt) { case 's': src_type =3D parse_backing_src_type(optarg); + TEST_ASSERT(!kvm_has_gmem_attributes || + src_type =3D=3D VM_MEM_SRC_SHMEM, + "Testing in-place conversions, only %s mem_type supported\n", + vm_mem_backing_src_alias(VM_MEM_SRC_SHMEM)->name); break; case 'n': nr_vcpus =3D atoi_positive("nr_vcpus", optarg); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B06703DA5C6; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=kJh6iF0Lwgyp/2Ep4xZLUXUsiNgIQ2OpG+ZNZu87ODGds4lx+Q2rDWdr5QPNvUfvzwc6fzHc5i+wlEJ+nrSmrJMH0BaAWw/2mb5Xhm/ampzYzcGDFqO5UXS6C8ZNxKDD/Xz9ZNPyRCLb/MnlAuHjF3B2uumc7K9hsU/F4AsI6bs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=s28QTqIblc5Y6DOdmxWa5Scmu3ZH/aC9hwSZ3ST+PkY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=MPQq9kRCnj5eu+19SkgW8OHTxbF2d015hzbEEsjsFfhtuNuUPa6r93I9V8HAqFa9qxb4RjMNoC6vTA2PYS6lhFoWSjMZfJXaj4o5h6sVY1Lyb7LUesou34w6zDyjD26mNsAP+l1G6V3fZidzMbpBvCZoxkUwdEZn3rnoTkqZaeE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=noo4TLAf; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="noo4TLAf" Received: by smtp.kernel.org (Postfix) with ESMTPS id 8DFD3C2BCC6; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=s28QTqIblc5Y6DOdmxWa5Scmu3ZH/aC9hwSZ3ST+PkY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=noo4TLAfYGVn2TdZFH+1oxxqJJRgkkIzzYpldDBDPhJknpFUijTpoRaBt8WRiv36D Rl6W5sjnTivNAZizlQLX4Ff1VBScymcSazRyBrqBov74Exmf9Dnuh+Z4sr7sN+C8sH JanfejjzlxV+Sxb/QDbSvCC85bQ8spQhZtasMIKK4k54YxUg+I9gPPhB9tCSxk4xGs 3YZC2SQmJkmkRib5xmnUvgBqQMeKJyWHh7nFwijdcRTAXKQJ/JkzhN7n4d8Yz5Qbtd /rVfRzD8kY3rqPb3gTs2pw5mrzhNsM/pBCaUqYf5rEOoLmxtvAMFLFcsAr4W430CFN uc+24+5Yece4w== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84BF0FF8875; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:46 -0700 Subject: [PATCH RFC v5 51/53] KVM: selftests: Add script to exercise private_mem_conversions_test Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-51-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=7318; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=MBmNVOtEFn3UaImA75kYfBAiVir6jH2f8GzDHzl7Zt8=; b=0iOJ6VGmoBLqpQ1pPp+dpNPbACMnUFr9SD0B5sUGRZ8aKHFijYWm7jBjFnEDT1q7AJ+9JSfcy EvL4LphHVCDCQvMMY+NBgmzT+xok7rkOgdDtFefSxqe7FZaI2rnX9S1 X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Ackerley Tng Add a wrapper script to simplify running the private_mem_conversions_test with a variety of configurations. Manually invoking the test for all supported memory backing source types is tedious. The script automatically detects the availability of 2MB and 1GB hugepages and builds a list of source types to test. It then iterates through the list, running the test for each type with both a single memslot and multiple memslots. This makes it easier to get comprehensive test coverage across different memory configurations. Add and use a helper program in C to be able to read KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES as defined in header files and then issue the ioctl to read the KVM CAP. Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/Makefile.kvm | 4 + .../selftests/kvm/kvm_has_gmem_attributes.c | 17 +++ .../kvm/x86/private_mem_conversions_test.sh | 128 +++++++++++++++++= ++++ 3 files changed, 149 insertions(+) diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 6232881be500a..e5769268936a7 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -54,6 +54,7 @@ LIBKVM_loongarch +=3D lib/loongarch/exception.S =20 # Non-compiled test targets TEST_PROGS_x86 +=3D x86/nx_huge_pages_test.sh +TEST_PROGS_x86 +=3D x86/private_mem_conversions_test.sh =20 # Compiled test targets valid on all architectures with libkvm support TEST_GEN_PROGS_COMMON =3D demand_paging_test @@ -67,6 +68,8 @@ TEST_GEN_PROGS_COMMON +=3D set_memory_region_test TEST_GEN_PROGS_COMMON +=3D memslot_modification_stress_test TEST_GEN_PROGS_COMMON +=3D memslot_perf_test =20 +TEST_GEN_PROGS_EXTENDED_COMMON +=3D kvm_has_gmem_attributes + # Compiled test targets TEST_GEN_PROGS_x86 =3D $(TEST_GEN_PROGS_COMMON) TEST_GEN_PROGS_x86 +=3D x86/cpuid_test @@ -245,6 +248,7 @@ SPLIT_TESTS +=3D get-reg-list =20 TEST_PROGS +=3D $(TEST_PROGS_$(ARCH)) TEST_GEN_PROGS +=3D $(TEST_GEN_PROGS_$(ARCH)) +TEST_GEN_PROGS_EXTENDED +=3D $(TEST_GEN_PROGS_EXTENDED_COMMON) TEST_GEN_PROGS_EXTENDED +=3D $(TEST_GEN_PROGS_EXTENDED_$(ARCH)) LIBKVM +=3D $(LIBKVM_$(ARCH)) =20 diff --git a/tools/testing/selftests/kvm/kvm_has_gmem_attributes.c b/tools/= testing/selftests/kvm/kvm_has_gmem_attributes.c new file mode 100644 index 0000000000000..4f361349412fb --- /dev/null +++ b/tools/testing/selftests/kvm/kvm_has_gmem_attributes.c @@ -0,0 +1,17 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Utility to check if KVM supports guest_memfd attributes. + * + * Copyright (C) 2025, Google LLC. + */ + +#include + +#include "kvm_util.h" + +int main(void) +{ + printf("%u\n", kvm_check_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES) > 0); + + return 0; +} diff --git a/tools/testing/selftests/kvm/x86/private_mem_conversions_test.s= h b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.sh new file mode 100755 index 0000000000000..7179a4fcdd498 --- /dev/null +++ b/tools/testing/selftests/kvm/x86/private_mem_conversions_test.sh @@ -0,0 +1,128 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only +# +# Wrapper script which runs different test setups of +# private_mem_conversions_test. +# +# Copyright (C) 2025, Google LLC. + +NUM_VCPUS_TO_TEST=3D4 +NUM_MEMSLOTS_TO_TEST=3D$NUM_VCPUS_TO_TEST + +# Required pages are based on the test setup in the C code. +REQUIRED_NUM_2M_HUGEPAGES=3D$((1024 * NUM_VCPUS_TO_TEST)) +REQUIRED_NUM_1G_HUGEPAGES=3D$((2 * NUM_VCPUS_TO_TEST)) + +get_hugepage_count() { + local page_size_kb=3D$1 + local path=3D"/sys/kernel/mm/hugepages/hugepages-${page_size_kb}kB/nr_= hugepages" + if [ -f "$path" ]; then + cat "$path" + else + echo 0 + fi +} + +get_default_hugepage_size_in_kb() { + local size=3D$(grep "Hugepagesize:" /proc/meminfo | awk '{print $2}') + echo "$size" +} + +run_tests() { + local executable_path=3D$1 + local src_type=3D$2 + local num_memslots=3D$3 + local num_vcpus=3D$4 + + echo "$executable_path -s $src_type -m $num_memslots -n $num_vcpus" + "$executable_path" -s "$src_type" -m "$num_memslots" -n "$num_vcpus" +} + +script_dir=3D$(dirname "$(realpath "$0")") +test_executable=3D"${script_dir}/private_mem_conversions_test" +kvm_has_gmem_attributes_tool=3D"${script_dir}/../kvm_has_gmem_attributes" + +if [ ! -f "$test_executable" ]; then + echo "Error: Test executable not found at '$test_executable'" >&2 + exit 1 +fi + +if [ ! -f "$kvm_has_gmem_attributes_tool" ]; then + echo "Error: kvm_has_gmem_attributes utility not found at '$kvm_has_gm= em_attributes_tool'" >&2 + exit 1 +fi + +kvm_has_gmem_attributes=3D$("$kvm_has_gmem_attributes_tool" | tail -n1) + +if [ "$kvm_has_gmem_attributes" -eq 1 ]; then + backing_src_types=3D("shmem") +else + hugepage_2mb_count=3D$(get_hugepage_count 2048) + hugepage_2mb_enabled=3D$((hugepage_2mb_count >=3D REQUIRED_NUM_2M_HUGE= PAGES)) + hugepage_1gb_count=3D$(get_hugepage_count 1048576) + hugepage_1gb_enabled=3D$((hugepage_1gb_count >=3D REQUIRED_NUM_1G_HUGE= PAGES)) + + default_hugepage_size_kb=3D$(get_default_hugepage_size_in_kb) + hugepage_default_enabled=3D0 + if [ "$default_hugepage_size_kb" -eq 2048 ]; then + hugepage_default_enabled=3D$hugepage_2mb_enabled + elif [ "$default_hugepage_size_kb" -eq 1048576 ]; then + hugepage_default_enabled=3D$hugepage_1gb_enabled + fi + + backing_src_types=3D("anonymous" "anonymous_thp") + + if [ "$hugepage_default_enabled" -eq 1 ]; then + backing_src_types+=3D("anonymous_hugetlb") + else + echo "skipping anonymous_hugetlb backing source type" + fi + + if [ "$hugepage_2mb_enabled" -eq 1 ]; then + backing_src_types+=3D("anonymous_hugetlb_2mb") + else + echo "skipping anonymous_hugetlb_2mb backing source type" + fi + + if [ "$hugepage_1gb_enabled" -eq 1 ]; then + backing_src_types+=3D("anonymous_hugetlb_1gb") + else + echo "skipping anonymous_hugetlb_1gb backing source type" + fi + + backing_src_types+=3D("shmem") + + if [ "$hugepage_default_enabled" -eq 1 ]; then + backing_src_types+=3D("shared_hugetlb") + else + echo "skipping shared_hugetlb backing source type" + fi +fi + +return_code=3D0 +for i in "${!backing_src_types[@]}"; do + src_type=3D${backing_src_types[$i]} + if [ "$i" -gt 0 ]; then + echo + fi + + if ! run_tests "$test_executable" "$src_type" 1 1; then + return_code=3D$? + echo "Test failed for source type '$src_type'. Arguments: -s $src_= type -m 1 -n 1" >&2 + break + fi + + if ! run_tests "$test_executable" "$src_type" 1 "$NUM_VCPUS_TO_TEST"; = then + return_code=3D$? + echo "Test failed for source type '$src_type'. Arguments: -s $src_= type -m 1 -n $NUM_VCPUS_TO_TEST" >&2 + break + fi + + if ! run_tests "$test_executable" "$src_type" "$NUM_MEMSLOTS_TO_TEST" = "$NUM_VCPUS_TO_TEST"; then + return_code=3D$? + echo "Test failed for source type '$src_type'. Arguments: -s $src_= type -m $NUM_MEMSLOTS_TO_TEST -n $NUM_VCPUS_TO_TEST" >&2 + break + fi +done + +exit "$return_code" --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD1073DBD74; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=JYkMOP6U/T93G1tR1oOLDCpOuYUn/nwulxGah7pOXdLVMPiqP+dLlHG3KyF2VJwyoKY+5XX8Tmv0sUwrszaMCNctqath+nKS1ob7UhbYBBp5J6Rx73bw/ncXBHdgSSKf7L3tcUCwALDm/DnOoyN6hbxSY/D4DvsBGy39lBm2M84= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=1pO/RwNh5wQk+ZD1fBh8GeZ3xS7KCNyMnhgrVWmKjmA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hl6BiIOVZJoI0i/41xq1LU2/NNm3z+SliHcwTKGknH0hI2J9yirRYzgP3zOSn1tb30wNPqQvFSgdPqv8hGOpC18FZfraeRd9hiEaoTxMdioxWWHntq2pJpsqDFdd/ZigS5VQ0BvdG4DugxjB6IzFpctacxdP2kCmrx/26P7yPXY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lJ8G/bxG; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lJ8G/bxG" Received: