Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd

[PATCH v8 0/8] KVM: mm: fd-based approach for supporting KVM · Chao Peng <hidden> · 2022-09-15
[PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · David Hildenbrand <hidden> · 2022-09-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-09-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · "Andy Lutomirski" <luto@kernel.org> · 2022-09-21
RE: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Wang, Wei W <hidden> · 2022-09-22
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-23
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-23
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-09-26
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-26
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-09-27
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-30
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-10-13
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-10-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-10-18
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-09-23
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · David Hildenbrand <hidden> · 2022-09-26
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A. Shutemov <hidden> · 2022-09-26
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · David Hildenbrand <hidden> · 2022-09-26
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-09-27
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A. Shutemov <hidden> · 2022-09-28
RE: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Wang, Wei W <hidden> · 2022-09-22
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-09-22
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-09-23
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-23
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-09-30
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-09-30
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-03
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A. Shutemov <hidden> · 2022-10-03
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-04
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Fuad Tabba <hidden> · 2022-10-06
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A. Shutemov <hidden> · 2022-10-06
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Vlastimil Babka <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Gupta, Pankaj <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-10-17
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Vishal Annapurve <hidden> · 2022-10-18
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-10-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Vishal Annapurve <hidden> · 2022-10-20
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-10-21
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-10-21
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Vishal Annapurve <hidden> · 2022-10-19
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Chao Peng <hidden> · 2022-10-21
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Sean Christopherson <seanjc@google.com> · 2022-10-21
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Kirill A . Shutemov <hidden> · 2022-10-24
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · David Hildenbrand <hidden> · 2022-10-24
Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd · Vishal Annapurve <hidden> · 2022-11-03
[PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Bagas Sanjaya <hidden> · 2022-09-16
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Chao Peng <hidden> · 2022-09-16
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Fuad Tabba <hidden> · 2022-09-26
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Chao Peng <hidden> · 2022-09-26
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Isaku Yamahata <hidden> · 2022-09-29
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Sean Christopherson <seanjc@google.com> · 2022-09-29
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-05
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-05
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Fuad Tabba <hidden> · 2022-10-06
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-06
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-06
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Sean Christopherson <seanjc@google.com> · 2022-10-06
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-07
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Sean Christopherson <seanjc@google.com> · 2022-10-07
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-07
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-08
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-08
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Chao Peng <hidden> · 2022-10-10
Re: [PATCH v8 2/8] KVM: Extend the memslot to support fd-based private memory · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-12
[PATCH v8 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit · Bagas Sanjaya <hidden> · 2022-09-16
Re: [PATCH v8 3/8] KVM: Add KVM_EXIT_MEMORY_FAULT exit · Chao Peng <hidden> · 2022-09-16
[PATCH v8 4/8] KVM: Use gfn instead of hva for mmu_notifier_retry · Chao Peng <hidden> · 2022-09-15
[PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Fuad Tabba <hidden> · 2022-09-26
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Chao Peng <hidden> · 2022-09-26
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Fuad Tabba <hidden> · 2022-10-11
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Chao Peng <hidden> · 2022-10-12
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Fuad Tabba <hidden> · 2022-10-17
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Sean Christopherson <seanjc@google.com> · 2022-10-17
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Chao Peng <hidden> · 2022-10-19
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Fuad Tabba <hidden> · 2022-10-19
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Sean Christopherson <seanjc@google.com> · 2022-10-19
Re: [PATCH v8 5/8] KVM: Register/unregister the guest private memory regions · Fuad Tabba <hidden> · 2022-10-19
[PATCH v8 6/8] KVM: Update lpage info when private/shared memory are mixed · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 6/8] KVM: Update lpage info when private/shared memory are mixed · Isaku Yamahata <hidden> · 2022-09-29
Re: [PATCH v8 6/8] KVM: Update lpage info when private/shared memory are mixed · Chao Peng <hidden> · 2022-09-30
[PATCH v8 7/8] KVM: Handle page fault for private memory · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 7/8] KVM: Handle page fault for private memory · Sean Christopherson <seanjc@google.com> · 2022-10-14
Re: [PATCH v8 7/8] KVM: Handle page fault for private memory · Chao Peng <hidden> · 2022-10-17
[PATCH v8 8/8] KVM: Enable and expose KVM_MEM_PRIVATE · Chao Peng <hidden> · 2022-09-15
Re: [PATCH v8 8/8] KVM: Enable and expose KVM_MEM_PRIVATE · Jarkko Sakkinen <jarkko@kernel.org> · 2022-10-04
Re: [PATCH v8 8/8] KVM: Enable and expose KVM_MEM_PRIVATE · Chao Peng <hidden> · 2022-10-10
Re: [PATCH v8 8/8] KVM: Enable and expose KVM_MEM_PRIVATE · Fuad Tabba <hidden> · 2022-10-06
Re: [PATCH v8 8/8] KVM: Enable and expose KVM_MEM_PRIVATE · Chao Peng <hidden> · 2022-10-10

From: Fuad Tabba <hidden>
Date: 2022-09-23 15:21:17
Also in: kvm, linux-doc, linux-fsdevel, linux-mm, lkml, qemu-devel

Hi,

<...>

quoted

Regarding pKVM's use case, with the shim approach I believe this can be done by
allowing userspace mmap() the "hidden" memfd, but with a ton of restrictions
piled on top.

My first thought was to make the uAPI a set of KVM ioctls so that KVM
could tightly
tightly control usage without taking on too much complexity in the
kernel, but
working through things, routing the behavior through the shim itself
might not be
all that horrific.

IIRC, we discarded the idea of allowing userspace to map the "private"
fd because
things got too complex, but with the shim it doesn't seem _that_ bad.

What's the exact use case?  Is it just to pre-populate the memory?

Prepopulate memory and access memory that could go back and forth from
being shared to being private.

Cheers,
/fuad

quoted

E.g. on the memfd side:

  1. The entire memfd must be mapped, and at most one mapping is allowed, i.e.
     mapping is all or nothing.

  2. Acquiring a reference via get_pfn() is disallowed if there's a mapping for
     the restricted memfd.

  3. Add notifier hooks to allow downstream users to further restrict things.

  4. Disallow splitting VMAs, e.g. to force userspace to munmap() everything in
     one shot.

  5. Require that there are no outstanding references at munmap().  Or if this
     can't be guaranteed by userspace, maybe add some way for userspace to wait
     until it's ok to convert to private?  E.g. so that get_pfn() doesn't need
     to do an expensive check every time.

Hmm.  I haven't looked at the code to see if this would really work, but I think this could be done more in line with how the rest of the kernel works by using the rmap infrastructure.  When the pKVM memfd is in not-yet-private mode, just let it be mmapped as usual (but don't allow any form of GUP or pinning).  Then have an ioctl to switch to to shared mode that takes locks or sets flags so that no new faults can be serviced and does unmap_mapping_range.

As long as the shim arranges to have its own vm_ops, I don't immediately see any reason this can't work.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help