From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0CF7ECAC5AE for ; Thu, 25 Sep 2025 02:50:37 +0000 (UTC) Received: from boromir.ozlabs.org (localhost [127.0.0.1]) by lists.ozlabs.org (Postfix) with ESMTP id 4cXJ9l58TNz2yx8; Thu, 25 Sep 2025 12:50:35 +1000 (AEST) Authentication-Results: lists.ozlabs.org; arc=none smtp.remote-ip="2607:f8b0:4864:20::649" ARC-Seal: i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1758768635; cv=none; b=PK67Hw/DT2g6N2KzOyDigHCf5QpD/t6NrlRMN82dxrmSrHAJb331q/jYCTyRoyBmLfanKH5Re3lLb/xUU/q2j1JeWC2Zvzp5AbULCyaRzmHdW7eFw1jYTMsJ0UEPEVoPFc4oNUvb/SXJq3iQnm6RjNvHhooLl1gipP/KGVYp24aznXPpNRanz5TI0e4Ink8412PMt/Jd37BoN4s1Xdrfnpfjfp3n1+mcpenrDcLPHjWRU5oXnNBdPAZkV5pBxmXAxWyIEOcOsk4g/ZC+ypB3fRwAijcZuKbdH/b5D8DDI3KBLH8G8R2uF8/HrtMHVqF5vGMl/w3GghmAVX8Cs4D5YA== ARC-Message-Signature: i=1; a=rsa-sha256; d=lists.ozlabs.org; s=201707; t=1758768635; c=relaxed/relaxed; bh=WtyEMQPJo4fqytrWkgTZ3RdyfRt093nOgUIpQGdycFA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CdD4f2Z068L8JB54zGRLFSPSfAQhYug7iTFusdvtj/bjjHtC7ahxJrU5lxq//yTj4YkWNw+oi/6WJlrfQ6sktTFzB4Mk6nyTI94gvoXiq+1Olp+SdL8JuJ/paPPvSh3VF040MFZvKD0aJNJamhg3VTMyYV7KUTWylnQMasMBrKB0wxghBL7w3b+//RZQ8Wz+HHB9vUDjZwqvOnJuBghsE/cawrWk2a8I/KDayitRY65UY2IhKddK9RXZH21TaUMrnxkykHbAqxRJHA7P2fD6hCkz2rY35GmrqB0pUr7ATZqC4FCYQOA0SALQPfK6FLbO5AYpvEUS0Pt3ExQwmE7ZRw== ARC-Authentication-Results: i=1; lists.ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=1jib29rG; dkim-atps=neutral; spf=pass (client-ip=2607:f8b0:4864:20::649; helo=mail-pl1-x649.google.com; envelope-from=3963uaaykc_imyuhdwaiiafy.wigfchor-ylizmfcmnm.itfuvm.ila@flex--seanjc.bounces.google.com; receiver=lists.ozlabs.org) smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: lists.ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20230601 header.b=1jib29rG; dkim-atps=neutral Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=flex--seanjc.bounces.google.com (client-ip=2607:f8b0:4864:20::649; helo=mail-pl1-x649.google.com; envelope-from=3963uaaykc_imyuhdwaiiafy.wigfchor-ylizmfcmnm.itfuvm.ila@flex--seanjc.bounces.google.com; receiver=lists.ozlabs.org) Received: from mail-pl1-x649.google.com (mail-pl1-x649.google.com [IPv6:2607:f8b0:4864:20::649]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4cXJ9k40FXz2ytg for ; Thu, 25 Sep 2025 12:50:33 +1000 (AEST) Received: by mail-pl1-x649.google.com with SMTP id d9443c01a7336-2711a55da20so3712785ad.1 for ; Wed, 24 Sep 2025 19:50:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1758768631; x=1759373431; darn=lists.ozlabs.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WtyEMQPJo4fqytrWkgTZ3RdyfRt093nOgUIpQGdycFA=; b=1jib29rGrn3jFk0ZQcy0m7Fq4Ke7KNUnAFwEoSx83gZtCtENEewP3dBPHyNWVMFAIE QGCcETGmajOz4dmn97YrwE5iYvEk/nul2UqDnoyFhzV43TN13NDpbT8Uv7/sT/tVXbe0 ZgQrJTGvjOsbRfGEuDe3D8lECFgzPfq+c2igYrdOuRQnqZIPImKeTbFOaO9I2J5FKC3z xr3I8Ez8JCr5xTe/idIsXMCpvhSaWHGIZ9zQrX4WbEjivUtm86gLtyGbOtYEmETCp2J+ sJRqUHt0lJizqh7rU574R0D5vXBmLaZ7RTYPMmOWy85vc+v4N9PZwVmrp833GfbzGm/9 CRLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758768631; x=1759373431; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WtyEMQPJo4fqytrWkgTZ3RdyfRt093nOgUIpQGdycFA=; b=eJ8mTWypjyIi5v7DXSeq35eLFKJqbUHy0zO2KOt463iVkobUszD1gUpTxwnqoKsEjK