From: Fuad Tabba <tabba@google.com>
To: kvm@vger.kernel.org
Cc: julien.thierry.kdev@gmail.com, andre.przywara@arm.com,
alexandru.elisei@arm.com, alex.bennee@linaro.org,
will@kernel.org, tabba@google.com
Subject: [RFC PATCH kvmtool v1 00/32] Add support for restricted guest memory in kvmtool
Date: Fri, 2 Dec 2022 17:43:45 +0000 [thread overview]
Message-ID: <20221202174417.1310826-1-tabba@google.com> (raw)
The main goal of this patch series is to add support for the the
restricted guest memory proposali (V9) [1] to kvmtool (V10 was
released today [2]). This proposal is still being discussed, but
it seems to be close to its final form. The intention is that
the restricted guest memory would be used in various confidential
computing environments, such as TDX and pKVM.
This series is intended to work with the kernel in of the
V9 proposal [1], in addition to work to port it to
pKVM [3]. It has been tested on qemu/arm64.
The patch series is divided as follows:
Patches 1--4:
General fixes and tidying up
Patches 5--18:
Move kvmtool from allocating guest vm memory using anonymous mmap
to using memfd/ftruncate. The main motivation is to support the
fd-based kvm guest memory proposal [1, 2]. It also facilitates using
ipc memory sharing should that be needed in the future. It also
moves kvmtool to using only a file based backend for guest memory
allocation, with the file descriptor being the canonical
reference to guest memory. The idea is to refer to all allocated
guest memory via a file descriptor.
Patches 19--28:
Add architecture-independent framework to support restricted
guest memory.
Patches 29--32:
Add pKVM-specific (arm64) support for restricted guest memory.
I had posted a subset of this series earlier covering patches
1--18 [4]. This series incorporates fixes and suggestions from
Alex into those patches.
Cheers,
/fuad
[1] https://lore.kernel.org/all/20221025151344.3784230-1-chao.p.peng@linux.intel.com/
[2] https://lore.kernel.org/all/20221202061347.1070246-1-chao.p.peng@linux.intel.com/
[3] https://android-kvm.googlesource.com/kvmtool/+/refs/heads/tabba/fdmem-v9-core
[4] https://lore.kernel.org/all/20221115111549.2784927-1-tabba@google.com/
Fuad Tabba (31):
Initialize the return value in kvm__for_each_mem_bank()
Remove newline from end of die() aborts
Make mmap_hugetlbfs() static
Rename parameter in mmap_anon_or_hugetlbfs()
Add hostmem va to debug print
Factor out getting the hugetlb block size
Use memfd for hugetlbfs when allocating guest ram
Make blk_size a parameter and pass it to mmap_hugetlbfs()
Use memfd for all guest ram allocations
Allocate pvtime memory with memfd
Allocate vesa memory with memfd
Add a function that allocates aligned memory if specified
Use new function to align memory
Remove struct fields and code used for alignment
Replace kvm__arch_delete_ram() with kvm__delete_ram()
Remove no-longer used macro
Factor out set_user_memory_region code
Pass the memory file descriptor and offset when registering ram
Add memfd_restricted system call
Add kvm linux headers and structure extensions for restricted_fd
Add option for enabling restricted memory for guests
Change guest ram mapping from private to shared
Change pvtime mapping from private to shared
Change vesa mapping from private to shared
Allocate guest memory as restricted if needed
Use the new fd-based extended memory region
Track the memfd in the bank
Add functions for mapping/unmapping guest memory
pkvm: Enable exit hypercall capability if supported
pkvm: Handle (un)share hypercalls coming from the guest
pkvm: Unmap all guest memory after initialization
Will Deacon (1):
pkvm: Add option to spawn a protected vm in pkvm
arm/aarch32/include/kvm/kvm-arch.h | 1 +
arm/aarch64/include/asm/kvm.h | 7 +
arm/aarch64/include/kvm/kvm-arch.h | 1 +
arm/aarch64/kvm.c | 26 +++
arm/aarch64/pvtime.c | 20 +-
arm/fdt.c | 18 ++
arm/include/arm-common/fdt-arch.h | 2 +-
arm/include/arm-common/kvm-arch.h | 7 -
arm/kvm-cpu.c | 58 ++++++
arm/kvm.c | 41 ++--
arm/pci.c | 3 +
builtin-run.c | 7 +
framebuffer.c | 2 +
hw/cfi_flash.c | 4 +-
hw/vesa.c | 17 +-
include/kvm/framebuffer.h | 1 +
include/kvm/kvm-config.h | 2 +
include/kvm/kvm.h | 25 ++-
include/kvm/util.h | 5 +-
