On Tue, Nov 23, 2021 at 10:06:02AM +0100, Paolo Bonzini wrote: > I think it's great that memfd hooks are usable by more than one subsystem, > OTOH it's fair that whoever needs it does the work---and VFIO does not need > it for confidential VMs, yet, so it should be fine for now to have a single > user. I think adding a new interface to a core kernel subsystem should come with a greater requirement to work out something generally useful and not be overly wedded to a single use case (eg F_SEAL_GUEST) Especially if something like 'single user' is not just a small implementation artifact but a key design tennant of the whole eventual solution. Jason