G3FrNwElziTZTC8TBnp0bBGmUn4bdDdEIka+/1CeN+v0ohX4nWfDoCYGBze4SvlgOt3L H9NbF8qWsKS2X4f2Q4kc3rA5lX7q8gb5VK9WSkgBwKbstGjTlqnVNn94+koiREiweaAa T77dHEtA7RnpZcWsN6OU/iGu/osSpM2YeZWhoggWvuHGick/YfjllLvRhNZmjSp8izbu vguOuNZse1TT85VGUcwP24Qhik9rZFvxJT1LLX2R2Fp8PtYSHnICUu+v0gBBnsO4/lMX DvVA== X-Forwarded-Encrypted: i=1; AJvYcCWuV8GcOzP5eO4cfB4nGol9oFUYeswEifi+dHxiR4ZPl254rZ5rY7hipiS9ieMT+C8hKHDfz87/riRg+g==@lists.ozlabs.org X-Gm-Message-State: AOJu0YwOglSDItD4Shz/nccprIr1wA2mwwugy//HvzaHSp8iH0je4L2a yZ1wMeuLbbSW4OCU+QjXfiApPZ1H5dgaI4pP3AawkBzNPI+htaVXHyBVhamkKZBuzzI5S4HWZOV TijZz8w== X-Google-Smtp-Source: AGHT+IFUzTzL+1uqRK/gqbR3SSwstvzUfWk/CsgKEnRDPuVsxH9OFn3e2zcGuFZY0INSLtUo/3MF8Uc68Iw= X-Received: from pjbnn3.prod.google.com ([2002:a17:90b:38c3:b0:32d:e264:a78e]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:1b0b:b0:266:f01a:98d5 with SMTP id d9443c01a7336-27ed4ab37a2mr23319415ad.57.1758768631155; Wed, 24 Sep 2025 19:50:31 -0700 (PDT) Date: Wed, 24 Sep 2025 19:50:29 -0700 In-Reply-To: X-Mailing-List: linux-erofs@lists.ozlabs.org List-Id: List-Help: List-Owner: List-Post: List-Subscribe: , , List-Unsubscribe: Precedence: list Mime-Version: 1.0 References: <20250827175247.83322-2-shivankg@amd.com> <20250827175247.83322-7-shivankg@amd.com> Message-ID: Subject: Re: [PATCH kvm-next V11 4/7] KVM: guest_memfd: Use guest mem inodes instead of anonymous inodes From: Sean Christopherson To: Ackerley Tng Cc: Shivank Garg , willy@infradead.org, akpm@linux-foundation.org, david@redhat.com, pbonzini@redhat.com, shuah@kernel.org, vbabka@suse.cz, brauner@kernel.org, viro@zeniv.linux.org.uk, dsterba@suse.com, xiang@kernel.org, chao@kernel.org, jaegeuk@kernel.org, clm@fb.com, josef@toxicpanda.com, kent.overstreet@linux.dev, zbestahu@gmail.com, jefflexu@linux.alibaba.com, dhavale@google.com, lihongbo22@huawei.com, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, rppt@kernel.org, surenb@google.com, mhocko@suse.com, ziy@nvidia.com, matthew.brost@intel.com, joshua.hahnjy@gmail.com, rakie.kim@sk.com, byungchul@sk.com, gourry@gourry.net, ying.huang@linux.alibaba.com, apopple@nvidia.com, tabba@google.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, pvorel@suse.cz, bfoster@redhat.com, vannapurve@google.com, chao.gao@intel.com, bharata@amd.com, nikunj@amd.com, michael.day@amd.com, shdhiman@amd.com, yan.y.zhao@intel.com, Neeraj.Upadhyay@amd.com, thomas.lendacky@amd.com, michael.roth@amd.com, aik@amd.com, jgg@nvidia.com, kalyazin@amazon.com, peterx@redhat.com, jack@suse.cz, hch@infradead.org, cgzones@googlemail.com, ira.weiny@intel.com, rientjes@google.com, roypat@amazon.co.uk, chao.p.peng@intel.com, amit@infradead.org, ddutile@redhat.com, dan.j.williams@intel.com, ashish.kalra@amd.com, gshan@redhat.com, jgowans@amazon.com, pankaj.gupta@amd.com, papaluri@amd.com, yuzhao@google.com, suzuki.poulose@arm.com, quic_eberman@quicinc.com, linux-bcachefs@vger.kernel.org, linux-btrfs@vger.kernel.org, linux-erofs@lists.ozlabs.org, linux-f2fs-devel@lists.sourceforge.net, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-coco@lists.linux.dev