On Tue, Feb 08, 2022 at 08:33:18PM +0200, Mike Rapoport wrote: > (addded linux-api) > > On Tue, Jan 18, 2022 at 09:21:09PM +0800, Chao Peng wrote: > > This is the v4 of this series which try to implement the fd-based KVM > > guest private memory. The patches are based on latest kvm/queue branch > > commit: > > > > fea31d169094 KVM: x86/pmu: Fix available_event_types check for > > REF_CPU_CYCLES event > > > > Introduction > > ------------ > > In general this patch series introduce fd-based memslot which provides > > guest memory through memory file descriptor fd[offset,size] instead of > > hva/size. The fd can be created from a supported memory filesystem > > like tmpfs/hugetlbfs etc. which we refer as memory backing store. KVM > > and the the memory backing store exchange callbacks when such memslot > > gets created. At runtime KVM will call into callbacks provided by the > > backing store to get the pfn with the fd+offset. Memory backing store > > will also call into KVM callbacks when userspace fallocate/punch hole > > on the fd to notify KVM to map/unmap secondary MMU page tables. > > > > Comparing to existing hva-based memslot, this new type of memslot allows > > guest memory unmapped from host userspace like QEMU and even the kernel > > itself, therefore reduce attack surface and prevent bugs. > > > > Based on this fd-based memslot, we can build guest private memory that > > is going to be used in confidential computing environments such as Intel > > TDX and AMD SEV. When supported, the memory backing store can provide > > more enforcement on the fd and KVM can use a single memslot to hold both > > the private and shared part of the guest memory. > > > > mm extension > > --------------------- > > Introduces new F_SEAL_INACCESSIBLE for shmem and new MFD_INACCESSIBLE > > flag for memfd_create(), the file created with these flags cannot read(), > > write() or mmap() etc via normal MMU operations. The file content can > > only be used with the newly introduced memfile_notifier extension. > > It would be great to see man page draft for new ABI flags Yes I can provide the man page. Thanks, Chao
