From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF05C4332F for ; Mon, 30 Oct 2023 17:36:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9A0AA6B026C; Mon, 30 Oct 2023 13:36:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 951406B026D; Mon, 30 Oct 2023 13:36:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7F1E46B026E; Mon, 30 Oct 2023 13:36:19 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 708176B026C for ; Mon, 30 Oct 2023 13:36:19 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 431AA1CABF7 for ; Mon, 30 Oct 2023 17:36:19 +0000 (UTC) X-FDA: 81402831678.15.76647A6 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf24.hostedemail.com (Postfix) with ESMTP id 181AB18001B for ; Mon, 30 Oct 2023 17:36:16 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Y5AavsT9; spf=pass (imf24.hostedemail.com: domain of pbonzini@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=pbonzini@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1698687377; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3jYLwfXXzRbH81zwo7MCV6nGPuDVHVRPsAgIWckITik=; b=vLyj0AbjCi7uTxqqKrBVbJY0EG5WoX8nOlmcnqHAAuMSC68dwNg+GZzjo1dV+hIZO3Mj+P I022F+Q3h3L/wDz//pilbXvlEnw+yKz36pbelWgokpHmgs9qB+O8uHDcO1UZyZTpnRo36/ t1hIQYYddmpU4HaZgs5kfjbB2eQWwXk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1698687377; a=rsa-sha256; cv=none; b=YI7CYWyRxizXv2gnYrhyC3OBQDpfLXh8aKCt6ZcE4D9FIOtz4XFlHFd/AtA6Kha0acg3cY i5yz4bkcR0ylmxuUEkGRSVll9DAXu0Lx4aWNpWrueuGUm3qd22ltBtE9M+U+TfbDjYBv21 N3DBuv5ISucmhEiQHCYjGZfwgdccN8Q= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Y5AavsT9; spf=pass (imf24.hostedemail.com: domain of pbonzini@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=pbonzini@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1698687376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=3jYLwfXXzRbH81zwo7MCV6nGPuDVHVRPsAgIWckITik=; b=Y5AavsT9mP2yC/h9bR/3shm6VlxhH/TLz/xosTSHIEnjefyc8lk5zYeX9QxdzaMBJ7m8wB 09TFiBDTP2N32D95hN0iN9p/qKsWIdg10vfTVGdOw4TMMHJcijVd4upFLCJj9FostIr5GP An5lPlmVqxK2MW25XLWDugnnrhZk1hI= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-533-waC2rh57N8SsiXnVXaEV5Q-1; Mon, 30 Oct 2023 13:36:13 -0400 X-MC-Unique: waC2rh57N8SsiXnVXaEV5Q-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-32f8c4b74f7so461007f8f.0 for ; Mon, 30 Oct 2023 10:36:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698687372; x=1699292172; h=content-transfer-encoding:in-reply-to:autocrypt:from:references:cc :to:content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3jYLwfXXzRbH81zwo7MCV6nGPuDVHVRPsAgIWckITik=; b=Dq7Z/sNKBHQl6lZVgq/ZBwnUP+DYSPUuI80H+WY9UwLAinaxAR3aZ+Owh1bUjAA2TA 