Content-Type: text/plain; charset="us-ascii" My apologies for the super late feedback. None of this is critical (mechanical things that can be cleaned up after the fact), so if there's any urgency to getting this series into 6.18, just ignore it. On Wed, Aug 27, 2025, Ackerley Tng wrote: > Shivank Garg writes: > @@ -463,11 +502,70 @@ bool __weak kvm_arch_supports_gmem_mmap(struct kvm *kvm) > return true; > } > > +static struct inode *kvm_gmem_inode_create(const char *name, loff_t size, > + u64 flags) > +{ > + struct inode *inode; > + > + inode = anon_inode_make_secure_inode(kvm_gmem_mnt->mnt_sb, name, NULL); > + if (IS_ERR(inode)) > + return inode; > + > + inode->i_private = (void *)(unsigned long)flags; > + inode->i_op = &kvm_gmem_iops; > + inode->i_mapping->a_ops = &kvm_gmem_aops; > + inode->i_mode |= S_IFREG; > + inode->i_size = size; > + mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER); > + mapping_set_inaccessible(inode->i_mapping); > + /* Unmovable mappings are supposed to be marked unevictable as well. */ > + WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); > + > + return inode; > +} > + > +static struct file *kvm_gmem_inode_create_getfile(void *priv, loff_t size, > + u64 flags) > +{ > + static const char *name = "[kvm-gmem]"; > + struct inode *inode; > + struct file *file; > + int err; > + > + err = -ENOENT; > + /* __fput() will take care of fops_put(). */ > + if (!fops_get(&kvm_gmem_fops)) > + goto err; > + > + inode = kvm_gmem_inode_create(name, size, flags); > + if (IS_ERR(inode)) { > + err = PTR_ERR(inode); > + goto err_fops_put; > + } > + > + file = alloc_file_pseudo(inode, kvm_gmem_mnt, name, O_RDWR, > + &kvm_gmem_fops); > + if (IS_ERR(file)) { > + err = PTR_ERR(file); > + goto err_put_inode; > + } > + > + file->f_flags |= O_LARGEFILE; > + file->private_data = priv; > + > + return file; > + > +err_put_inode: > + iput(inode); > +err_fops_put: > + fops_put(&kvm_gmem_fops); > +err: > + return ERR_PTR(err); > +} I don't see any reason to add two helpers. It requires quite a bit more lines of code due to adding more error paths and local variables, and IMO doesn't make the code any easier to read. Passing in "gmem" as @priv is especially ridiculous, as it adds code and obfuscates what file->private_data is set to. I get the sense that the code was written to be a "replacement" for common APIs, but that is nonsensical (no pun intended). > static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) > { > - const char *anon_name = "[kvm-gmem]"; > struct kvm_gmem *gmem; > - struct inode *inode; > struct file *file; > int fd, err; > > @@ -481,32 +579,16 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) > goto err_fd; > } > > - file = anon_inode_create_getfile(anon_name, &kvm_gmem_fops, gmem, > - O_RDWR, NULL); > + file = kvm_gmem_inode_create_getfile(gmem, size, flags); > if (IS_ERR(file)) { > err = PTR_ERR(file); > goto err_gmem; > } > > - file->f_flags |= O_LARGEFILE; > - > - inode = file->f_inode; > - WARN_ON(file->f_mapping != inode->i_mapping); > - > - inode->i_private = (void *)(unsigned long)flags; > - inode->i_op = &kvm_gmem_iops; > - inode->i_mapping->a_ops = &kvm_gmem_aops; > - inode->i_mode |= S_IFREG; > - inode->i_size = size; > - mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER); > - mapping_set_inaccessible(inode->i_mapping); > - /* Unmovable mappings are supposed to be marked unevictable as well. */ > - WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); > - > kvm_get_kvm(kvm); > gmem->kvm = kvm; > xa_init(&gmem->bindings); > - list_add(&gmem->entry, &inode->i_mapping->i_private_list); > + list_add(&gmem->entry, &file_inode(file)->i_mapping->i_private_list); I don't understand this change? Isn't file_inode(file) == inode? Compile tested only, and again not critical, but it's -40 LoC... --- include/uapi/linux/magic.h | 1 + virt/kvm/guest_memfd.c | 75 ++++++++++++++++++++++++++++++++------ virt/kvm/kvm_main.c | 7 +++- virt/kvm/kvm_mm.h | 9 +++-- 4 files changed, 76 insertions(+), 16 deletions(-) diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h index bb575f3ab45e..638ca21b7a90 100644 --- a/include/uapi/linux/magic.h +++ b/include/uapi/linux/magic.h @@ -103,5 +103,6 @@ #define DEVMEM_MAGIC 0x454d444d /* "DMEM" */ #define SECRETMEM_MAGIC 0x5345434d /* "SECM" */ #define PID_FS_MAGIC 0x50494446 /* "PIDF" */ +#define GUEST_MEMFD_MAGIC 0x474d454d /* "GMEM" */ #endif /* __LINUX_MAGIC_H__ */ diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 08a6bc7d25b6..73c9791879d5 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -1,12 +1,16 @@ // SPDX-License-Identifier: GPL-2.0 +#include #include #include +#include #include +#include #include -#include #include "kvm_mm.h" +static struct vfsmount *kvm_gmem_mnt; + struct kvm_gmem { struct kvm *kvm; struct xarray bindings; @@ -385,9 +389,45 @@ static struct file_operations kvm_gmem_fops = { .fallocate = kvm_gmem_fallocate, }; -void kvm_gmem_init(struct module *module) +static int kvm_gmem_init_fs_context(struct fs_context *fc) +{ + if (!init_pseudo(fc, GUEST_MEMFD_MAGIC)) + return -ENOMEM; + + fc->s_iflags |= SB_I_NOEXEC; + fc->s_iflags |= SB_I_NODEV; + + return 0; +} + +static struct file_system_type kvm_gmem_fs = { + .name = "guest_memfd", + .init_fs_context = kvm_gmem_init_fs_context, + .kill_sb = kill_anon_super, +}; + +static int kvm_gmem_init_mount(void) +{ + kvm_gmem_mnt = kern_mount(&kvm_gmem_fs); + + if (IS_ERR(kvm_gmem_mnt)) + return PTR_ERR(kvm_gmem_mnt); + + kvm_gmem_mnt->mnt_flags |= MNT_NOEXEC; + return 0; +} + +int kvm_gmem_init(struct module *module) { kvm_gmem_fops.owner = module; + + return kvm_gmem_init_mount(); +} + +void kvm_gmem_exit(void) +{ + kern_unmount(kvm_gmem_mnt); + kvm_gmem_mnt = NULL; } static int kvm_gmem_migrate_folio(struct address_space *mapping, @@ -465,7 +505,7 @@ bool __weak kvm_arch_supports_gmem_mmap(struct kvm *kvm) static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) { - const char *anon_name = "[kvm-gmem]"; + static const char *name = "[kvm-gmem]"; struct kvm_gmem *gmem; struct inode *inode; struct file *file; @@ -481,17 +521,17 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) goto