include/linux/kvm.h | 19 ++
kvm.c | 301 ++++++++++++++++++++++++++---
mips/kvm.c | 11 +-
powerpc/kvm.c | 7 +-
riscv/include/kvm/kvm-arch.h | 7 -
riscv/kvm.c | 26 +--
util/util.c | 131 ++++++++++---
vfio/core.c | 3 +-
virtio/pci-modern.c | 3 +
x86/kvm.c | 11 +-
29 files changed, 606 insertions(+), 160 deletions(-)
base-commit: e17d182ad3f797f01947fc234d95c96c050c534b
--
2.39.0.rc0.267.gcb52ba06e7-goog
next reply other threads:[~2022-12-02 17:44 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 17:43 Fuad Tabba [this message]
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 01/32] Initialize the return value in kvm__for_each_mem_bank() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 02/32] Remove newline from end of die() aborts Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 03/32] Make mmap_hugetlbfs() static Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 04/32] Rename parameter in mmap_anon_or_hugetlbfs() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 05/32] Add hostmem va to debug print Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 06/32] Factor out getting the hugetlb block size Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 07/32] Use memfd for hugetlbfs when allocating guest ram Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 08/32] Make blk_size a parameter and pass it to mmap_hugetlbfs() Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 09/32] Use memfd for all guest ram allocations Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 10/32] Allocate pvtime memory with memfd Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 11/32] Allocate vesa " Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 12/32] Add a function that allocates aligned memory if specified Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 13/32] Use new function to align memory Fuad Tabba
2022-12-02 17:43 ` [RFC PATCH kvmtool v1 14/32] Remove struct fields and code used for alignment Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 15/32] Replace kvm__arch_delete_ram() with kvm__delete_ram() Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 16/32] Remove no-longer used macro Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 17/32] Factor out set_user_memory_region code Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 18/32] Pass the memory file descriptor and offset when registering ram Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 19/32] Add memfd_restricted system call Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 20/32] Add kvm linux headers and structure extensions for restricted_fd Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 21/32] Add option for enabling restricted memory for guests Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 22/32] Change guest ram mapping from private to shared Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 23/32] Change pvtime " Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 24/32] Change vesa " Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 25/32] Allocate guest memory as restricted if needed Fuad Tabba
2022-12-07 14:25 ` Steven Price
2022-12-07 14:52 ` Fuad Tabba
2022-12-07 15:09 ` Steven Price
2022-12-07 15:30 ` Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 26/32] Use the new fd-based extended memory region Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 27/32] Track the memfd in the bank Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 28/32] Add functions for mapping/unmapping guest memory Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 29/32] pkvm: Add option to spawn a protected vm in pkvm Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 30/32] pkvm: Enable exit hypercall capability if supported Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 31/32] pkvm: Handle (un)share hypercalls coming from the guest Fuad Tabba
2022-12-02 17:44 ` [RFC PATCH kvmtool v1 32/32] pkvm: Unmap all guest memory after initialization Fuad Tabba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221202174417.1310826-1-tabba@google.com \
--to=tabba@google.com \
--cc=alex.bennee@linaro.org \
--cc=alexandru.elisei@arm.com \
--cc=andre.przywara@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.