by smtp.kernel.org (Postfix) with ESMTPS id A1828C2BCFA; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=1pO/RwNh5wQk+ZD1fBh8GeZ3xS7KCNyMnhgrVWmKjmA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=lJ8G/bxGMXtsy6qw6slVl66aTE5rar9RS9YRdS+nkDhAJz9lR464fV7FoVhKj7fvV wva1Domejffnb8zLs+JXEPfyTN8bv+XCF/eYrTtjSjaNXvw4tIlEOCwHhC2E6faDAw MSR9ETiv/D8nQK8wm000gzKkjFQnMhs5rYdWoiWCDNe79O3WyWs9iR7O+gocpqQkEg oyQ1WxK0RsU+1+JScpNgw+h1jGtOoodTMG+vDuVHUJPFqT1tBzCqdMAHJ2a8WmFn7m IGEwGrs82VDZB7KpCicPSxXqeqcbWhLVM4LEr40MHLxEMV+ppsWkRT67glQbP1qhel iLG6lwTQEyVzg== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97965CCF9E3; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:47 -0700 Subject: [PATCH RFC v5 52/53] KVM: selftests: Update pre-fault test to work with per-guest_memfd attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-52-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=1278; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=KB4IvfKWRwfFkGKiLiHfBqqzvyesxU1uqyWNUwL9kS0=; b=VVjhgfPquk64xczj3ZQLm8Vp5HQ7/Qfqw5eSlPrR4TxDyAPdMjJw7EUrKTN/v8GzsZdZ0LfEq mlypjrBZuRIAFMpNquDNHC/yzj95hd4pTNKOE17WZgH6fbVQ0n2fESs X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Skip setting memory to private in the pre-fault memory test when using per-gmem memory attributes, as memory is initialized to private by default for guest_memfd, and using vm_mem_set_private() on a guest_memfd instance requires creating guest_memfd with GUEST_MEMFD_FLAG_MMAP (which is totally doable, but would need to be conditional and is ultimately unnecessary). Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- tools/testing/selftests/kvm/pre_fault_memory_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/pre_fault_memory_test.c b/tools/te= sting/selftests/kvm/pre_fault_memory_test.c index 9d16a277696ce..742bbbca9deea 100644 --- a/tools/testing/selftests/kvm/pre_fault_memory_test.c +++ b/tools/testing/selftests/kvm/pre_fault_memory_test.c @@ -183,7 +183,7 @@ static void __test_pre_fault_memory(unsigned long vm_ty= pe, bool private) TEST_NPAGES, private ? KVM_MEM_GUEST_MEMFD : 0); virt_map(vm, gva, gpa, TEST_NPAGES); =20 - if (private) + if (!kvm_has_gmem_attributes && private) vm_mem_set_private(vm, gpa, TEST_SIZE, 0); =20 pre_fault_memory(vcpu, gpa, 0, SZ_2M, 0, private); --=20 2.54.0.545.g6539524ca2-goog From nobody Wed Jun 17 01:33:45 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D2C0B3DD51D; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; cv=none; b=O422MgfcM7yf1Pbi8ijoSK+MCjxNq6YPfXcvN1risUnPFEVj4jRcESGCjACPqTZtl4UfN4TkMLFp5YxdYW8ojobcsYo5vDfqzMnf7HmUi/0WYdvkFUEOlz4b8vRS9hrffVzXMcvP/5bwvfsRcw8PGZDmRyxqBydGnOr2rTajVPg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777418721; c=relaxed/simple; bh=7TWBjI3OxAUYZj+UneVBWzFdFelpn4CAc9Eb9C+VbsA=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=BIrWlr1A7tqA2ViOUSoVIVg9FcLCxuYevv+wt7eoplK5sGjHqjzzUh4RRWM1PhNbc31sjf6Sc54ECaIKGuO+ElAPdfxEZoVE5AOebp12G9wm4PROf6KhTQpxVpx0fbdcF33FfGzxSasdzXewsWjfYxyjsZ1HaMp8AZfYnrSnbZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NkFGQkhT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NkFGQkhT" Received: by smtp.kernel.org (Postfix) with ESMTPS id B69B2C2BCB9; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1777418721; bh=7TWBjI3OxAUYZj+UneVBWzFdFelpn4CAc9Eb9C+VbsA=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=NkFGQkhT4VGQfkjzXNid1heAsxml10L5BGZZ6EOTtuFWApiACZldlDPo1i9hFQ8Dj s/2WVxWfznLYdMaIGRP7KJWYpD6SZXQELk4r7vLy4QR/ghIFLcDNj5jSkEAz43Oufc uxaEaLhew1U/ejPF0jYNy+F76Qc4IyBvXVY/6I6XSL3j5Vm2Gewm5brQMeQB/C/e9Z QthLgB76cMPqq0eeNDD2l2fgLjnk9He6zCTGhrDk6RXGT/LZTN5CwSeqD64RDWCXQ2 FtD3NYPrA0qECScgVdtOQ9aj7a00SxTiRqeTJN6aF+diK2PvaN52csp+D+wtVM0eAL esoiJlXzKZsFA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id AAFE1FF887E; Tue, 28 Apr 2026 23:25:21 +0000 (UTC) From: Ackerley Tng via B4 Relay Date: Tue, 28 Apr 2026 16:25:48 -0700 Subject: [PATCH RFC v5 53/53] KVM: selftests: Update private memory exits test to work with per-gmem attributes Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260428-gmem-inplace-conversion-v5-53-d8608ccfca22@google.com> References: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> In-Reply-To: <20260428-gmem-inplace-conversion-v5-0-d8608ccfca22@google.com> To: aik@amd.com, andrew.jones@linux.dev, binbin.wu@linux.intel.com, brauner@kernel.org, chao.p.peng@linux.intel.com, david@kernel.org, ira.weiny@intel.com, jmattson@google.com, jthoughton@google.com, michael.roth@amd.com, oupton@kernel.org, pankaj.gupta@amd.com, qperret@google.com, rick.p.edgecombe@intel.com, rientjes@google.com, shivankg@amd.com, steven.price@arm.com, tabba@google.com, willy@infradead.org, wyihan@google.com, yan.y.zhao@intel.com, forkloop@google.com, pratyush@kernel.org, suzuki.poulose@arm.com, aneesh.kumar@kernel.org, Paolo Bonzini , Sean Christopherson , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Steven Rostedt , Masami Hiramatsu , Mathieu Desnoyers , Jonathan Corbet , Shuah Khan , Shuah Khan , Vishal Annapurve , Andrew Morton , Chris Li , Kairui Song , Kemeng Shi , Nhat Pham , Baoquan He , Barry Song , Axel Rasmussen , Yuanchu Xie , Wei Xu , Youngjun Park , Qi Zheng , Shakeel Butt , Kiryl Shutsemau , Jason Gunthorpe , Vlastimil Babka Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, Ackerley Tng X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1777418714; l=3778; i=ackerleytng@google.com; s=20260225; h=from:subject:message-id; bh=VPHJK9sWgKRQC1WS9+rcIzMlY5jj2NwY+5XZf3L4tTs=; b=6nli8lXsnVmi7WR7iNKhXLupaTTnxmJDXZhik8mxwv6RIdW10qx4HRVm/Pfug2Ys4bRTDZiE+ 6Pgp4Ftn+SoDVqs3KMzEOlW01gT8LFXXr0g9b7EKS8b4k04bM0TRWQl X-Developer-Key: i=ackerleytng@google.com; a=ed25519; pk=sAZDYXdm6Iz8FHitpHeFlCMXwabodTm7p8/3/8xUxuU= X-Endpoint-Received: by B4 Relay for ackerleytng@google.com/20260225 with auth_id=649 X-Original-From: Ackerley Tng Reply-To: ackerleytng@google.com From: Sean Christopherson Skip setting memory to private in the private memory exits test when using per-gmem memory attributes, as memory is initialized to private by default for guest_memfd, and using vm_mem_set_private() on a guest_memfd instance requires creating guest_memfd with GUEST_MEMFD_FLAG_MMAP (which is totally doable, but would need to be conditional