From: Sean Christopherson <seanjc@google.com>
To: Ackerley Tng <ackerleytng@google.com>
Cc: Fuad Tabba <tabba@google.com>,
kvm@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, x86@kernel.org, aik@amd.com,
andrew.jones@linux.dev, binbin.wu@linux.intel.com, bp@alien8.de,
brauner@kernel.org, chao.p.peng@intel.com,
chao.p.peng@linux.intel.com, chenhuacai@kernel.org,
corbet@lwn.net, dave.hansen@linux.intel.com, david@kernel.org,
hpa@zytor.com, ira.weiny@intel.com, jgg@nvidia.com,
jmattson@google.com, jroedel@suse.de, jthoughton@google.com,
maobibo@loongson.cn, mathieu.desnoyers@efficios.com,
maz@kernel.org, mhiramat@kernel.org, michael.roth@amd.com,
mingo@redhat.com, mlevitsk@redhat.com, oupton@kernel.org,
pankaj.gupta@amd.com, pbonzini@redhat.com, prsampat@amd.com,
qperret@google.com, ricarkol@google.com,
rick.p.edgecombe@intel.com, rientjes@google.com,
rostedt@goodmis.org, shivankg@amd.com, shuah@kernel.org,
steven.price@arm.com, tglx@linutronix.de, vannapurve@google.com,
vbabka@suse.cz, willy@infradead.org, wyihan@google.com,
yan.y.zhao@intel.com
Subject: Re: [RFC PATCH v2 09/37] KVM: guest_memfd: Add support for KVM_SET_MEMORY_ATTRIBUTES2
Date: Thu, 12 Mar 2026 17:36:34 -0700 [thread overview]
Message-ID: <abNcEkNseDEBIhop@google.com> (raw)
In-Reply-To: <CAEvNRgFUc+9xCoN9Yo5NThHrvbccWAhPwp9nNM2fvx7QqrcJsg@mail.gmail.com>
On Thu, Mar 12, 2026, Ackerley Tng wrote:
> Sean Christopherson <seanjc@google.com> writes:
>
> > On Thu, Mar 12, 2026, Fuad Tabba wrote:
> >> Hi Ackerley,
> >>
> >> Before getting into the UAPI semantics, thank you for all the heavy
> >> lifting you've done here. Figuring out how to make it all work across
> >> the different platforms is not easy :)
> >>
> >> <snip>
> >>
> >> > The policy definitions below provide more details:
> >
> > Please drop "CONTENT_POLICY" from the KVM documentation. From KVM's perspective,
> > these are not "policy", they are purely properties of the underlying memory.
> > Userspace will likely use the attributes to implement policy of some kind, but
> > KVM straight up doesn't care.
>
> Policy might have been the wrong word. I think this is a property of the
> conversion process/request, not a property of the memory like how
> shared/private is a property of the memory?
>
> I'll have to find another word to describe this enum of
Or just don't? I'm 100% serious, because unless we carve out a field _just_ for
these two flags, they're eventually going to get mixed with other stuff. At that
point, having a precisely named enum container just gets in the way.
> I see you dropped any documentation to do with testing.
Yes.
> I meant to document it (at least something about the unspecified case) so it
> can be relied on in selftests, with the understanding (already specified
> elsewhere in Documentation/virt/kvm/api.rst) that nothing about
> KVM_X86_SW_PROTECTED_VM is to be relied on in production, and can be changed
> anytime. What do you think?
KVM_X86_SW_PROTECTED_VM should self-report like all other VM types, and shouldn't
support anything that isn't documented as possible. I.e. we shouldn't allow
ZERO on shared=>private "for testing".
What I do think we should do is scribble memory on conversions without ZERO or
PRIVATE, probably guarded by a Kconfig or maybe a module param, to do a best
effort enforcement of the ABI, i.e. to try and prevent userspace from depending
on uarch/vendor specific behavior.
