guest_memfd folios are currently marked unmovable, so the kernel cannot perform NUMA-balancing, memory compaction, etc. This is unavoidable for confidential VMs (SEV-SNP, TDX), since memory is encrypted and copying it needs firmware assistance. However, for non-confidential VMs (like Firecracker), we can migrate the folios.
This series enables folio migration for non-confidential guest_memfd and also lays the groundwork for migrating confidential guest_memfd later. Once firmware-assisted copying support is available, those VMs can be made movable, the confidential folio content can be copied separately, and the destination folio marked with FOLIO_CONTENT_COPIED so __migrate_folio() skips the host-side folio_mc_copy(). Testing ------- Host: 7.1-rc7 + this, 2 NUMA nodes - KVM selftest: allocate folios on node 0, migrate them to node 1 and back and verify resulting NUMA node and the folio contents at each step. - Firecracker [1]: booted a microVM backed by guest_memfd. While the guest was running, forced host-side migration of its folios via migratepages(8) and explicit move_pages(2) of guest_memfd pages. Verify with /proc/firecracker_pid/numa_maps. [1] https://github.com/firecracker-microvm/firecracker/tree/feature/secret-hiding and change builder.rs to remove GUEST_MEMFD_FLAG_NO_DIRECT_MAP from vm.create_guest_memfd() Best regards, Shivank Signed-off-by: Shivank Garg <[email protected]> --- Shivank Garg (3): mm: split AS_UNMOVABLE back out of AS_INACCESSIBLE KVM: guest_memfd: support folio migration for non-confidential VMs KVM: selftests: exercise guest_memfd folio migration include/linux/pagemap.h | 24 ++++++-- mm/compaction.c | 12 ++-- mm/migrate.c | 2 +- tools/testing/selftests/kvm/guest_memfd_test.c | 77 ++++++++++++++++++++++++++ virt/kvm/guest_memfd.c | 49 ++++++++++++++-- 5 files changed, 149 insertions(+), 15 deletions(-) --- base-commit: 4549871118cf616eecdd2d939f78e3b9e1dddc48 change-id: 20260611-shivank-gmem-migrate-8c1c519b30a6 Best regards, -- Shivank Garg <[email protected]>
