chore: update patch series again

Use Fuad's just-published v13 as the base, and disable
CONFIG_KVM_KVM_XEN because the kvm-clock hack breaks it (and we also
dont need it for Firecracker, so let's just disable for now until we
have a proper kvmclock patch).

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

resources/hiding_ci/kernel_commit_hash

@@ -1 +1 @@
-86731a2a651e58953fc949573895f2fa6d456841
+d7b8f8e20813f0179d8ef519541a3527e7661d3a

resources/hiding_ci/kernel_config_overrides

@@ -14,3 +14,4 @@ CONFIG_KVM_GENERIC_HARDWARE_ENABLING=y
 CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES=y
 CONFIG_KVM_GENERIC_PRIVATE_MEM=y
 CONFIG_DEBUG_INFO=y
+CONFIG_KVM_XEN=n

resources/hiding_ci/linux_patches/05-mmap-support/0002-KVM-Rename-CONFIG_KVM_PRIVATE_MEM-to-CONFIG_KVM_GMEM.patch renamed to resources/hiding_ci/linux_patches/05-mmap-support/0001-KVM-Rename-CONFIG_KVM_PRIVATE_MEM-to-CONFIG_KVM_GMEM.patch

@@ -1,11 +1,19 @@
-From ba45bc1cd4624badfab75d73286d753403b3cfb5 Mon Sep 17 00:00:00 2001
+From fc57b8c1deda99bc1e64d45dd7f97a1b9259d16e Mon Sep 17 00:00:00 2001
 From: Fuad Tabba <[email protected]>
-Date: Wed, 11 Jun 2025 14:33:13 +0100
-Subject: [PATCH 02/42] KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM
+Date: Wed, 9 Jul 2025 11:59:27 +0100
+Subject: [PATCH 01/45] KVM: Rename CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM
 
-The option KVM_PRIVATE_MEM enables guest_memfd in general. Subsequent
-patches add shared memory support to guest_memfd. Therefore, rename it
-to KVM_GMEM to make its purpose clearer.
+Rename the Kconfig option CONFIG_KVM_PRIVATE_MEM to CONFIG_KVM_GMEM. The
+original name implied that the feature only supported "private" memory.
+However, CONFIG_KVM_PRIVATE_MEM enables guest_memfd in general, which is
+not exclusively for private memory. Subsequent patches in this series
+will add guest_memfd support for non-CoCo VMs, whose memory is not
+private.
+
+Renaming the Kconfig option to CONFIG_KVM_GMEM more accurately reflects
+its broader scope as the main Kconfig option for all guest_memfd-backed
+memory. This provides clearer semantics for the option and avoids
+confusion as new features are introduced.
 
 Reviewed-by: Ira Weiny <[email protected]>
 Reviewed-by: Gavin Shan <[email protected]>
@@ -16,15 +24,15 @@ Signed-off-by: David Hildenbrand <[email protected]>
 Signed-off-by: Fuad Tabba <[email protected]>
 ---
  arch/x86/include/asm/kvm_host.h |  2 +-
- include/linux/kvm_host.h        | 10 +++++-----
+ include/linux/kvm_host.h        | 14 +++++++-------
  virt/kvm/Kconfig                |  8 ++++----
  virt/kvm/Makefile.kvm           |  2 +-
  virt/kvm/kvm_main.c             |  4 ++--
  virt/kvm/kvm_mm.h               |  4 ++--
- 6 files changed, 15 insertions(+), 15 deletions(-)
+ 6 files changed, 17 insertions(+), 17 deletions(-)
 
 diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index b4a391929cdb..6e0bbf4c2202 100644
+index 639d9bcee842..66bdd0759d27 100644
 --- a/arch/x86/include/asm/kvm_host.h
 +++ b/arch/x86/include/asm/kvm_host.h
 @@ -2269,7 +2269,7 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level,
@@ -37,7 +45,7 @@ index b4a391929cdb..6e0bbf4c2202 100644
  #else
  #define kvm_arch_has_private_mem(kvm) false
 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index 3bde4fb5c6aa..b2c415e81e2e 100644
+index 3bde4fb5c6aa..755b09dcafce 100644
 --- a/include/linux/kvm_host.h
 +++ b/include/linux/kvm_host.h
 @@ -601,7 +601,7 @@ struct kvm_memory_slot {
@@ -49,9 +57,14 @@ index 3bde4fb5c6aa..b2c415e81e2e 100644
  	struct {
  		/*
  		 * Writes protected by kvm->slots_lock.  Acquiring a
-@@ -722,7 +722,7 @@ static inline int kvm_arch_vcpu_memslots_id(struct kvm_vcpu *vcpu)
-  * Arch code must define kvm_arch_has_private_mem if support for private memory
-  * is enabled.
+@@ -719,10 +719,10 @@ static inline int kvm_arch_vcpu_memslots_id(struct kvm_vcpu *vcpu)
+ #endif
+ 
+ /*
+- * Arch code must define kvm_arch_has_private_mem if support for private memory
+- * is enabled.
++ * Arch code must define kvm_arch_has_private_mem if support for guest_memfd is
++ * enabled.
   */
 -#if !defined(kvm_arch_has_private_mem) && !IS_ENABLED(CONFIG_KVM_PRIVATE_MEM)
 +#if !defined(kvm_arch_has_private_mem) && !IS_ENABLED(CONFIG_KVM_GMEM)