1m3+DstVFcGNWEf5+Y5s2lNdtbj++s75zZJsW+yQf73VtRrsMcz4X8Tymtq+WCIXs/VX S4fPcSVE0Dj02BrZKnHQoO0qMHB+kMcPCy0BPk1fcgfQSw42u9hrAsKVafyXIY1jw4Mr uuWQjpqZNr3MkAADtlP+vCx5UVaufSbD93N3cS7V360Rq+rqxaTGKqlYc00F4pdWqjZl 2WBGxOPI4y/pyLz2tsbBfjYCOVSultqDH9SvsGfPgmicdgegJf2gANyKz0Tjdm125O5h x1aQ== X-Gm-Message-State: AOJu0YwKeMxMYVjzX/7NfbVautpPzGf4mHfJIatTI5JWmEfUcYn9pm0R V1Ii2oTQS2n+tGnDxku+fjYZ82XJ9YDFtZQB0wkJsD/3lBITxQP4CbLMHVfPyd4Hlzu5RQgl6S9 Fo6qFj6BEdoI= X-Received: by 2002:adf:ec4f:0:b0:32d:8357:42dd with SMTP id w15-20020adfec4f000000b0032d835742ddmr6883260wrn.68.1698687371992; Mon, 30 Oct 2023 10:36:11 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEboAELdFqaoOZREgnEhsC/lbRki6/0Jdh0l66f6RUru0wLk22AqSmUMVbSPZpU1ZFwEkh2hA== X-Received: by 2002:adf:ec4f:0:b0:32d:8357:42dd with SMTP id w15-20020adfec4f000000b0032d835742ddmr6883233wrn.68.1698687371568; Mon, 30 Oct 2023 10:36:11 -0700 (PDT) Received: from [192.168.1.174] ([151.81.68.207]) by smtp.googlemail.com with ESMTPSA id p14-20020a5d68ce000000b003253523d767sm8703507wrw.109.2023.10.30.10.36.08 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 30 Oct 2023 10:36:10 -0700 (PDT) Message-ID: Date: Mon, 30 Oct 2023 18:36:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v13 23/35] KVM: x86: Add support for "protected VMs" that can utilize private memory To: Sean Christopherson , Marc Zyngier , Oliver Upton , Huacai Chen , Michael Ellerman , Anup Patel , Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexander Viro , Christian Brauner , "Matthew Wilcox (Oracle)" , Andrew Morton Cc: kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Xiaoyao Li , Xu Yilun , Chao Peng , Fuad Tabba , Jarkko Sakkinen , Anish Moorthy , David Matlack , Yu Zhang , Isaku Yamahata , =?UTF-8?B?TWlja2HDq2wgU2FsYcO8?= =?UTF-8?Q?n?= , Vlastimil Babka , Vishal Annapurve , Ackerley Tng , Maciej Szmigiero , David Hildenbrand , Quentin Perret , Michael Roth , Wang , Liam Merwick , Isaku Yamahata , "Kirill A . Shutemov" References: <20231027182217.3615211-1-seanjc@google.com> <20231027182217.3615211-24-seanjc@google.com> From: Paolo Bonzini Autocrypt: addr=pbonzini@redhat.com; keydata= xsEhBFRCcBIBDqDGsz4K0zZun3jh+U6Z9wNGLKQ0kSFyjN38gMqU1SfP+TUNQepFHb/Gc0E2 CxXPkIBTvYY+ZPkoTh5xF9oS1jqI8iRLzouzF8yXs3QjQIZ2SfuCxSVwlV65jotcjD2FTN04 hVopm9llFijNZpVIOGUTqzM4U55sdsCcZUluWM6x4HSOdw5F5Utxfp1wOjD/v92Lrax0hjiX DResHSt48q+8FrZzY+AUbkUS+Jm34qjswdrgsC5uxeVcLkBgWLmov2kMaMROT0YmFY6A3m1S