From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1EAAEEA71AA for ; Sun, 19 Apr 2026 23:02:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:In-Reply-To:References: Message-ID:Date:Subject:CC:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=Fku6zIYga81uiPSJgcymssaKYR33ucoc4XIZFhkvVC4=; b=I4a3Kk7H0dCwhv IQcYHAXIQuABcPwyurQsQLIodsUG2mJM320Dcapohz1UBaKBsFonC1adWpCLL0aYkSFIjsFX2dBvW f0VJjvtS0nZd+/V+JTIJKiBfb759Of3jGzKKuxlq5Kme5Pb9gOs7cTfr4CO7hG6Rt3rc0vWVgXSKj wXSKDC5UzRgjMau2RhfuVr/9t9FFoptzPymDBrP+Pvh89n80qu6tTJtXiYRyNWKkUUPp6y6IplZl2 G5qPs7oFIoAn+zIgb0jeenmIIQA5+pxrAkcES5T0fksCu7H6+HuA8Nachli1DUdKKwvdJAkYG0vXQ eSiafsGF+DzGDC9zDGBA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux)) id 1wEb9S-000000069QX-3J1o; Sun, 19 Apr 2026 23:02:06 +0000 Received: from iad-out-013.esa.us-east-1.outbound.mail-perimeter.amazon.com ([34.198.218.121]) by bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux)) id 1wBDca-0000000CRnr-4Aod; Fri, 10 Apr 2026 15:18:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazoncorp2; t=1775834293; x=1807370293; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=wtjHGpnQg1lu73D2AL344q66wwOjm1vkuSNtOJPDZj4=; b=e6bNnGGXBGaVaemnkpXvQvyaFjgkBVNWHomRmJP9u2l3tkcJbyLxPDQF WuXuyXnFoehaxRJ4AXIMDCUWAf8RyULjkUjy+kWBIy32EpwloCDwGUUqN X0PbBc0zaO6lknm3z0Jx5vPAbRZ64VGT3OoOagnuWaWmMULobwLbf6mtD Gr0S42O7Xz60tB+w2gFlAVQqfUJNSO3VEnWbj++u7b3AUXXFyVhvpGlZB BquGhn4LLKnRtutO6Hu6A4PMS+ClfDkcizYy9LFFPIwFa9W6gm3XdBmcW U7wbKS1Uf5fYFcLY7vztnC6wzvUmKxJafldjGMal9EybyIIxNcVwC6BYM A==; X-CSE-ConnectionGUID: BTx+enIwRwGAT80uKS6img== X-CSE-MsgGUID: 9iPVJ/7aQoyu6dbmF3RzpA== X-IronPort-AV: E=Sophos;i="6.23,171,1770595200"; d="scan'208";a="15428526" Received: from ip-10-4-7-229.ec2.internal (HELO smtpout.naws.us-east-1.prod.farcaster.email.amazon.dev) ([10.4.7.229]) by internal-iad-out-013.esa.us-east-1.outbound.mail-perimeter.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Apr 2026 15:18:10 +0000 Received: from EX19MTAUEA001.ant.amazon.com [72.21.196.67:8399] by smtpin.naws.us-east-1.prod.farcaster.email.amazon.dev [10.0.29.254:2525] with esmtp (Farcaster) id ab9b97a0-55cc-470f-a2db-ce7ac5d2c725; Fri, 10 Apr 2026 15:18:10 +0000 (UTC) X-Farcaster-Flow-ID: ab9b97a0-55cc-470f-a2db-ce7ac5d2c725 Received: from EX19D027UEC002.ant.amazon.com (10.252.137.166) by EX19MTAUEA001.ant.amazon.com (10.252.134.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Fri, 10 Apr 2026 15:18:09 +0000 Received: from EX19D027UEC003.ant.amazon.com (10.252.137.250) by EX19D027UEC002.ant.amazon.com (10.252.137.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.2562.37; Fri, 10 Apr 2026 15:18:09 +0000 Received: from EX19D027UEC003.ant.amazon.com ([fe80::887f:519b:ba73:21d]) by EX19D027UEC003.ant.amazon.com ([fe80::887f:519b:ba73:21d%3]) with mapi id 15.02.2562.037; Fri, 10 Apr 2026 15:18:09 +0000 From: "Kalyazin, Nikita" To: "kvm@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-arm-kernel@lists.infradead.org" , "kvmarm@lists.linux.dev" , "linux-fsdevel@vger.kernel.org" , "linux-mm@kvack.org" , "bpf@vger.kernel.org" , "linux-kselftest@vger.kernel.org" , "kernel@xen0n.name" , "linux-riscv@lists.infradead.org" , "linux-s390@vger.kernel.org" , "loongarch@lists.linux.dev" , "linux-pm@vger.kernel.org" CC: "pbonzini@redhat.com" , "corbet@lwn.net" , "maz@kernel.org" , "oupton@kernel.org" , "joey.gouly@arm.com" , "suzuki.poulose@arm.com" , "yuzenghui@huawei.com" , "catalin.marinas@arm.com" , "will@kernel.org" , "seanjc@google.com" , "tglx@kernel.org" , "mingo@redhat.com" , "bp@alien8.de" , "dave.hansen@linux.intel.com" , "x86@kernel.org" , "hpa@zytor.com" , "luto@kernel.org" , "peterz@infradead.org" , "willy@infradead.org" , "akpm@linux-foundation.org" , "david@kernel.org" , "lorenzo.stoakes@oracle.com" , "vbabka@kernel.org" , "rppt@kernel.org" , "surenb@google.com" , "mhocko@suse.com" , "ast@kernel.org" , "daniel@iogearbox.net" , "andrii@kernel.org" , "martin.lau@linux.dev" , "eddyz87@gmail.com" , "song@kernel.org" , "yonghong.song@linux.dev" , "john.fastabend@gmail.com" , "kpsingh@kernel.org" , "sdf@fomichev.me" , "haoluo@google.com" , "jolsa@kernel.org" , "jgg@ziepe.ca" , "jhubbard@nvidia.com" , "peterx@redhat.com" , "jannh@google.com" , "pfalcato@suse.de" , "skhan@linuxfoundation.org" , "riel@surriel.com" , "ryan.roberts@arm.com" , "jgross@suse.com" , "yu-cheng.yu@intel.com" , "kas@kernel.org" , "coxu@redhat.com" , "ackerleytng@google.com" , "yosry@kernel.org" , "ajones@ventanamicro.com" , "maobibo@loongson.cn" , "tabba@google.com" , "prsampat@amd.com" , "wu.fei9@sanechips.com.cn" , "mlevitsk@redhat.com" , "jmattson@google.com" , "jthoughton@google.com" , "agordeev@linux.ibm.com" , "alex@ghiti.fr" , "aou@eecs.berkeley.edu" , "borntraeger@linux.ibm.com" , "chenhuacai@kernel.org" , "baolu.lu@linux.intel.com" , "dev.jain@arm.com" , "gor@linux.ibm.com" , "hca@linux.ibm.com" , "palmer@dabbelt.com" , "pjw@kernel.org" , "shijie@os.amperecomputing.com" , "svens@linux.ibm.com" , "thuth@redhat.com" , "yang@os.amperecomputing.com" , "Liam.Howlett@oracle.com" , "urezki@gmail.com" , "zhengqi.arch@bytedance.com" , "gerald.schaefer@linux.ibm.com" , "jiayuan.chen@shopee.com" , "lenb@kernel.org" , "pavel@kernel.org" , "rafael@kernel.org" , "yangyicong@hisilicon.com" , "vannapurve@google.com" , "jackmanb@google.com" , "patrick.roy@linux.dev" , "Thomson, Jack" , "Itazuri, Takahiro" , "Manwaring, Derek" , "Kalyazin, Nikita" Subject: [PATCH v12 02/16] set_memory: add folio_{zap,restore}_direct_map helpers Thread-Topic: [PATCH v12 02/16] set_memory: add folio_{zap,restore}_direct_map helpers Thread-Index: AQHcyP09iU0saiM/JE2jxlJdvD20bQ== Date: Fri, 10 Apr 2026 15:18:09 +0000 Message-ID: <20260410151746.61150-3-kalyazin@amazon.com> References: <20260410151746.61150-1-kalyazin@amazon.com> In-Reply-To: <20260410151746.61150-1-kalyazin@amazon.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [172.19.103.116] MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20260410_081813_172996_0901F54F X-CRM114-Status: GOOD ( 10.90 ) X-Mailman-Approved-At: Sun, 19 Apr 2026 16:02:05 -0700 X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org From: Nikita Kalyazin Let's provide folio_{zap,restore}_direct_map helpers as preparation for supporting removal of the direct map for guest_memfd folios. In folio_zap_direct_map(), flush TLB to make sure the data is not accessible. On some architectures, there may be a double TLB flush issued because set_direct_map_valid_noflush already performs a flush internally. The new helpers need to be accessible to KVM on architectures that support guest_memfd (x86 and arm64). Direct map removal gives guest_memfd the same protection that memfd_secret does, such as hardening against Spectre-like attacks through in-kernel gadgets. Acked-by: David Hildenbrand (Arm) Signed-off-by: Nikita Kalyazin --- include/linux/set_memory.h | 13 +++++++++++ mm/memory.c | 45 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h index 1a2563f525fc..24caea2931f9 100644 --- a/include/linux/set_memory.h +++ b/include/linux/set_memory.h @@ -41,6 +41,15 @@ static inline int set_direct_map_valid_noflush(const void *addr, return 0; } +static inline int folio_zap_direct_map(struct folio *folio) +{ + return 0; +} + +static inline void folio_restore_direct_map(struct folio *folio) +{ +} + static inline bool kernel_page_present(struct page *page) { return true; @@ -57,6 +66,10 @@ static inline bool can_set_direct_map(void) } #define can_set_direct_map can_set_direct_map #endif + +int folio_zap_direct_map(struct folio *folio); +void folio_restore_direct_map(struct folio *folio); + #endif /* CONFIG_ARCH_HAS_SET_DIRECT_MAP */ #ifdef CONFIG_X86_64 diff --git a/mm/memory.c b/mm/memory.c index 2f815a34d924..3b9ada2cc19c 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -78,6 +78,7 @@ #include #include #include +#include #include @@ -7479,3 +7480,47 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma) if (is_vm_hugetlb_page(vma)) hugetlb_vma_unlock_read(vma); } + +#ifdef CONFIG_ARCH_HAS_SET_DIRECT_MAP +/** + * folio_zap_direct_map - remove a folio from the kernel direct map + * @folio: folio to remove from the direct map + * + * Removes the folio from the kernel direct map and flushes the TLB. This may + * require splitting huge pages in the direct map, which can fail due to memory + * allocation. So far, only order-0 folios are supported. + * + * Return: 0 on success, or a negative error code on failure. + */ +int folio_zap_direct_map(struct folio *folio) +{ + const void *addr = folio_address(folio); + int ret; + + if (folio_test_large(folio)) + return -EINVAL; + + ret = set_direct_map_valid_noflush(addr, folio_nr_pages(folio), false); + flush_tlb_kernel_range((unsigned long)addr, + (unsigned long)addr + folio_size(folio)); + + return ret; +} +EXPORT_SYMBOL_FOR_MODULES(folio_zap_direct_map, "kvm"); + +/** + * folio_restore_direct_map - restore the kernel direct map entry for a folio + * @folio: folio whose direct map entry is to be restored + * + * This may only be called after a prior successful folio_zap_direct_map() on + * the same folio. Because the zap will have already split any huge pages in + * the direct map, restoration here only updates protection bits and cannot + * fail. + */ +void folio_restore_direct_map(struct folio *folio) +{ + WARN_ON_ONCE(set_direct_map_valid_noflush(folio_address(folio), + folio_nr_pages(folio), true)); +} +EXPORT_SYMBOL_FOR_MODULES(folio_restore_direct_map, "kvm"); +#endif /* CONFIG_ARCH_HAS_SET_DIRECT_MAP */ -- 2.50.1 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv