From: Fuad Tabba <tabba@google.com>
To: kvm@vger.kernel.org, kvmarm@lists.linux.dev
Cc: pbonzini@redhat.com, chenhuacai@kernel.org, mpe@ellerman.id.au,
anup@brainfault.org, paul.walmsley@sifive.com,
palmer@dabbelt.com, aou@eecs.berkeley.edu, seanjc@google.com,
viro@zeniv.linux.org.uk, brauner@kernel.org,
willy@infradead.org, akpm@linux-foundation.org,
xiaoyao.li@intel.com, yilun.xu@intel.com,
chao.p.peng@linux.intel.com, jarkko@kernel.org,
amoorthy@google.com, dmatlack@google.com,
yu.c.zhang@linux.intel.com, isaku.yamahata@intel.com,
mic@digikod.net, vbabka@suse.cz, vannapurve@google.com,
ackerleytng@google.com, mail@maciej.szmigiero.name,
david@redhat.com, michael.roth@amd.com, wei.w.wang@intel.com,
liam.merwick@oracle.com, isaku.yamahata@gmail.com,
kirill.shutemov@linux.intel.com, suzuki.poulose@arm.com,
steven.price@arm.com, quic_eberman@quicinc.com,
quic_mnalajal@quicinc.com, quic_tsoni@quicinc.com,
quic_svaddagi@quicinc.com, quic_cvanscha@quicinc.com,
quic_pderrin@quicinc.com, quic_pheragu@quicinc.com,
catalin.marinas@arm.com, james.morse@arm.com,
yuzenghui@huawei.com, oliver.upton@linux.dev, maz@kernel.org,
will@kernel.org, qperret@google.com, keirf@google.com,
tabba@google.com
Subject: [RFC PATCH v1 01/26] KVM: Split KVM memory attributes into user and kernel attributes
Date: Thu, 22 Feb 2024 16:10:22 +0000 [thread overview]
Message-ID: <20240222161047.402609-2-tabba@google.com> (raw)
In-Reply-To: <20240222161047.402609-1-tabba@google.com>
Currently userspace can set all KVM memory attributes. Future
patches will add new attributes that should only be set by the
kernel. Split the attribute space into two parts, one that
userspace can set, and one that can only be set by the kernel.
This patch introduces two new functions,
kvm_vm_set_mem_attributes_kernel() and
kvm_vm_set_mem_attributes_user(), whereby each sets the
attributes associated with the kernel or with userspace, without
clobbering the other's attributes.
Since these attributes are stored in an xarray, do the split at
bit 16, so that this would still work on 32-bit architectures if
needed.
Signed-off-by: Fuad Tabba <tabba@google.com>
---
include/linux/kvm_host.h | 3 +++
include/uapi/linux/kvm.h | 3 +++
virt/kvm/kvm_main.c | 36 +++++++++++++++++++++++++++++++-----
3 files changed, 37 insertions(+), 5 deletions(-)
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 7df0779ceaba..4cacf2a9a5d5 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -1438,6 +1438,9 @@ vm_fault_t kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf);
int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext);
+int kvm_vm_set_mem_attributes_kernel(struct kvm *kvm, gfn_t start, gfn_t end,
+ unsigned long attributes);
+
void kvm_arch_mmu_enable_log_dirty_pt_masked(struct kvm *kvm,
struct kvm_memory_slot *slot,
gfn_t gfn_offset,
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 59e7f5fd74e1..0862d6cc3e66 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -2225,6 +2225,9 @@ struct kvm_memory_attributes {
#define KVM_MEMORY_ATTRIBUTE_PRIVATE (1ULL << 3)
+#define KVM_MEMORY_ATTRIBUTES_KERNEL_SHIFT (16)
+#define KVM_MEMORY_ATTRIBUTES_KERNEL_MASK GENMASK(63, KVM_MEMORY_ATTRIBUTES_KERNEL_SHIFT)
+
#define KVM_CREATE_GUEST_MEMFD _IOWR(KVMIO, 0xd4, struct kvm_create_guest_memfd)
struct kvm_create_guest_memfd {
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 8f0dec2fa0f1..fba4dc6e4107 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -2536,8 +2536,8 @@ static bool kvm_pre_set_memory_attributes(struct kvm *kvm,