resources/hiding_ci/linux_patches/05-mmap-support/0003-KVM-Rename-CONFIG_KVM_GENERIC_PRIVATE_MEM-to-CONFIG_.patch renamed to resources/hiding_ci/linux_patches/05-mmap-support/0002-KVM-Rename-CONFIG_KVM_GENERIC_PRIVATE_MEM-to-CONFIG_.patch

@@ -1,12 +1,18 @@
-From 3d9f3ec523f188f416761e52a5c47f7a7b457ad0 Mon Sep 17 00:00:00 2001
+From 2ce4cc59bb3e067e019842870824d7a459d140f0 Mon Sep 17 00:00:00 2001
 From: Fuad Tabba <[email protected]>
-Date: Wed, 11 Jun 2025 14:33:14 +0100
-Subject: [PATCH 03/42] KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to
+Date: Wed, 9 Jul 2025 11:59:28 +0100
+Subject: [PATCH 02/45] KVM: Rename CONFIG_KVM_GENERIC_PRIVATE_MEM to
  CONFIG_KVM_GENERIC_GMEM_POPULATE
 
-The option KVM_GENERIC_PRIVATE_MEM enables populating a GPA range with
-guest data. Rename it to KVM_GENERIC_GMEM_POPULATE to make its purpose
-clearer.
+The original name was vague regarding its functionality. This Kconfig
+option specifically enables and gates the kvm_gmem_populate() function,
+which is responsible for populating a GPA range with guest data.
+
+The new name, KVM_GENERIC_GMEM_POPULATE, describes the purpose of the
+option: to enable generic guest_memfd population mechanisms. This
+improves clarity for developers and ensures the name accurately reflects
+the functionality it controls, especially as guest_memfd support expands
+beyond purely "private" memory scenarios.
 
 Reviewed-by: Ira Weiny <[email protected]>
 Reviewed-by: Gavin Shan <[email protected]>
@@ -16,14 +22,14 @@ Co-developed-by: David Hildenbrand <[email protected]>
 Signed-off-by: David Hildenbrand <[email protected]>
 Signed-off-by: Fuad Tabba <[email protected]>
 ---
- arch/x86/kvm/Kconfig     | 4 ++--
+ arch/x86/kvm/Kconfig     | 6 +++---
  include/linux/kvm_host.h | 2 +-
  virt/kvm/Kconfig         | 2 +-
  virt/kvm/guest_memfd.c   | 2 +-
- 4 files changed, 5 insertions(+), 5 deletions(-)
+ 4 files changed, 6 insertions(+), 6 deletions(-)
 
 diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
-index 2eeffcec5382..9151cd82adab 100644
+index 2eeffcec5382..df1fdbb4024b 100644
 --- a/arch/x86/kvm/Kconfig
 +++ b/arch/x86/kvm/Kconfig
 @@ -46,7 +46,7 @@ config KVM_X86
@@ -35,6 +41,15 @@ index 2eeffcec5382..9151cd82adab 100644
  	select KVM_WERROR if WERROR
 
  config KVM
+@@ -95,7 +95,7 @@ config KVM_SW_PROTECTED_VM
+ config KVM_INTEL
+ 	tristate "KVM for Intel (and compatible) processors support"
+ 	depends on KVM && IA32_FEAT_CTL
+-	select KVM_GENERIC_PRIVATE_MEM if INTEL_TDX_HOST
++	select KVM_GENERIC_GMEM_POPULATE if INTEL_TDX_HOST
+ 	select KVM_GENERIC_MEMORY_ATTRIBUTES if INTEL_TDX_HOST
+ 	help
+ 	  Provides support for KVM on processors equipped with Intel's VT
 @@ -157,7 +157,7 @@ config KVM_AMD_SEV
  	depends on KVM_AMD && X86_64
  	depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
@@ -45,7 +60,7 @@ index 2eeffcec5382..9151cd82adab 100644
  	select HAVE_KVM_ARCH_GMEM_INVALIDATE
  	help
 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index b2c415e81e2e..7700efc06e35 100644
+index 755b09dcafce..359baaae5e9f 100644
 --- a/include/linux/kvm_host.h
 +++ b/include/linux/kvm_host.h
 @@ -2556,7 +2556,7 @@ static inline int kvm_gmem_get_pfn(struct kvm *kvm,

resources/hiding_ci/linux_patches/05-mmap-support/0003-KVM-Introduce-kvm_arch_supports_gmem.patch

@@ -0,0 +1,102 @@
+From 85b1525e138e76dd43f58e8b5cfd2f0f861ae6a6 Mon Sep 17 00:00:00 2001
+From: Fuad Tabba <[email protected]>
+Date: Wed, 9 Jul 2025 11:59:29 +0100
+Subject: [PATCH 03/45] KVM: Introduce kvm_arch_supports_gmem()
+
+Introduce kvm_arch_supports_gmem() to explicitly indicate whether an
+architecture supports guest_memfd.
+
+Previously, kvm_arch_has_private_mem() was used to check for guest_memfd
+support. However, this conflated guest_memfd with "private" memory,
+implying that guest_memfd was exclusively for CoCo VMs or other private
+memory use cases.
+
+With the expansion of guest_memfd to support non-private memory, such as
+shared host mappings, it is necessary to decouple these concepts. The
+new kvm_arch_supports_gmem() function provides a clear way to check for
+guest_memfd support.
+
+Reviewed-by: Ira Weiny <[email protected]>
+Reviewed-by: Gavin Shan <[email protected]>
+Reviewed-by: Shivank Garg <[email protected]>
+Reviewed-by: Vlastimil Babka <[email protected]>
+Co-developed-by: David Hildenbrand <[email protected]>
+Signed-off-by: David Hildenbrand <[email protected]>
+Signed-off-by: Fuad Tabba <[email protected]>
+---
+ arch/x86/include/asm/kvm_host.h |  4 +++-
+ include/linux/kvm_host.h        | 11 +++++++++++
+ virt/kvm/kvm_main.c             |  4 ++--
+ 3 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index 66bdd0759d27..09f4f6240d9d 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -2271,8 +2271,10 @@ void kvm_configure_mmu(bool enable_tdp, int tdp_forced_root_level,
+ 
+ #ifdef CONFIG_KVM_GMEM
+ #define kvm_arch_has_private_mem(kvm) ((kvm)->arch.has_private_mem)
++#define kvm_arch_supports_gmem(kvm) kvm_arch_has_private_mem(kvm)
+ #else
+ #define kvm_arch_has_private_mem(kvm) false
++#define kvm_arch_supports_gmem(kvm) false
+ #endif
+ 
+ #define kvm_arch_has_readonly_mem(kvm) (!(kvm)->arch.has_protected_state)
+@@ -2325,7 +2327,7 @@ enum {
+ #define HF_SMM_INSIDE_NMI_MASK	(1 << 2)
+ 
+ # define KVM_MAX_NR_ADDRESS_SPACES	2
+-/* SMM is currently unsupported for guests with private memory. */
++/* SMM is currently unsupported for guests with guest_memfd private memory. */
+ # define kvm_arch_nr_memslot_as_ids(kvm) (kvm_arch_has_private_mem(kvm) ? 1 : 2)
+ # define kvm_arch_vcpu_memslots_id(vcpu) ((vcpu)->arch.hflags & HF_SMM_MASK ? 1 : 0)
+ # define kvm_memslots_for_spte_role(kvm, role) __kvm_memslots(kvm, (role).smm)
+diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
+index 359baaae5e9f..ab1bde048034 100644
+--- a/include/linux/kvm_host.h
++++ b/include/linux/kvm_host.h
+@@ -729,6 +729,17 @@ static inline bool kvm_arch_has_private_mem(struct kvm *kvm)
+ }
+ #endif
+ 
++/*
++ * Arch code must define kvm_arch_supports_gmem if support for guest_memfd is
++ * enabled.
++ */
++#if !defined(kvm_arch_supports_gmem) && !IS_ENABLED(CONFIG_KVM_GMEM)
++static inline bool kvm_arch_supports_gmem(struct kvm *kvm)
++{
++	return false;
++}
++#endif
++
+ #ifndef kvm_arch_has_readonly_mem
+ static inline bool kvm_arch_has_readonly_mem(struct kvm *kvm)
+ {
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
+index 898c3d5a7ba8..afbc025ce4d3 100644
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -1588,7 +1588,7 @@ static int check_memory_region_flags(struct kvm *kvm,
+ {
+ 	u32 valid_flags = KVM_MEM_LOG_DIRTY_PAGES;
+ 
+-	if (kvm_arch_has_private_mem(kvm))
++	if (kvm_arch_supports_gmem(kvm))
+ 		valid_flags |= KVM_MEM_GUEST_MEMFD;
+ 
+ 	/* Dirty logging private memory is not currently supported. */
+@@ -4912,7 +4912,7 @@ static int kvm_vm_ioctl_check_extension_generic(struct kvm *kvm, long arg)
+ #endif
+ #ifdef CONFIG_KVM_GMEM
+ 	case KVM_CAP_GUEST_MEMFD:
+-		return !kvm || kvm_arch_has_private_mem(kvm);
++		return !kvm || kvm_arch_supports_gmem(kvm);
+ #endif
+ 	default:
+ 		break;
+-- 
+2.49.0
+