All of lore.kernel.org
 help / color / mirror / Atom feed
From: Fuad Tabba <tabba@google.com>
To: kvm@vger.kernel.org
Cc: julien.thierry.kdev@gmail.com, andre.przywara@arm.com,
	alexandru.elisei@arm.com, alex.bennee@linaro.org,
	will@kernel.org, tabba@google.com
Subject: [RFC PATCH kvmtool v1 00/32] Add support for restricted guest memory in kvmtool
Date: Fri,  2 Dec 2022 17:43:45 +0000	[thread overview]
Message-ID: <20221202174417.1310826-1-tabba@google.com> (raw)

The main goal of this patch series is to add support for the the
restricted guest memory proposali (V9) [1] to kvmtool (V10 was
released today [2]). This proposal is still being discussed, but
it seems to be close to its final form. The intention is that
the restricted guest memory would be used in various confidential
computing environments, such as TDX and pKVM.

This series is intended to work with the kernel in of the
V9 proposal [1], in addition to work to port it to
pKVM [3]. It has been tested on qemu/arm64.

The patch series is divided as follows:

Patches 1--4:
General fixes and tidying up

Patches 5--18:
Move kvmtool from allocating guest vm memory using anonymous mmap
to using memfd/ftruncate. The main motivation is to support the
fd-based kvm guest memory proposal [1, 2]. It also facilitates using
ipc memory sharing should that be needed in the future. It also
moves kvmtool to using only a file based backend for guest memory
allocation, with the file descriptor being the canonical
reference to guest memory. The idea is to refer to all allocated
guest memory via a file descriptor.

Patches 19--28:
Add architecture-independent framework to support restricted
guest memory.

Patches 29--32:
Add pKVM-specific (arm64) support for restricted guest memory.

I had posted a subset of this series earlier covering patches
1--18  [4]. This series incorporates fixes and suggestions from
Alex into those patches.

Cheers,
/fuad

[1] https://lore.kernel.org/all/20221025151344.3784230-1-chao.p.peng@linux.intel.com/
[2] https://lore.kernel.org/all/20221202061347.1070246-1-chao.p.peng@linux.intel.com/
[3] https://android-kvm.googlesource.com/kvmtool/+/refs/heads/tabba/fdmem-v9-core
[4] https://lore.kernel.org/all/20221115111549.2784927-1-tabba@google.com/

Fuad Tabba (31):
  Initialize the return value in kvm__for_each_mem_bank()
  Remove newline from end of die() aborts
  Make mmap_hugetlbfs() static
  Rename parameter in mmap_anon_or_hugetlbfs()
  Add hostmem va to debug print
  Factor out getting the hugetlb block size
  Use memfd for hugetlbfs when allocating guest ram
  Make blk_size a parameter and pass it to mmap_hugetlbfs()
  Use memfd for all guest ram allocations
  Allocate pvtime memory with memfd
  Allocate vesa memory with memfd
  Add a function that allocates aligned memory if specified
  Use new function to align memory
  Remove struct fields and code used for alignment
  Replace kvm__arch_delete_ram() with kvm__delete_ram()
  Remove no-longer used macro
  Factor out set_user_memory_region code
  Pass the memory file descriptor and offset when registering ram
  Add memfd_restricted system call
  Add kvm linux headers and structure extensions for restricted_fd
  Add option for enabling restricted memory for guests
  Change guest ram mapping from private to shared
  Change pvtime mapping from private to shared
  Change vesa mapping from private to shared
  Allocate guest memory as restricted if needed
  Use the new fd-based extended memory region
  Track the memfd in the bank
  Add functions for mapping/unmapping guest memory
  pkvm: Enable exit hypercall capability if supported
  pkvm: Handle (un)share hypercalls coming from the guest
  pkvm: Unmap all guest memory after initialization

Will Deacon (1):
  pkvm: Add option to spawn a protected vm in pkvm

 arm/aarch32/include/kvm/kvm-arch.h |   1 +
 arm/aarch64/include/asm/kvm.h      |   7 +
 arm/aarch64/include/kvm/kvm-arch.h |   1 +
 arm/aarch64/kvm.c                  |  26 +++
 arm/aarch64/pvtime.c               |  20 +-
 arm/fdt.c                          |  18 ++
 arm/include/arm-common/fdt-arch.h  |   2 +-
 arm/include/arm-common/kvm-arch.h  |   7 -
 arm/kvm-cpu.c                      |  58 ++++++
 arm/kvm.c                          |  41 ++--
 arm/pci.c                          |   3 +
 builtin-run.c                      |   7 +
 framebuffer.c                      |   2 +
 hw/cfi_flash.c                     |   4 +-
 hw/vesa.c                          |  17 +-
 include/kvm/framebuffer.h          |   1 +
 include/kvm/kvm-config.h           |   2 +
 include/kvm/kvm.h                  |  25 ++-
 include/kvm/util.h                 |   5 +-
 include/linux/kvm.h                |  19 ++
 kvm.c                              | 301 ++++++++++++++++++++++++++---
 mips/kvm.c                         |  11 +-
 powerpc/kvm.c                      |   7 +-
 riscv/include/kvm/kvm-arch.h       |   7 -
 riscv/kvm.c                        |  26 +--
 util/util.c                        | 131 ++++++++++---
 vfio/core.c                        |   3 +-
 virtio/pci-modern.c                |   3 +
 x86/kvm.c                          |  11 +-
 29 files changed, 606 insertions(+), 160 deletions(-)


base-commit: e17d182ad3f797f01947fc234d95c96c050c534b
-- 
2.39.0.rc0.267.gcb52ba06e7-goog


             reply	other threads:[~2022-12-02 17:44 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-02 17:43 Fuad Tabba [this message]
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 01/32] Initialize the return value in kvm__for_each_mem_bank() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 02/32] Remove newline from end of die() aborts Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 03/32] Make mmap_hugetlbfs() static Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 04/32] Rename parameter in mmap_anon_or_hugetlbfs() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 05/32] Add hostmem va to debug print Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 06/32] Factor out getting the hugetlb block size Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 07/32] Use memfd for hugetlbfs when allocating guest ram Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 08/32] Make blk_size a parameter and pass it to mmap_hugetlbfs() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 09/32] Use memfd for all guest ram allocations Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 10/32] Allocate pvtime memory with memfd Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 11/32] Allocate vesa " Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 12/32] Add a function that allocates aligned memory if specified Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 13/32] Use new function to align memory Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 14/32] Remove struct fields and code used for alignment Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 15/32] Replace kvm__arch_delete_ram() with kvm__delete_ram() Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 16/32] Remove no-longer used macro Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 17/32] Factor out set_user_memory_region code Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 18/32] Pass the memory file descriptor and offset when registering ram Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 19/32] Add memfd_restricted system call Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 20/32] Add kvm linux headers and structure extensions for restricted_fd Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 21/32] Add option for enabling restricted memory for guests Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 22/32] Change guest ram mapping from private to shared Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 23/32] Change pvtime " Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 24/32] Change vesa " Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 25/32] Allocate guest memory as restricted if needed Fuad Tabba
2022-12-07 14:25   ` Steven Price
2022-12-07 14:52     ` Fuad Tabba
2022-12-07 15:09       ` Steven Price
2022-12-07 15:30         ` Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 26/32] Use the new fd-based extended memory region Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 27/32] Track the memfd in the bank Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 28/32] Add functions for mapping/unmapping guest memory Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 29/32] pkvm: Add option to spawn a protected vm in pkvm Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 30/32] pkvm: Enable exit hypercall capability if supported Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 31/32] pkvm: Handle (un)share hypercalls coming from the guest Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 32/32] pkvm: Unmap all guest memory after initialization Fuad Tabba

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221202174417.1310826-1-tabba@google.com \
    --to=tabba@google.com \
    --cc=alex.bennee@linaro.org \
    --cc=alexandru.elisei@arm.com \
    --cc=andre.przywara@arm.com \
    --cc=julien.thierry.kdev@gmail.com \
    --cc=kvm@vger.kernel.org \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.