and is ultimately unnecessary). Expect an emulated MMIO instead of a memory fault exit when attributes are per-gmem, as deleting the memslot effectively drops the private status, i.e. the GPA becomes shared and thus supports emulated MMIO. Skip the "memslot not private" test entirely, as private vs. shared state for x86 software-protected VMs comes from the memory attributes themselves, and so when doing in-place conversions there can never be a disconnect between the expected and actual states. Signed-off-by: Sean Christopherson Signed-off-by: Ackerley Tng --- .../selftests/kvm/x86/private_mem_kvm_exits_test.c | 36 ++++++++++++++++++= ---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c b= /tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c index 9309d67841482..0bf115faeb827 100644 --- a/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c +++ b/tools/testing/selftests/kvm/x86/private_mem_kvm_exits_test.c @@ -62,8 +62,9 @@ static void test_private_access_memslot_deleted(void) =20 virt_map(vm, EXITS_TEST_GVA, EXITS_TEST_GPA, EXITS_TEST_NPAGES); =20 - /* Request to access page privately */ - vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE, 0); + /* Request to access page privately. */ + if (!kvm_has_gmem_attributes) + vm_mem_set_private(vm, EXITS_TEST_GPA, EXITS_TEST_SIZE, 0); =20 pthread_create(&vm_thread, NULL, (void *(*)(void *))run_vcpu_get_exit_reason, @@ -74,10 +75,26 @@ static void test_private_access_memslot_deleted(void) pthread_join(vm_thread, &thread_return); exit_reason =3D (u32)(u64)thread_return; =20 - TEST_ASSERT_EQ(exit_reason, KVM_EXIT_MEMORY_FAULT); - TEST_ASSERT_EQ(vcpu->run->memory_fault.flags, KVM_MEMORY_EXIT_FLAG_PRIVAT= E); - TEST_ASSERT_EQ(vcpu->run->memory_fault.gpa, EXITS_TEST_GPA); - TEST_ASSERT_EQ(vcpu->run->memory_fault.size, EXITS_TEST_SIZE); + /* + * If attributes are tracked per-gmem, deleting the memslot that points + * at the gmem instance effectively makes the memory shared, and so the + * read should trigger emulated MMIO. + * + * If attributes are tracked per-VM, deleting the memslot shouldn't + * affect the private attribute, and so KVM should generate a memory + * fault exit (emulated MMIO on private GPAs is disallowed). + */ + if (kvm_has_gmem_attributes) { + TEST_ASSERT_EQ(exit_reason, KVM_EXIT_MMIO); + TEST_ASSERT_EQ(vcpu->run->mmio.phys_addr, EXITS_TEST_GPA); + TEST_ASSERT_EQ(vcpu->run->mmio.len, sizeof(u64)); + TEST_ASSERT_EQ(vcpu->run->mmio.is_write, false); + } else { + TEST_ASSERT_EQ(exit_reason, KVM_EXIT_MEMORY_FAULT); + TEST_ASSERT_EQ(vcpu->run->memory_fault.flags, KVM_MEMORY_EXIT_FLAG_PRIVA= TE); + TEST_ASSERT_EQ(vcpu->run->memory_fault.gpa, EXITS_TEST_GPA); + TEST_ASSERT_EQ(vcpu->run->memory_fault.size, EXITS_TEST_SIZE); + } =20 kvm_vm_free(vm); } @@ -88,6 +105,13 @@ static void test_private_access_memslot_not_private(voi= d) struct kvm_vcpu *vcpu; u32 exit_reason; =20 + /* + * Accessing non-private memory as private with a software-protected VM + * isn't possible when doing in-place conversions. + */ + if (kvm_has_gmem_attributes) + return; + vm =3D vm_create_shape_with_one_vcpu(protected_vm_shape, &vcpu, guest_repeatedly_read); =20 --=20 2.54.0.545.g6539524ca2-goog