RamDiscardManager is firstly introduced for some special RAM memory
regions (managed by virtio-mem). This interface can coordinate which
parts of specific memory regions are currently populated to be used by
the VM, notifying after parts were discarded and before parts will be
populated.
It is required by VFIO because VFIO tries to register the whole region
with the kernel and pin all pages, which is incompatible with discarding
of RAM. With RamDiscardManager, VFIO can require proper coordination to
only map the currently populated parts, to hinder parts that are
expected to remain discarded from silently getting populated and
consuming memory.
This interface also applies to the private memfd backend, which can
represent two types of memory (shared and private). Shared memory is
accessiable by host VMM and can be mapped in IOMMU page tables. Private
memory is inaccessible and can't be DMA-mapped. So the memory regions
backed by private memfd can coordinate to only ap the shared parts,
update eh mapping when notified about page attribute conversion between
shared and private.
Introduce the RamDiscardManager interface in private memfd backend and
utilize the existing VFIORamDiscardListener (registered in
vfio_register_ram_discard_listener()). The users can call
priv_memfd_backend_state_change() notifier to DMA map the shared parts
and unmap the private parts.
There are some notes in current implementation.
- VFIO has registerd the population ram discard listener which will DMA
map in minimun granularity (i.e. block_size in virtio-mem and private
memfd). The block_size of private memfd is set to host page size
because the conversion size can be as small as one page.
- Current VFIO do the map/unmap with minimal pranularity each time,
which can avoid partial unmap request from TD guest.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Add a per-RAMBlock bitmap (named cgs_bmap) to record if a guest-physical
address is private/shared. The bitmap is allocated only when the guest is
a confidential guest, so it's allocated in the private memory backend.
By default, bits are 0 in the bitmap to indicate all the guest pages are
private pages. When the guest changes a private page to share or shared
page to private later, it exits to QEMU with the KVM_EXIT_MEMORY_FAULT
reason and the cgs_bmap will be updated accordingly.
Signed-off-by: Wei Wang <wei.w.wang@intel.com>
This new object is similar to existing 'memory-backend-memfd' object
which provides host memory with linux memfd_create API but differs in
that this new object will have two memfds, one is for share memory which
can be mmaped, the other is for private memory which is restricted memfd
and can not be accessed from userspace.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