P/kXmHDXxhe23gKb3dgwxUTpENDBGcfEzrzilWueOeUWiOcWuFOed/C3SyijBx3Av/lbCsHU Vx6pMycNTdzU1BuAroB+Y3mNEuW56Yd44jlInzG2UOwt9XjjdKkJZ1g0P9dwptwLEgTEd3Fo UdhAQyRXGYO8oROiuh+RZ1lXp6AQ4ZjoyH8WLfTLf5g1EKCTc4C1sy1vQSdzIRu3rBIjAvnC tGZADei1IExLqB3uzXKzZ1BZ+Z8hnt2og9hb7H0y8diYfEk2w3R7wEr+Ehk5NQsT2MPI2QBd wEv1/Aj1DgUHZAHzG1QN9S8wNWQ6K9DqHZTBnI1hUlkp22zCSHK/6FwUCuYp1zcAEQEAAc0j UGFvbG8gQm9uemluaSA8cGJvbnppbmlAcmVkaGF0LmNvbT7CwU0EEwECACMFAlRCcBICGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRB+FRAMzTZpsbceDp9IIN6BIA0Ol7MoB15E 11kRz/ewzryFY54tQlMnd4xxfH8MTQ/mm9I482YoSwPMdcWFAKnUX6Yo30tbLiNB8hzaHeRj jx12K+ptqYbg+cevgOtbLAlL9kNgLLcsGqC2829jBCUTVeMSZDrzS97ole/YEez2qFpPnTV0 VrRWClWVfYh+JfzpXmgyhbkuwUxNFk421s4Ajp3d8nPPFUGgBG5HOxzkAm7xb1cjAuJ+oi/K CHfkuN+fLZl/u3E/fw7vvOESApLU5o0icVXeakfSz0LsygEnekDbxPnE5af/9FEkXJD5EoYG SEahaEtgNrR4qsyxyAGYgZlS70vkSSYJ+iT2rrwEiDlo31MzRo6Ba2FfHBSJ7lcYdPT7bbk9 AO3hlNMhNdUhoQv7M5HsnqZ6unvSHOKmReNaS9egAGdRN0/GPDWr9wroyJ65ZNQsHl9nXBqE AukZNr5oJO5vxrYiAuuTSd6UI/xFkjtkzltG3mw5ao2bBpk/V/YuePrJsnPFHG7NhizrxttB nTuOSCMo45pfHQ+XYd5K1+Cv/NzZFNWscm5htJ0HznY+oOsZvHTyGz3v91pn51dkRYN0otqr bQ4tlFFuVjArBZcapSIe6NV8C4cEiSTOwE0EVEJx7gEIAMeHcVzuv2bp9HlWDp6+RkZe+vtl KwAHplb/WH59j2wyG8V6i33+6MlSSJMOFnYUCCL77bucx9uImI5nX24PIlqT+zasVEEVGSRF m8dgkcJDB7Tps0IkNrUi4yof3B3shR+vMY3i3Ip0e41zKx0CvlAhMOo6otaHmcxr35sWq1Jk tLkbn3wG+fPQCVudJJECvVQ//UAthSSEklA50QtD2sBkmQ14ZryEyTHQ+E42K3j2IUmOLriF dNr9NvE1QGmGyIcbw2NIVEBOK/GWxkS5+dmxM2iD4Jdaf2nSn3jlHjEXoPwpMs0KZsgdU0pP JQzMUMwmB1wM8JxovFlPYrhNT9MAEQEAAcLBMwQYAQIACQUCVEJx7gIbDAAKCRB+FRAMzTZp sadRDqCctLmYICZu4GSnie4lKXl+HqlLanpVMOoFNnWs9oRP47MbE2wv8OaYh5pNR9VVgyhD OG0AU7oidG36OeUlrFDTfnPYYSF/mPCxHttosyt8O5kabxnIPv2URuAxDByz+iVbL+RjKaGM GDph56ZTswlx75nZVtIukqzLAQ5fa8OALSGum0cFi4ptZUOhDNz1onz61klD6z3MODi0sBZN Aj6guB2L/+2ZwElZEeRBERRd/uommlYuToAXfNRdUwrwl9gRMiA0WSyTb190zneRRDfpSK5d usXnM/O+kr3Dm+Ui+UioPf6wgbn3T0o6I5BhVhs4h4hWmIW7iNhPjX1iybXfmb1gAFfjtHfL xRUr64svXpyfJMScIQtBAm0ihWPltXkyITA92ngCmPdHa6M1hMh4RDX+Jf1fiWubzp1voAg0 JBrdmNZSQDz0iKmSrx8xkoXYfA3bgtFN8WJH2xgFL28XnqY4M6dLhJwV3z08tPSRqYFm4NMP dRsn0/7oymhneL8RthIvjDDQ5ktUjMe8LtHr70OZE/TT88qvEdhiIVUogHdo4qBrk41+gGQh b906Dudw5YhTJFU3nC6bbF2nrLlB4C/XSiH76ZvqzV0Z/cAMBo5NF/w= In-Reply-To: <20231027182217.3615211-24-seanjc@google.