From: Sean Christopherson <seanjc@google.com>
To: Sagi Shahar <sagis@google.com>
Cc: linux-kselftest@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Ackerley Tng <ackerleytng@google.com>,
Ryan Afranji <afranji@google.com>,
Andrew Jones <ajones@ventanamicro.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Roger Wang <runanwang@google.com>,
Binbin Wu <binbin.wu@linux.intel.com>,
Oliver Upton <oliver.upton@linux.dev>,
"Pratik R. Sampat" <pratikrajesh.sampat@amd.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH v8 08/30] KVM: selftests: TDX: Update load_td_memory_region() for VM memory backed by guest memfd
Date: Mon, 11 Aug 2025 13:31:45 -0700 [thread overview]
Message-ID: <aJpTMVV-F0z8iyb4@google.com> (raw)
In-Reply-To: <20250807201628.1185915-9-sagis@google.com>
On Thu, Aug 07, 2025, Sagi Shahar wrote:
> From: Ackerley Tng <ackerleytng@google.com>
>
> If guest memory is backed by restricted memfd
>
> + UPM is being used, hence encrypted memory region has to be
> registered
> + Can avoid making a copy of guest memory before getting TDX to
> initialize the memory region
>
> Signed-off-by: Ackerley Tng <ackerleytng@google.com>
> Signed-off-by: Sagi Shahar <sagis@google.com>
> ---
> .../selftests/kvm/lib/x86/tdx/tdx_util.c | 38 +++++++++++++++----
> 1 file changed, 30 insertions(+), 8 deletions(-)
>
> diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> index bb074af4a476..e2bf9766dc03 100644
> --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> @@ -324,6 +324,21 @@ static void tdx_td_finalize_mr(struct kvm_vm *vm)
> tdx_ioctl(vm->fd, KVM_TDX_FINALIZE_VM, 0, NULL);
> }
>
> +/*
> + * Other ioctls
> + */
> +
> +/*
> + * Register a memory region that may contain encrypted data in KVM.
> + */
Drop these comments.
> +static void register_encrypted_memory_region(struct kvm_vm *vm,
> + struct userspace_mem_region *region)
This is a comically bad helper. Any person that is at all familiar with KVM's
CoCo support, or that simply reads KVM's documentation, will expect this to
invoke KVM_MEMORY_ENCRYPT_REG_REGION. And this is obviously doing much more than
"registering" an encrypted region. Not to mention this helper doesn't need to
exist; it has _one_ caller, and the code is quite self-explanatory.
> +{
> + vm_set_memory_attributes(vm, region->region.guest_phys_addr,
> + region->region.memory_size,
> + KVM_MEMORY_ATTRIBUTE_PRIVATE);
> +}
> +
> /*
> * TD creation/setup/finalization
> */
> @@ -459,28 +474,35 @@ static void load_td_memory_region(struct kvm_vm *vm,
> if (!sparsebit_any_set(pages))
> return;
>
> + if (region->region.guest_memfd != -1)
> + register_encrypted_memory_region(vm, region);
> +
> sparsebit_for_each_set_range(pages, i, j) {
> const uint64_t size_to_load = (j - i + 1) * vm->page_size;
> const uint64_t offset =
> (i - lowest_page_in_region) * vm->page_size;
> const uint64_t hva = hva_base + offset;
> const uint64_t gpa = gpa_base + offset;
> - void *source_addr;
> + void *source_addr = (void *)hva;
>
> /*
> * KVM_TDX_INIT_MEM_REGION ioctl cannot encrypt memory in place.
> * Make a copy if there's only one backing memory source.
> */
> - source_addr = mmap(NULL, size_to_load, PROT_READ | PROT_WRITE,
> - MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> - TEST_ASSERT(source_addr,
> - "Could not allocate memory for loading memory region");
> -
> - memcpy(source_addr, (void *)hva, size_to_load);
> + if (region->region.guest_memfd == -1) {
Oh, here's the "if".