next prev parent reply other threads:[~2026-03-13 0:36 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 22:36 [RFC PATCH v2 00/37] guest_memfd: In-place conversion support Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 01/37] KVM: guest_memfd: Introduce per-gmem attributes, use to guard user mappings Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 02/37] KVM: Rename KVM_GENERIC_MEMORY_ATTRIBUTES to KVM_VM_MEMORY_ATTRIBUTES Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 03/37] KVM: Enumerate support for PRIVATE memory iff kvm_arch_has_private_mem is defined Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 04/37] KVM: Stub in ability to disable per-VM memory attribute tracking Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 05/37] KVM: guest_memfd: Wire up kvm_get_memory_attributes() to per-gmem attributes Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 06/37] KVM: guest_memfd: Update kvm_gmem_populate() to use gmem attributes Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 07/37] KVM: Introduce KVM_SET_MEMORY_ATTRIBUTES2 Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 08/37] KVM: guest_memfd: Enable INIT_SHARED on guest_memfd for x86 Coco VMs Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 09/37] KVM: guest_memfd: Add support for KVM_SET_MEMORY_ATTRIBUTES2 Ackerley Tng
2026-02-14 20:09 ` Ackerley Tng
2026-02-17 23:04 ` Sean Christopherson
2026-02-19 12:43 ` Fuad Tabba
2026-02-24 10:14 ` Ackerley Tng
2026-02-25 11:00 ` Fuad Tabba
2026-02-26 4:16 ` Ackerley Tng
2026-02-26 8:11 ` Fuad Tabba
2026-03-12 5:44 ` Ackerley Tng
2026-03-12 15:12 ` Fuad Tabba
2026-03-12 15:44 ` Sean Christopherson
2026-03-12 21:59 ` Ackerley Tng
2026-03-13 0:36 ` Sean Christopherson [this message]
2026-03-13 8:32 ` Fuad Tabba
2026-03-13 8:31 ` Fuad Tabba
2026-02-02 22:29 ` [RFC PATCH v2 10/37] KVM: guest_memfd: Handle lru_add fbatch refcounts during conversion safety check Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 11/37] KVM: Move KVM_VM_MEMORY_ATTRIBUTES config definition to x86 Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 12/37] KVM: Let userspace disable per-VM mem attributes, enable per-gmem attributes Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 13/37] KVM: selftests: Create gmem fd before "regular" fd when adding memslot Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 14/37] KVM: selftests: Rename guest_memfd{,_offset} to gmem_{fd,offset} Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 15/37] KVM: selftests: Add support for mmap() on guest_memfd in core library Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 16/37] KVM: selftests: Add selftests global for guest memory attributes capability Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 17/37] KVM: selftests: Update framework to use KVM_SET_MEMORY_ATTRIBUTES2 Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 18/37] KVM: selftests: Add helpers for calling ioctls on guest_memfd Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 19/37] KVM: selftests: Test using guest_memfd for guest private memory Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 20/37] KVM: selftests: Test basic single-page conversion flow Ackerley Tng
2026-02-02 22:29 ` [RFC PATCH v2 21/37] KVM: selftests: Test conversion flow when INIT_SHARED Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 22/37] KVM: selftests: Test indexing in guest_memfd Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 23/37] KVM: selftests: Test conversion before allocation Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 24/37] KVM: selftests: Convert with allocated folios in different layouts Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 25/37] KVM: selftests: Test precision of conversion Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 26/37] KVM: selftests: Test that truncation does not change shared/private status Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 27/37] KVM: selftests: Test that shared/private status is consistent across processes Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 28/37] KVM: selftests: Test conversion with elevated page refcount Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 29/37] KVM: selftests: Reset shared memory after hole-punching Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 30/37] KVM: selftests: Provide function to look up guest_memfd details from gpa Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 31/37] KVM: selftests: Provide common function to set memory attributes Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 32/37] KVM: selftests: Check fd/flags provided to mmap() when setting up memslot Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 33/37] KVM: selftests: Make TEST_EXPECT_SIGBUS thread-safe Ackerley Tng
2026-02-14 19:49 ` Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 34/37] KVM: selftests: Update private_mem_conversions_test to mmap() guest_memfd Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 35/37] KVM: selftests: Add script to exercise private_mem_conversions_test Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 36/37] KVM: selftests: Update pre-fault test to work with per-guest_memfd attributes Ackerley Tng
2026-02-02 22:30 ` [RFC PATCH v2 37/37] KVM: selftests: Update private memory exits test work with per-gmem attributes Ackerley Tng
2026-02-20 9:09 ` [RFC PATCH v2 00/37] guest_memfd: In-place conversion support Lisa Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abNcEkNseDEBIhop@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=aik@amd.com \
--cc=andrew.jones@linux.dev \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=brauner@kernel.org \
--cc=chao.p.peng@intel.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chenhuacai@kernel.org \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=david@kernel.org \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=jgg@nvidia.com \
--cc=jmattson@google.com \
--cc=jroedel@suse.de \
--cc=jthoughton@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=maobibo@loongson.cn \
--cc=mathieu.desnoyers@efficios.com \
--cc=maz@kernel.org \
--cc=mhiramat@kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=oupton@kernel.org \
--cc=pankaj.gupta@amd.com \
--cc=pbonzini@redhat.com \
--cc=prsampat@amd.com \
--cc=qperret@google.com \
--cc=ricarkol@google.com \
--cc=rick.p.edgecombe@intel.com \
--cc=rientjes@google.com \
--cc=rostedt@goodmis.org \
--cc=shivankg@amd.com \
--cc=shuah@kernel.org \
--cc=steven.price@arm.com \
--cc=tabba@google.com \
--cc=tglx@linutronix.de \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=wyihan@google.com \
--cc=x86@kernel.org \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.