}
/* Set @attributes for the gfn range [@start, @end). */
-static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end,
- unsigned long attributes)
+static int __kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end,
+ unsigned long attributes, bool userspace)
{
struct kvm_mmu_notifier_range pre_set_range = {
.start = start,
@@ -2559,8 +2559,6 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end,
void *entry;
int r = 0;
- entry = attributes ? xa_mk_value(attributes) : NULL;
-
mutex_lock(&kvm->slots_lock);
/* Nothing to do if the entire range as the desired attributes. */
@@ -2580,6 +2578,17 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end,
kvm_handle_gfn_range(kvm, &pre_set_range);
for (i = start; i < end; i++) {
+ /* Maintain kernel/userspace attributes separately. */
+ unsigned long attr = xa_to_value(xa_load(&kvm->mem_attr_array, i));
+
+ if (userspace)
+ attr &= KVM_MEMORY_ATTRIBUTES_KERNEL_MASK;
+ else
+ attr &= ~KVM_MEMORY_ATTRIBUTES_KERNEL_MASK;
+
+ attributes |= attr;
+ entry = attributes ? xa_mk_value(attributes) : NULL;
+
r = xa_err(xa_store(&kvm->mem_attr_array, i, entry,
GFP_KERNEL_ACCOUNT));
KVM_BUG_ON(r, kvm);
@@ -2592,6 +2601,23 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end,
return r;
}
+
+int kvm_vm_set_mem_attributes_kernel(struct kvm *kvm, gfn_t start, gfn_t end,
+ unsigned long attributes)
+{
+ attributes &= KVM_MEMORY_ATTRIBUTES_KERNEL_MASK;
+
+ return __kvm_vm_set_mem_attributes(kvm, start, end, attributes, false);
+}
+
+static int kvm_vm_set_mem_attributes_userspace(struct kvm *kvm, gfn_t start, gfn_t end,
+ unsigned long attributes)
+{
+ attributes &= ~KVM_MEMORY_ATTRIBUTES_KERNEL_MASK;
+
+ return __kvm_vm_set_mem_attributes(kvm, start, end, attributes, true);
+}
+
static int kvm_vm_ioctl_set_mem_attributes(struct kvm *kvm,
struct kvm_memory_attributes *attrs)
{
@@ -2617,7 +2643,7 @@ static int kvm_vm_ioctl_set_mem_attributes(struct kvm *kvm,
*/
BUILD_BUG_ON(sizeof(attrs->attributes) != sizeof(unsigned long));
- return kvm_vm_set_mem_attributes(kvm, start, end, attrs->attributes);
+ return kvm_vm_set_mem_attributes_userspace(kvm, start, end, attrs->attributes);
}
#endif /* CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES */
--
2.44.0.rc1.240.g4c46232300-goog
next prev parent reply other threads:[~2024-02-22 16:10 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-22 16:10 [RFC PATCH v1 00/26] KVM: Restricted mapping of guest_memfd at the host and pKVM/arm64 support Fuad Tabba
2024-02-22 16:10 ` Fuad Tabba [this message]
2024-02-22 16:10 ` [RFC PATCH v1 02/26] KVM: Introduce kvm_gmem_get_pfn_locked(), which retains the folio lock Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 03/26] KVM: Add restricted support for mapping guestmem by the host Fuad Tabba
2024-02-22 16:28 ` David Hildenbrand
2024-02-26 8:58 ` Fuad Tabba
2024-02-26 9:57 ` David Hildenbrand
2024-02-26 17:30 ` Fuad Tabba
2024-02-27 7:40 ` David Hildenbrand
2024-02-22 16:10 ` [RFC PATCH v1 04/26] KVM: Don't allow private attribute to be set if mapped by host Fuad Tabba
2024-04-17 23:27 ` Sean Christopherson
2024-04-18 10:54 ` David Hildenbrand