> + source_addr = mmap(NULL, size_to_load, PROT_READ | PROT_WRITE,
> + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> + TEST_ASSERT(source_addr,
> + "Could not allocate memory for loading memory region");
> +
> + memcpy(source_addr, (void *)hva, size_to_load);
> + memset((void *)hva, 0, size_to_load);
> + }
>
> tdx_init_mem_region(vm, source_addr, gpa, size_to_load);
>
> - munmap(source_addr, size_to_load);
> + if (region->region.guest_memfd == -1)
> + munmap(source_addr, size_to_load);
> }
> }
>
> --
> 2.51.0.rc0.155.g4a0f42376b-goog
>
next prev parent reply other threads:[~2025-08-11 20:31 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-07 20:15 [PATCH v8 00/30] TDX KVM selftests Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 01/30] KVM: selftests: Add function to allow one-to-one GVA to GPA mappings Sagi Shahar
2025-08-11 17:49 ` Sean Christopherson
2025-08-15 4:16 ` Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 02/30] KVM: selftests: Expose function that sets up sregs based on VM's mode Sagi Shahar
2025-08-11 18:11 ` Sean Christopherson
2025-08-15 4:24 ` Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 03/30] KVM: selftests: Store initial stack address in struct kvm_vcpu Sagi Shahar
2025-08-11 18:12 ` Sean Christopherson
2025-08-07 20:16 ` [PATCH v8 04/30] KVM: selftests: Add vCPU descriptor table initialization utility Sagi Shahar
2025-08-11 18:25 ` Sean Christopherson
2025-08-15 4:29 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 05/30] KVM: selftests: Update kvm_init_vm_address_properties() for TDX Sagi Shahar
2025-08-11 18:34 ` Sean Christopherson
2025-08-15 4:31 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 06/30] KVM: selftests: Add helper functions to create TDX VMs Sagi Shahar
2025-08-11 20:13 ` Sean Christopherson
2025-08-12 21:05 ` Ira Weiny
2025-08-13 4:22 ` Binbin Wu
2025-08-15 5:20 ` Sagi Shahar
2025-08-16 0:22 ` Sean Christopherson
2025-08-16 0:32 ` Reinette Chatre
2025-08-16 0:28 ` Reinette Chatre
2025-08-13 7:41 ` Binbin Wu
2025-08-15 2:20 ` Chao Gao
2025-08-21 4:08 ` Sagi Shahar
2025-08-14 0:48 ` Edgecombe, Rick P
2025-08-21 4:15 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 07/30] KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration Sagi Shahar
2025-08-13 13:34 ` Chenyi Qiang
2025-08-20 21:18 ` Sagi Shahar
2025-08-20 21:49 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 08/30] KVM: selftests: TDX: Update load_td_memory_region() for VM memory backed by guest memfd Sagi Shahar
2025-08-11 14:19 ` Ira Weiny
2025-08-11 20:31 ` Sean Christopherson [this message]
2025-08-13 9:23 ` Binbin Wu
2025-08-13 14:42 ` Reinette Chatre
2025-08-14 2:49 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 09/30] KVM: selftests: TDX: Add TDX lifecycle test Sagi Shahar
2025-08-13 10:36 ` Binbin Wu
2025-08-21 4:19 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 10/30] KVM: selftests: TDX: Add report_fatal_error test Sagi Shahar
2025-08-13 10:58 ` Binbin Wu
2025-08-14 7:05 ` Binbin Wu
2025-08-25 21:49 ` Sagi Shahar
2025-08-25 21:28 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 11/30] KVM: selftests: TDX: Adding test case for TDX port IO Sagi Shahar
2025-08-14 3:24 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 12/30] KVM: selftests: TDX: Add basic TDX CPUID test Sagi Shahar
2025-08-14 3:20 ` Chenyi Qiang
2025-08-14 6:11 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 13/30] KVM: selftests: TDX: Add basic TDG.VP.VMCALL<GetTdVmCallInfo> test Sagi Shahar
2025-08-14 6:34 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 14/30] KVM: selftests: TDX: Add TDX IO writes test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 15/30] KVM: selftests: TDX: Add TDX IO reads test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 16/30] KVM: selftests: TDX: Add TDX MSR read/write tests Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 17/30] KVM: selftests: TDX: Add TDX HLT exit test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 18/30] KVM: selftests: TDX: Add TDX MMIO reads test Sagi Shahar
2025-08-14 9:58 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 19/30] KVM: selftests: TDX: Add TDX MMIO writes test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 20/30] KVM: selftests: TDX: Add TDX CPUID TDVMCALL test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 21/30] KVM: selftests: TDX: Verify the behavior when host consumes a TD private memory Sagi Shahar
2025-08-11 20:35 ` Sean Christopherson
2025-08-14 11:17 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 22/30] KVM: selftests: TDX: Add TDG.VP.INFO test Sagi Shahar
2025-08-14 9:04 ` Chenyi Qiang
2025-08-14 11:48 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 23/30] KVM: selftests: Add functions to allow mapping as shared Sagi Shahar
2025-08-11 18:49 ` Ira Weiny
2025-08-15 2:37 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 24/30] KVM: selftests: TDX: Add shared memory test Sagi Shahar
2025-08-11 21:06 ` Sean Christopherson
2025-08-07 20:16 ` [PATCH v8 25/30] KVM: selftests: KVM: selftests: Expose new vm_vaddr_alloc_private() Sagi Shahar
2025-08-11 21:07 ` Sean Christopherson
2025-08-15 3:15 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 26/30] KVM: selftests: TDX: Add support for TDG.MEM.PAGE.ACCEPT Sagi Shahar
2025-08-15 5:38 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 27/30] KVM: selftests: TDX: Add support for TDG.VP.VEINFO.GET Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 28/30] KVM: selftests: TDX: Add TDX UPM selftest Sagi Shahar
2025-08-13 16:05 ` Ira Weiny
2025-08-13 17:30 ` Reinette Chatre
2025-08-15 7:03 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 29/30] KVM: selftests: TDX: Add TDX UPM selftests for implicit conversion Sagi Shahar
2025-08-15 7:18 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 30/30] KVM: selftests: TDX: Test LOG_DIRTY_PAGES flag to a non-GUEST_MEMFD memslot Sagi Shahar
2025-08-13 16:10 ` Ira Weiny
2025-08-11 17:38 ` [PATCH v8 00/30] TDX KVM selftests Sean Christopherson
2025-08-11 18:11 ` Edgecombe, Rick P
2025-08-11 20:00 ` Sagi Shahar
2025-08-11 20:53 ` Sean Christopherson
2025-08-15 4:14 ` Sagi Shahar
2025-08-15 22:52 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJpTMVV-F0z8iyb4@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=afranji@google.com \
--cc=ajones@ventanamicro.com \
--cc=binbin.wu@linux.intel.com \
--cc=erdemaktas@google.com \
--cc=ira.weiny@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=pratikrajesh.sampat@amd.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=runanwang@google.com \
--cc=sagis@google.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.