lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <fc0bb268-07b7-41ef-9a82-791d381f56ac@amazon.com>
Date: Fri, 3 Oct 2025 18:23:57 +0100
From: Nikita Kalyazin <kalyazin@...zon.com>
To: Paolo Bonzini <pbonzini@...hat.com>, Marc Zyngier <maz@...nel.org>,
	"Oliver Upton" <oliver.upton@...ux.dev>, Huacai Chen <chenhuacai@...nel.org>,
	"Michael Ellerman" <mpe@...erman.id.au>, Anup Patel <anup@...infault.org>,
	"Paul Walmsley" <paul.walmsley@...ive.com>, Palmer Dabbelt
	<palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Sean Christopherson
	<seanjc@...gle.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christian
 Brauner <brauner@...nel.org>, "Matthew Wilcox (Oracle)"
	<willy@...radead.org>, "Andrew Morton" <akpm@...ux-foundation.org>
CC: <kvm@...r.kernel.org>, <linux-arm-kernel@...ts.infradead.org>,
	<kvmarm@...ts.linux.dev>, <linux-mips@...r.kernel.org>,
	<linuxppc-dev@...ts.ozlabs.org>, <kvm-riscv@...ts.infradead.org>,
	<linux-riscv@...ts.infradead.org>, <linux-fsdevel@...r.kernel.org>,
	<linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>, Xiaoyao Li
	<xiaoyao.li@...el.com>, Xu Yilun <yilun.xu@...el.com>, Chao Peng
	<chao.p.peng@...ux.intel.com>, Fuad Tabba <tabba@...gle.com>, Jarkko Sakkinen
	<jarkko@...nel.org>, Anish Moorthy <amoorthy@...gle.com>, David Matlack
	<dmatlack@...gle.com>, Yu Zhang <yu.c.zhang@...ux.intel.com>, Isaku Yamahata
	<isaku.yamahata@...el.com>, Mickaël Salaün
	<mic@...ikod.net>, Vlastimil Babka <vbabka@...e.cz>, Vishal Annapurve
	<vannapurve@...gle.com>, Ackerley Tng <ackerleytng@...gle.com>, "Maciej
 Szmigiero" <mail@...iej.szmigiero.name>, David Hildenbrand
	<david@...hat.com>, Quentin Perret <qperret@...gle.com>, Michael Roth
	<michael.roth@....com>, Wang <wei.w.wang@...el.com>, Liam Merwick
	<liam.merwick@...cle.com>, "Isaku Yamahata" <isaku.yamahata@...il.com>,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [PATCH 15/34] KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for
 guest-specific backing memory



On 05/11/2023 16:30, Paolo Bonzini wrote:
> From: Sean Christopherson <seanjc@...gle.com>
> 
> Introduce an ioctl(), KVM_CREATE_GUEST_MEMFD, to allow creating file-based
> memory that is tied to a specific KVM virtual machine and whose primary
> purpose is to serve guest memory.

...
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index f1a575d39b3b..8f46d757a2c5 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c

...

> -static int check_memory_region_flags(const struct kvm_userspace_memory_region2 *mem)
> +static int check_memory_region_flags(struct kvm *kvm,
> +				     const struct kvm_userspace_memory_region2 *mem)
>   {
>   	u32 valid_flags = KVM_MEM_LOG_DIRTY_PAGES;
>   
> +	if (kvm_arch_has_private_mem(kvm))
> +		valid_flags |= KVM_MEM_GUEST_MEMFD;
> +
> +	/* Dirty logging private memory is not currently supported. */
> +	if (mem->flags & KVM_MEM_GUEST_MEMFD)
> +		valid_flags &= ~KVM_MEM_LOG_DIRTY_PAGES;

I was wondering whether this restriction is still required at this stage 
or can be lifted in cases where the guest memory is accessible by the 
host.  Specifically, it would be useful to support differential memory 
snapshots based on dirty page tracking in Firecracker [1] or in live 
migration.  As an experiment, I removed the check and was able to 
produce a diff snapshot and restore a Firecracker VM from it.

[1] 
https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md#creating-diff-snapshots

> +
>   #ifdef __KVM_HAVE_READONLY_MEM
>   	valid_flags |= KVM_MEM_READONLY;
>   #endif
> @@ -2018,7 +2029,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
>   	int as_id, id;
>   	int r;
>   
> -	r = check_memory_region_flags(mem);
> +	r = check_memory_region_flags(kvm, mem);
>   	if (r)
>   		return r;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