From: Sean Christopherson <seanjc@google.com>
To: Ackerley Tng <ackerleytng@google.com>
Cc: syzbot+33a04338019ac7e43a44@syzkaller.appspotmail.com,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
pbonzini@redhat.com, syzkaller-bugs@googlegroups.com,
david@kernel.org, michael.roth@amd.com, vannapurve@google.com,
kartikey406@gmail.com
Subject: Re: [PATCH] KVM: guest_memfd: Disable VMA merging with VM_DONTEXPAND
Date: Wed, 4 Feb 2026 13:37:16 -0800 [thread overview]
Message-ID: <aYO8DLCWw8FEQUAU@google.com> (raw)
In-Reply-To: <CAEvNRgF75EsHL8idLzFzbk0K9uhE70AMj5Vitp4cKNg_5WqQKw@mail.gmail.com>
On Wed, Feb 04, 2026, Ackerley Tng wrote:
> Ackerley Tng <ackerleytng@google.com> writes:
>
> > #syz test: git://git.kernel.org/pub/scm/virt/kvm/kvm.git next
> >
> > guest_memfd VMAs don't need to be merged,
Why not? There are benefits to merging VMAs that have nothing to do with folios.
E.g. map 1GiB of guest_memfd with 512*512 4KiB VMAs, and then it becomes quite
desirable to merge all of those VMAs into one.
Creating _hugepages_ doesn't add value, but that's not the same things as merging
VMAs.
> > especially now, since guest_memfd only supports PAGE_SIZE folios.
> >
> > Set VM_DONTEXPAND on guest_memfd VMAs.
>
> Local tests and syzbot agree that this fixes the issue identified. :)
>
> I would like to look into madvise(MADV_COLLAPSE) and uprobes triggering
> mapping/folio collapsing before submitting a full patch series.
>
> David, Michael, Vishal, what do you think of the choice of setting
> VM_DONTEXPAND to disable khugepaged?
I'm not one of the above, but for me it feels very much like treating a symptom
and not fixing the underlying cause.
It seems like what KVM should do is not block one path that triggers hugepage
processing, but instead flat out disallow creating hugepages. Unfortunately,
AFAICT, there's no existing way to prevent madvise() from clearing VM_NOHUGEPAGE,
so we can't simply force that flag.
I'd prefer not to special case guest_memfd, a la devdax, but I also want to address
this head-on, not by removing a tangentially related trigger.
> + For 4K guest_memfd, there's really nothing to expand
> + For THP and HugeTLB guest_memfd (future), we actually don't want
> expansion of the VMAs.
>
> IIUC setting VM_DONTEXPAND doesn't affect mremap() as long as the
> remapping does not involve expansion.
>
> > In addition, this disables khugepaged from operating on guest_memfd folios,
> > which may result in unintended merging of guest_memfd folios.
> >
> > Change-Id: I5867edcb66b075b54b25260afd22a198aee76df1
> > Signed-off-by: Ackerley Tng <ackerleytng@google.com>
> > ---
> > virt/kvm/guest_memfd.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c
> > index fdaea3422c30..3d4ac461c28b 100644
> > --- a/virt/kvm/guest_memfd.c
> > +++ b/virt/kvm/guest_memfd.c
> > @@ -480,6 +480,12 @@ static int kvm_gmem_mmap(struct file *file, struct vm_area_struct *vma)
> > return -EINVAL;
> > }
> >
> > + /*
> > + * Disable VMA merging - guest_memfd VMAs should be
> > + * static. This also stops khugepaged from operating on
> > + * guest_memfd VMAs and folios.
> > + */
> > + vm_flags_set(vma, VM_DONTEXPAND);
> > vma->vm_ops = &kvm_gmem_vm_ops;
> >
> > return 0;
> > --
> > 2.53.0.rc2.204.g2597b5adb4-goog
next prev parent reply other threads:[~2026-02-04 21:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-30 20:15 [syzbot] [kvm?] WARNING in kvm_gmem_fault_user_mapping syzbot
2026-02-01 4:57 ` Forwarded: [PATCH] KVM: guest_memfd: Restrict to order-0 folios until large folio support is implemented syzbot
2026-02-01 5:48 ` syzbot
2026-02-01 7:48 ` syzbot
2026-02-01 11:08 ` syzbot
2026-02-02 8:34 ` Forwarded: [PATCH] KVM: guest_memfd: Reject large folios until " syzbot
2026-02-02 15:11 ` syzbot
2026-02-03 20:06 ` Forwarded: [PATCH 1/2] KVM: guest_memfd: Always use order 0 when allocating for guest_memfd syzbot
2026-02-04 17:01 ` [PATCH] KVM: guest_memfd: Disable VMA merging with VM_DONTEXPAND Ackerley Tng
2026-02-04 18:21 ` [syzbot] [kvm?] WARNING in kvm_gmem_fault_user_mapping syzbot
2026-02-04 19:10 ` [PATCH] KVM: guest_memfd: Disable VMA merging with VM_DONTEXPAND Ackerley Tng
2026-02-04 21:37 ` Sean Christopherson [this message]
2026-02-04 21:45 ` David Hildenbrand (arm)
2026-02-04 23:17 ` Ackerley Tng
2026-02-08 17:34 ` Ackerley Tng
2026-02-09 3:40 ` Deepanshu Kartikey
2026-02-09 10:38 ` David Hildenbrand (Arm)
2026-02-09 18:24 ` Ackerley Tng
2026-02-09 19:38 ` David Hildenbrand (Arm)
2026-02-09 1:55 ` Forwarded: [PATCH] KVM: guest_memfd: Prevent THP collapse of guest_memfd pages syzbot
2026-02-09 2:02 ` Forwarded: [PATCH] mm: thp: Deny THP for guest_memfd and secretmem in file_thp_enabled() syzbot
2026-02-09 13:11 ` syzbot
2026-02-13 15:43 ` Forwarded: [PATCH] mm: thp: deny THP for files on anonymous inodes syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYO8DLCWw8FEQUAU@google.com \
--to=seanjc@google.com \
--cc=ackerleytng@google.com \
--cc=david@kernel.org \
--cc=kartikey406@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=syzbot+33a04338019ac7e43a44@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=vannapurve@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox