On Thu, May 19, 2022 at 8:41 AM Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx> wrote: > > Introduce a new memfd_create() flag indicating the content of the > created memfd is inaccessible from userspace through ordinary MMU > access (e.g., read/write/mmap). However, the file content can be > accessed via a different mechanism (e.g. KVM MMU) indirectly. > SEV, TDX, pkvm and software-only VMs seem to have usecases to set up initial guest boot memory with the needed blobs. TDX already supports a KVM IOCTL to transfer contents to private memory using the TDX module but rest of the implementations will need to invent a way to do this. Is there a plan to support a common implementation for either allowing initial write access from userspace to private fd or adding a KVM IOCTL to transfer contents to such a file, as part of this series through future revisions? Regards, Vishal