err_fd; } - file = anon_inode_create_getfile(anon_name, &kvm_gmem_fops, gmem, - O_RDWR, NULL); - if (IS_ERR(file)) { - err = PTR_ERR(file); + /* __fput() will take care of fops_put(). */ + if (!fops_get(&kvm_gmem_fops)) { + err = -ENOENT; goto err_gmem; } - file->f_flags |= O_LARGEFILE; - - inode = file->f_inode; - WARN_ON(file->f_mapping != inode->i_mapping); + inode = anon_inode_make_secure_inode(kvm_gmem_mnt->mnt_sb, name, NULL); + if (IS_ERR(inode)) { + err = PTR_ERR(inode); + goto err_fops; + } inode->i_private = (void *)(unsigned long)flags; inode->i_op = &kvm_gmem_iops; @@ -503,6 +543,15 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) /* Unmovable mappings are supposed to be marked unevictable as well. */ WARN_ON_ONCE(!mapping_unevictable(inode->i_mapping)); + file = alloc_file_pseudo(inode, kvm_gmem_mnt, name, O_RDWR, &kvm_gmem_fops); + if (IS_ERR(file)) { + err = PTR_ERR(file); + goto err_inode; + } + + file->f_flags |= O_LARGEFILE; + file->private_data = gmem; + kvm_get_kvm(kvm); gmem->kvm = kvm; xa_init(&gmem->bindings); @@ -511,6 +560,10 @@ static int __kvm_gmem_create(struct kvm *kvm, loff_t size, u64 flags) fd_install(fd, file); return fd; +err_inode: + iput(inode); +err_fops: + fops_put(&kvm_gmem_fops); err_gmem: kfree(gmem); err_fd: diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 18f29ef93543..301d48d6e00d 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -6489,7 +6489,9 @@ int kvm_init(unsigned vcpu_size, unsigned vcpu_align, struct module *module) if (WARN_ON_ONCE(r)) goto err_vfio; - kvm_gmem_init(module); + r = kvm_gmem_init(module); + if (r) + goto err_gmem; r = kvm_init_virtualization(); if (r) @@ -6510,6 +6512,8 @@ int kvm_init(unsigned vcpu_size, unsigned vcpu_align, struct module *module) err_register: kvm_uninit_virtualization(); err_virt: + kvm_gmem_exit(); +err_gmem: kvm_vfio_ops_exit(); err_vfio: kvm_async_pf_deinit(); @@ -6541,6 +6545,7 @@ void kvm_exit(void) for_each_possible_cpu(cpu) free_cpumask_var(per_cpu(cpu_kick_mask, cpu)); kmem_cache_destroy(kvm_vcpu_cache); + kvm_gmem_exit(); kvm_vfio_ops_exit(); kvm_async_pf_deinit(); kvm_irqfd_exit(); diff --git a/virt/kvm/kvm_mm.h b/virt/kvm/kvm_mm.h index 31defb08ccba..9fcc5d5b7f8d 100644 --- a/virt/kvm/kvm_mm.h +++ b/virt/kvm/kvm_mm.h @@ -68,17 +68,18 @@ static inline void gfn_to_pfn_cache_invalidate_start(struct kvm *kvm, #endif /* HAVE_KVM_PFNCACHE */ #ifdef CONFIG_KVM_GUEST_MEMFD -void kvm_gmem_init(struct module *module); +int kvm_gmem_init(struct module *module); +void kvm_gmem_exit(void); int kvm_gmem_create(struct kvm *kvm, struct kvm_create_guest_memfd *args); int kvm_gmem_bind(struct kvm *kvm, struct kvm_memory_slot *slot, unsigned int fd, loff_t offset); void kvm_gmem_unbind(struct kvm_memory_slot *slot); #else -static inline void kvm_gmem_init(struct module *module) +static inline int kvm_gmem_init(struct module *module) { - + return 0; } - +static inline void kvm_gmem_exit(void) {}; static inline int kvm_gmem_bind(struct kvm *kvm, struct kvm_memory_slot *slot, unsigned int fd, loff_t offset) base-commit: d133892dddd6607de651b7e32510359a6af97c4c --