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 181AB18001B X-Rspam-User: X-Stat-Signature: qj7mzq5y3dar9nrwssxwowrk5ckb3huq X-Rspamd-Server: rspam03 X-HE-Tag: 1698687376-942947 X-HE-Meta: U2FsdGVkX1+bLGL1Yf8OfNyClsQfvMyunFhVkA00+/svM0Fw1NCMYNMdorBCkIRdMU9Q+jonCX6u10j2IWKxPQgOoIisKpVNWSsfvvXZYEAFMsmTBD4Y/OWIkhc6sn0ivs7LdmQmU0nzmApCdDLxySKrrZtpmd0QGXQrVh7lZptxulPzdt5YJA0UoIZ5S6Fiohe8Jy8FR8NyY6RY0TfB+H7HJShUBxeSc3BxnuYgPST1zg0Y5v1jU6GPLJVFCGxbO6GVzHWhmUBjMNkca6wd77K8ow6pl9ZlImakXoHdKKVs+bvS3A/ekpqZU67FGZe983s5LIdQtu2ak/yzMdYVVAlACTZBCeEPjB+aQLt/YpewY+/Mewxkosl4hKt2HcM35z+6dt27KtWdJ04kWoTI6ZaOWm92IdmIt8o0gWRT6hnsEEf0HFe76Y61GBCdDIMKSC+zmrH9KDAS33m75Nvn9MrmYkPBYGNpYjY/3etr8mYgP6ridw0DRaJ758XHKsM1WHCBELXXAk2bd2ROWsGBaaiVSyZDNSKwFbZiV+lKPxU/b5fwprynUXNccerDK0Af+Dz5iKBl7CCkEHIO4IqPIS1pSJScVrJC6XN9l2wKJG3aXeMViUFcFp4XP2JaMIFlgMNSoA4VKsiKgd8Qq51Uqof8JzwhJurpkvHXopH+hHxfdcP9XZp/E43v5uNEcsMK4WG5Ts/DtsBpdhEDbP7RVV69orIEVXIAbORFC+zpnzZh9EOnYt6lfQ3NW32cEP8CnxiO6mItaLlmeZQjRxlLQnfbFL8W34ibbhHVNWDF0V5aYqKCRXBNBRAlBQZFxjwCoxTascoFvvSF5F4ls6u28HVzXyPAsqvCSbrGr4LCOcA7hNrfe9yDqnRegH/7WzpfkiXZGLLN5bdpakLO7Iz8zZ6HsgvnPTLnALXe0AKQ7S2/sxsV0Lgcfyc4jIAZEP7pSofm7N1hSz13Bxb+JNr F/H/kWpz beOCvTZUOqJDc31K9qaqc9H1Jznr/3cTHSjSTfGCElGjZILmRA7rePCcp1JyT+HkQwCARw+JQ1jPK++BqLhRXrcG7yGtoBWBQGAwsx8NOVsBYk4DSB/7EP0znR6hdvWDY74ik5CUC0ydLjY4CEnf2uCjIiJPClGr93NokvuV3CjhYnIwrrTk1egrv5y9d5TPN04TvwqAuiU/TgDB54YtuP5D1L5yo7TO63PjI0fBlCAMQNSl5/qPqKvGtFAcQwk6l/aulmIzg6ZuFKgKMerV91qO5yQN3OSPwsKMtWwCRby4BtmFTlUn4Y7RqpZeOlLKHJNGLZY4fRNGXy3Js2OmBJid1JI/tomsJxcVmFh5J3jLJvOwNY1NIkdqQ2hL8NN98FxavFw8s3oIYWHBr1mS2I08Fdv8kmL77NBbH833gV/J3dfOsTCzgl4x5hD1l5xzIMRU+7Rat67QFcD344V9TvOWheUXwtj+15M6nXntZ9sLeg7K+iDFNClAwWHq9ONsGBXcb9zknbAUZw20= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 10/27/23 20:22, Sean Christopherson wrote: > Add a new x86 VM type, KVM_X86_SW_PROTECTED_VM, to serve as a development > and testing vehicle for Confidential (CoCo) VMs, and potentially to even > become a "real" product in the distant future, e.g. a la pKVM. > > The private memory support in KVM x86 is aimed at AMD's SEV-SNP and > Intel's TDX, but those technologies are extremely complex (understatement), > difficult to debug, don't support running as nested guests, and require > hardware that's isn't universally accessible. I.e. relying SEV-SNP or TDX > for maintaining guest private memory isn't a realistic option. > > At the very least, KVM_X86_SW_PROTECTED_VM will enable a variety of > selftests for guest_memfd and private memory support without requiring > unique hardware. > > Signed-off-by: Sean Christopherson Reviewed-by: Paolo Bonzini with one nit: > +--------------------- > + > +:Capability: KVM_CAP_MEMORY_ATTRIBUTES > +:Architectures: x86 > +:Type: system ioctl > + > +This capability returns a bitmap of support VM types. The 1-setting of bit @n s/support/supported/ Paolo