| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <i22yykvttpc2e4expluuzucczqnetdnpee2wx2fzqwg7cnt45x@ovx7e7hok5iz> Date: Thu, 29 Jan 2026 11:10:12 +0000 From: Quentin Perret <qperret@...gle.com> To: Jason Gunthorpe <jgg@...pe.ca> Cc: Sean Christopherson <seanjc@...gle.com>, Ackerley Tng <ackerleytng@...gle.com>, Alexey Kardashevskiy <aik@....com>, cgroups@...r.kernel.org, kvm@...r.kernel.org, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-mm@...ck.org, linux-trace-kernel@...r.kernel.org, x86@...nel.org, akpm@...ux-foundation.org, binbin.wu@...ux.intel.com, bp@...en8.de, brauner@...nel.org, chao.p.peng@...el.com, chenhuacai@...nel.org, corbet@....net, dave.hansen@...el.com, dave.hansen@...ux.intel.com, david@...hat.com, dmatlack@...gle.com, erdemaktas@...gle.com, fan.du@...el.com, fvdl@...gle.com, haibo1.xu@...el.com, hannes@...xchg.org, hch@...radead.org, hpa@...or.com, hughd@...gle.com, ira.weiny@...el.com, isaku.yamahata@...el.com, jack@...e.cz, james.morse@....com, jarkko@...nel.org, jgowans@...zon.com, jhubbard@...dia.com, jroedel@...e.de, jthoughton@...gle.com, jun.miao@...el.com, kai.huang@...el.com, keirf@...gle.com, kent.overstreet@...ux.dev, liam.merwick@...cle.com, maciej.wieczor-retman@...el.com, mail@...iej.szmigiero.name, maobibo@...ngson.cn, mathieu.desnoyers@...icios.com, maz@...nel.org, mhiramat@...nel.org, mhocko@...nel.org, mic@...ikod.net, michael.roth@....com, mingo@...hat.com, mlevitsk@...hat.com, mpe@...erman.id.au, muchun.song@...ux.dev, nikunj@....com, nsaenz@...zon.es, oliver.upton@...ux.dev, palmer@...belt.com, pankaj.gupta@....com, paul.walmsley@...ive.com, pbonzini@...hat.com, peterx@...hat.com, pgonda@...gle.com, prsampat@....com, pvorel@...e.cz, richard.weiyang@...il.com, rick.p.edgecombe@...el.com, rientjes@...gle.com, rostedt@...dmis.org, roypat@...zon.co.uk, rppt@...nel.org, shakeel.butt@...ux.dev, shuah@...nel.org, steven.price@....com, steven.sistare@...cle.com, suzuki.poulose@....com, tabba@...gle.com, tglx@...utronix.de, thomas.lendacky@....com, vannapurve@...gle.com, vbabka@...e.cz, viro@...iv.linux.org.uk, vkuznets@...hat.com, wei.w.wang@...el.com, will@...nel.org, willy@...radead.org, wyihan@...gle.com, xiaoyao.li@...el.com, yan.y.zhao@...el.com, yilun.xu@...el.com, yuzenghui@...wei.com, zhiquan1.li@...el.com Subject: Re: [RFC PATCH v1 05/37] KVM: guest_memfd: Wire up kvm_get_memory_attributes() to per-gmem attributes Hi all, On Wednesday 28 Jan 2026 at 21:16:18 (-0400), Jason Gunthorpe wrote: > On Wed, Jan 28, 2026 at 05:03:27PM -0800, Sean Christopherson wrote: > > > For a dmabuf fd, the story is the same as guest_memfd. Unless private vs. shared > > is all or nothing, and can never change, then the only entity that can track that > > info is the owner of the dmabuf. And even if the private vs. shared attributes > > are constant, tracking it external to KVM makes sense, because then the provider > > can simply hardcode %true/%false. > > Oh my I had not given that bit any thought. My remarks were just about > normal non-CC systems. > > So MMIO starts out shared, and then converts to private when the guest > triggers it. It is not all or nothing, there are permanent shared > holes in the MMIO ranges too. > > Beyond that I don't know what people are thinking. > > Clearly VFIO has to revoke and disable the DMABUF once any of it > becomes private. VFIO will somehow have to know when it changes modes > from the TSM subsystem. > > I guess we could have a special channel for KVM to learn the > shared/private page by page from VFIO as some kind of "aware of CC" > importer. Slightly out of my depth, but I figured I should jump in this discussion nonetheless; turns out dmabuf vs CoCo is a hot topic for pKVM[*], so please bear with me :) It occurred to me that lazily faulting a dmabuf page by page into a guest isn't particularly useful, because the entire dmabuf is 'paged in' by construction on the host side (regardless of whether that dmabuf is backed by memory or MMIO). There is a weird edge case where a memslot may not cover an entire dmabuf, but perhaps we could simply say 'don't do that'. Faulting-in the entire dmabuf in one go on the first guest access would be good for performance, but it doesn't really solve any of the problems you've listed above. A not-fully-thought-through-and-possibly-ridiculous idea that crossed my mind some time ago was to make KVM itself a proper dmabuf importer. You'd essentially see a guest as a 'device' (probably with an actual struct dev representing it), and the stage-2 MMU in front of it as its IOMMU. That could potentially allow KVM to implement dma_map_ops for that guest 'device' by mapping/unmapping pages into its stage-2 and such. And in order to get KVM to import a dmabuf, host userspace would have to pass a dmabuf fd to SET_USER_MEMORY_REGION2, a which point KVM could check properties about the dmabuf before proceeding with the import. We could set different expectations about the properties we want for CoCo vs non-CoCo guests at that level (and yes this could include having KVM use a special channel with the exporter to check that). That has the nice benefit of having a clear KVM-level API to transition an entire dmabuf fd to 'private' in one go in the CoCo case. And in the non-CoCo case, we avoid the unnecessary lazy faulting of the dmabuf. It gets really funny when a CoCo guest decides to share back a subset of that dmabuf with the host, and I'm still wrapping my head around how we'd make that work, but at this point I'm ready to be told how all the above already doesn't work and that I should go back to the peanut gallery :-) Cheers, Quentin [*] https://www.youtube.com/watch?v=zaBxoyRepzA&list=PLW3ep1uCIRfxwmllXTOA2txfDWN6vUOHp&index=35
Powered by blists - more mailing lists