From: Sean Christopherson <seanjc@google.com>
To: Sagi Shahar <sagis@google.com>
Cc: linux-kselftest@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Ackerley Tng <ackerleytng@google.com>,
Ryan Afranji <afranji@google.com>,
Andrew Jones <ajones@ventanamicro.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Roger Wang <runanwang@google.com>,
Binbin Wu <binbin.wu@linux.intel.com>,
Oliver Upton <oliver.upton@linux.dev>,
"Pratik R. Sampat" <pratikrajesh.sampat@amd.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Ira Weiny <ira.weiny@intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH v8 08/30] KVM: selftests: TDX: Update load_td_memory_region() for VM memory backed by guest memfd
Date: Mon, 11 Aug 2025 13:31:45 -0700 [thread overview]
Message-ID: <aJpTMVV-F0z8iyb4@google.com> (raw)
In-Reply-To: <20250807201628.1185915-9-sagis@google.com>
On Thu, Aug 07, 2025, Sagi Shahar wrote:
> From: Ackerley Tng <ackerleytng@google.com>
>
> If guest memory is backed by restricted memfd
>
> + UPM is being used, hence encrypted memory region has to be
> registered
> + Can avoid making a copy of guest memory before getting TDX to
> initialize the memory region
>
> Signed-off-by: Ackerley Tng <ackerleytng@google.com>
> Signed-off-by: Sagi Shahar <sagis@google.com>
> ---
> .../selftests/kvm/lib/x86/tdx/tdx_util.c | 38 +++++++++++++++----
> 1 file changed, 30 insertions(+), 8 deletions(-)
>
> diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> index bb074af4a476..e2bf9766dc03 100644
> --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c
> @@ -324,6 +324,21 @@ static void tdx_td_finalize_mr(struct kvm_vm *vm)
> tdx_ioctl(vm->fd, KVM_TDX_FINALIZE_VM, 0, NULL);
> }
>
> +/*
> + * Other ioctls
> + */
> +
> +/*
> + * Register a memory region that may contain encrypted data in KVM.
> + */
Drop these comments.
> +static void register_encrypted_memory_region(struct kvm_vm *vm,
> + struct userspace_mem_region *region)
This is a comically bad helper. Any person that is at all familiar with KVM's
CoCo support, or that simply reads KVM's documentation, will expect this to
invoke KVM_MEMORY_ENCRYPT_REG_REGION. And this is obviously doing much more than
"registering" an encrypted region. Not to mention this helper doesn't need to
exist; it has _one_ caller, and the code is quite self-explanatory.
> +{
> + vm_set_memory_attributes(vm, region->region.guest_phys_addr,
> + region->region.memory_size,
> + KVM_MEMORY_ATTRIBUTE_PRIVATE);
> +}
> +
> /*
> * TD creation/setup/finalization
> */
> @@ -459,28 +474,35 @@ static void load_td_memory_region(struct kvm_vm *vm,
> if (!sparsebit_any_set(pages))
> return;
>
> + if (region->region.guest_memfd != -1)
> + register_encrypted_memory_region(vm, region);
> +
> sparsebit_for_each_set_range(pages, i, j) {
> const uint64_t size_to_load = (j - i + 1) * vm->page_size;
> const uint64_t offset =
> (i - lowest_page_in_region) * vm->page_size;
> const uint64_t hva = hva_base + offset;
> const uint64_t gpa = gpa_base + offset;
> - void *source_addr;
> + void *source_addr = (void *)hva;
>
> /*
> * KVM_TDX_INIT_MEM_REGION ioctl cannot encrypt memory in place.
> * Make a copy if there's only one backing memory source.
> */
> - source_addr = mmap(NULL, size_to_load, PROT_READ | PROT_WRITE,
> - MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> - TEST_ASSERT(source_addr,
> - "Could not allocate memory for loading memory region");
> -
> - memcpy(source_addr, (void *)hva, size_to_load);
> + if (region->region.guest_memfd == -1) {
Oh, here's the "if".
> + source_addr = mmap(NULL, size_to_load, PROT_READ | PROT_WRITE,
> + MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
> + TEST_ASSERT(source_addr,
> + "Could not allocate memory for loading memory region");
> +
> + memcpy(source_addr, (void *)hva, size_to_load);
> + memset((void *)hva, 0, size_to_load);
> + }
>
> tdx_init_mem_region(vm, source_addr, gpa, size_to_load);
>
> - munmap(source_addr, size_to_load);
> + if (region->region.guest_memfd == -1)
> + munmap(source_addr, size_to_load);
> }
> }
>
> --
> 2.51.0.rc0.155.g4a0f42376b-goog
>
next prev parent reply other threads:[~2025-08-11 20:31 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-07 20:15 [PATCH v8 00/30] TDX KVM selftests Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 01/30] KVM: selftests: Add function to allow one-to-one GVA to GPA mappings Sagi Shahar
2025-08-11 17:49 ` Sean Christopherson
2025-08-15 4:16 ` Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 02/30] KVM: selftests: Expose function that sets up sregs based on VM's mode Sagi Shahar
2025-08-11 18:11 ` Sean Christopherson
2025-08-15 4:24 ` Sagi Shahar
2025-08-07 20:15 ` [PATCH v8 03/30] KVM: selftests: Store initial stack address in struct kvm_vcpu Sagi Shahar
2025-08-11 18:12 ` Sean Christopherson
2025-08-07 20:16 ` [PATCH v8 04/30] KVM: selftests: Add vCPU descriptor table initialization utility Sagi Shahar
2025-08-11 18:25 ` Sean Christopherson
2025-08-15 4:29 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 05/30] KVM: selftests: Update kvm_init_vm_address_properties() for TDX Sagi Shahar
2025-08-11 18:34 ` Sean Christopherson
2025-08-15 4:31 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 06/30] KVM: selftests: Add helper functions to create TDX VMs Sagi Shahar
2025-08-11 20:13 ` Sean Christopherson
2025-08-12 21:05 ` Ira Weiny
2025-08-13 4:22 ` Binbin Wu
2025-08-15 5:20 ` Sagi Shahar
2025-08-16 0:22 ` Sean Christopherson
2025-08-16 0:32 ` Reinette Chatre
2025-08-16 0:28 ` Reinette Chatre
2025-08-13 7:41 ` Binbin Wu
2025-08-15 2:20 ` Chao Gao
2025-08-21 4:08 ` Sagi Shahar
2025-08-14 0:48 ` Edgecombe, Rick P
2025-08-21 4:15 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 07/30] KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration Sagi Shahar
2025-08-13 13:34 ` Chenyi Qiang
2025-08-20 21:18 ` Sagi Shahar
2025-08-20 21:49 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 08/30] KVM: selftests: TDX: Update load_td_memory_region() for VM memory backed by guest memfd Sagi Shahar
2025-08-11 14:19 ` Ira Weiny
2025-08-11 20:31 ` Sean Christopherson [this message]
2025-08-13 9:23 ` Binbin Wu
2025-08-13 14:42 ` Reinette Chatre
2025-08-14 2:49 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 09/30] KVM: selftests: TDX: Add TDX lifecycle test Sagi Shahar
2025-08-13 10:36 ` Binbin Wu
2025-08-21 4:19 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 10/30] KVM: selftests: TDX: Add report_fatal_error test Sagi Shahar
2025-08-13 10:58 ` Binbin Wu
2025-08-14 7:05 ` Binbin Wu
2025-08-25 21:49 ` Sagi Shahar
2025-08-25 21:28 ` Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 11/30] KVM: selftests: TDX: Adding test case for TDX port IO Sagi Shahar
2025-08-14 3:24 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 12/30] KVM: selftests: TDX: Add basic TDX CPUID test Sagi Shahar
2025-08-14 3:20 ` Chenyi Qiang
2025-08-14 6:11 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 13/30] KVM: selftests: TDX: Add basic TDG.VP.VMCALL<GetTdVmCallInfo> test Sagi Shahar
2025-08-14 6:34 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 14/30] KVM: selftests: TDX: Add TDX IO writes test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 15/30] KVM: selftests: TDX: Add TDX IO reads test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 16/30] KVM: selftests: TDX: Add TDX MSR read/write tests Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 17/30] KVM: selftests: TDX: Add TDX HLT exit test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 18/30] KVM: selftests: TDX: Add TDX MMIO reads test Sagi Shahar
2025-08-14 9:58 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 19/30] KVM: selftests: TDX: Add TDX MMIO writes test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 20/30] KVM: selftests: TDX: Add TDX CPUID TDVMCALL test Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 21/30] KVM: selftests: TDX: Verify the behavior when host consumes a TD private memory Sagi Shahar
2025-08-11 20:35 ` Sean Christopherson
2025-08-14 11:17 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 22/30] KVM: selftests: TDX: Add TDG.VP.INFO test Sagi Shahar
2025-08-14 9:04 ` Chenyi Qiang
2025-08-14 11:48 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 23/30] KVM: selftests: Add functions to allow mapping as shared Sagi Shahar
2025-08-11 18:49 ` Ira Weiny
2025-08-15 2:37 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 24/30] KVM: selftests: TDX: Add shared memory test Sagi Shahar
2025-08-11 21:06 ` Sean Christopherson
2025-08-07 20:16 ` [PATCH v8 25/30] KVM: selftests: KVM: selftests: Expose new vm_vaddr_alloc_private() Sagi Shahar
2025-08-11 21:07 ` Sean Christopherson
2025-08-15 3:15 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 26/30] KVM: selftests: TDX: Add support for TDG.MEM.PAGE.ACCEPT Sagi Shahar
2025-08-15 5:38 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 27/30] KVM: selftests: TDX: Add support for TDG.VP.VEINFO.GET Sagi Shahar
2025-08-07 20:16 ` [PATCH v8 28/30] KVM: selftests: TDX: Add TDX UPM selftest Sagi Shahar
2025-08-13 16:05 ` Ira Weiny
2025-08-13 17:30 ` Reinette Chatre
2025-08-15 7:03 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 29/30] KVM: selftests: TDX: Add TDX UPM selftests for implicit conversion Sagi Shahar
2025-08-15 7:18 ` Binbin Wu
2025-08-07 20:16 ` [PATCH v8 30/30] KVM: selftests: TDX: Test LOG_DIRTY_PAGES flag to a non-GUEST_MEMFD memslot Sagi Shahar
2025-08-13 16:10 ` Ira Weiny
2025-08-11 17:38 ` [PATCH v8 00/30] TDX KVM selftests Sean Christopherson
2025-08-11 18:11 ` Edgecombe, Rick P
2025-08-11 20:00 ` Sagi Shahar
2025-08-11 20:53 ` Sean Christopherson
2025-08-15 4:14 ` Sagi Shahar
2025-08-15 22:52 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aJpTMVV-F0z8iyb4@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=afranji@google.com \
--cc=ajones@ventanamicro.com \
--cc=binbin.wu@linux.intel.com \
--cc=erdemaktas@google.com \
--cc=ira.weiny@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=pratikrajesh.sampat@amd.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=runanwang@google.com \
--cc=sagis@google.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).