2024-02-22 16:10 ` [RFC PATCH v1 05/26] KVM: Don't allow private attribute to be removed for unmappable memory Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 06/26] KVM: Implement kvm_(read|/write)_guest_page for private memory slots Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 07/26] KVM: arm64: Turn llist of pinned pages into an rb-tree Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 08/26] KVM: arm64: Implement MEM_RELINQUISH SMCCC hypercall Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 09/26] KVM: arm64: Strictly check page type in MEM_RELINQUISH hypercall Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 10/26] KVM: arm64: Avoid unnecessary unmap walk " Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 11/26] KVM: arm64: Add initial support for KVM_CAP_EXIT_HYPERCALL Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 12/26] KVM: arm64: Allow userspace to receive SHARE and UNSHARE notifications Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 13/26] KVM: arm64: Create hypercall return handler Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 14/26] KVM: arm64: Refactor code around handling return from host to guest Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 15/26] KVM: arm64: Rename kvm_pinned_page to kvm_guest_page Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 16/26] KVM: arm64: Add a field to indicate whether the guest page was pinned Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 17/26] KVM: arm64: Do not allow changes to private memory slots Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 18/26] KVM: arm64: Skip VMA checks for slots without userspace address Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 19/26] KVM: arm64: Handle guest_memfd()-backed guest page faults Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 20/26] KVM: arm64: Track sharing of memory from protected guest to host Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 21/26] KVM: arm64: Mark a protected VM's memory as unmappable at initialization Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 22/26] KVM: arm64: Handle unshare on way back to guest entry rather than exit Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 23/26] KVM: arm64: Check that host unmaps memory unshared by guest Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 24/26] KVM: arm64: Add handlers for kvm_arch_*_set_memory_attributes() Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 25/26] KVM: arm64: Enable private memory support when pKVM is enabled Fuad Tabba
2024-02-22 16:10 ` [RFC PATCH v1 26/26] KVM: arm64: Enable private memory kconfig for arm64 Fuad Tabba
2024-02-22 23:43 ` [RFC PATCH v1 00/26] KVM: Restricted mapping of guest_memfd at the host and pKVM/arm64 support Elliot Berman
2024-02-23 0:35 ` folio_mmapped Matthew Wilcox
2024-02-26 9:28 ` folio_mmapped David Hildenbrand
2024-02-26 21:14 ` folio_mmapped Elliot Berman
2024-02-27 14:59 ` folio_mmapped David Hildenbrand
2024-02-28 10:48 ` folio_mmapped Quentin Perret
2024-02-28 11:11 ` folio_mmapped David Hildenbrand
2024-02-28 12:44 ` folio_mmapped Quentin Perret
2024-02-28 13:00 ` folio_mmapped David Hildenbrand
2024-02-28 13:34 ` folio_mmapped Quentin Perret
2024-02-28 18:43 ` folio_mmapped Elliot Berman
2024-02-28 18:51 ` Quentin Perret
2024-02-29 10:04 ` folio_mmapped David Hildenbrand
2024-02-29 19:01 ` folio_mmapped Fuad Tabba
2024-03-01 0:40 ` folio_mmapped Elliot Berman
2024-03-01 11:16 ` folio_mmapped David Hildenbrand
2024-03-04 12:53 ` folio_mmapped Quentin Perret
2024-03-04 20:22 ` folio_mmapped David Hildenbrand
2024-03-01 11:06 ` folio_mmapped David Hildenbrand
2024-03-04 12:36 ` folio_mmapped Quentin Perret
2024-03-04 19:04 ` folio_mmapped Sean Christopherson
2024-03-04 20:17 ` folio_mmapped David Hildenbrand
2024-03-04 21:43 ` folio_mmapped Elliot Berman
2024-03-04 21:58 ` folio_mmapped David Hildenbrand
2024-03-19 9:47 ` folio_mmapped Quentin Perret
2024-03-19 9:54 ` folio_mmapped David Hildenbrand
2024-03-18 17:06 ` folio_mmapped Vishal Annapurve
2024-03-18 22:02 ` folio_mmapped David Hildenbrand
2024-03-18 23:07 ` folio_mmapped Vishal Annapurve
2024-03-19 0:10 ` folio_mmapped Sean Christopherson
2024-03-19 10:26 ` folio_mmapped David Hildenbrand
2024-03-19 13:19 ` folio_mmapped David Hildenbrand
2024-03-19 14:31 ` folio_mmapped Will Deacon
2024-03-19 23:54 ` folio_mmapped Elliot Berman
2024-03-22 16:36 ` Will Deacon
2024-03-22 18:46 ` Elliot Berman
2024-03-27 19:31 ` Will Deacon
2024-03-22 17:52 ` folio_mmapped David Hildenbrand
2024-03-22 21:21 ` folio_mmapped David Hildenbrand
2024-03-26 22:04 ` folio_mmapped Elliot Berman
2024-03-27 17:50 ` folio_mmapped David Hildenbrand
2024-03-27 19:34 ` folio_mmapped Will Deacon
2024-03-28 9:06 ` folio_mmapped David Hildenbrand
2024-03-28 10:10 ` folio_mmapped Quentin Perret
2024-03-28 10:32 ` folio_mmapped David Hildenbrand
2024-03-28 10:58 ` folio_mmapped Quentin Perret
2024-03-28 11:41 ` folio_mmapped David Hildenbrand
2024-03-29 18:38 ` folio_mmapped Vishal Annapurve
2024-04-04 0:15 ` folio_mmapped Sean Christopherson
2024-03-19 15:04 ` folio_mmapped Sean Christopherson
2024-03-22 17:16 ` folio_mmapped David Hildenbrand
2024-02-26 9:03 ` [RFC PATCH v1 00/26] KVM: Restricted mapping of guest_memfd at the host and pKVM/arm64 support Fuad Tabba
2024-02-23 12:00 ` Alexandru Elisei
2024-02-26 9:05 ` Fuad Tabba
2024-02-26 9:47 ` David Hildenbrand
2024-02-27 9:37 ` Fuad Tabba
2024-02-27 14:41 ` David Hildenbrand
2024-02-27 14:49 ` David Hildenbrand
2024-02-28 9:57 ` Fuad Tabba
2024-02-28 10:12 ` David Hildenbrand
2024-02-28 14:01 ` Quentin Perret
2024-02-29 9:51 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240222161047.402609-2-tabba@google.com \
--to=tabba@google.com \
--cc=ackerleytng@google.com \
--cc=akpm@linux-foundation.org \
--cc=amoorthy@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=brauner@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=chao.p.peng@linux.intel.com \
--cc=chenhuacai@kernel.org \
--cc=david@redhat.com \
--cc=dmatlack@google.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=james.morse@arm.com \
--cc=jarkko@kernel.org \
--cc=keirf@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=liam.merwick@oracle.com \
--cc=mail@maciej.szmigiero.name \
--cc=maz@kernel.org \
--cc=mic@digikod.net \
--cc=michael.roth@amd.com \
--cc=mpe@ellerman.id.au \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pbonzini@redhat.com \
--cc=qperret@google.com \
--cc=quic_cvanscha@quicinc.com \
--cc=quic_eberman@quicinc.com \
--cc=quic_mnalajal@quicinc.com \
--cc=quic_pderrin@quicinc.com \
--cc=quic_pheragu@quicinc.com \
--cc=quic_svaddagi@quicinc.com \
--cc=quic_tsoni@quicinc.com \
--cc=seanjc@google.com \
--cc=steven.price@arm.com \
--cc=suzuki.poulose@arm.com \
--cc=vannapurve@google.com \
--cc=vbabka@suse.cz \
--cc=viro@zeniv.linux.org.uk \
--cc=wei.w.wang@intel.com \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@intel.com \
--cc=yu.c.zhang@linux.intel.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox