The main goal of this patch series is to add support for the the restricted guest memory proposali (V9) [1] to kvmtool (V10 was released today [2]). This proposal is still being discussed, but it seems to be close to its final form. The intention is that the restricted guest memory would be used in various confidential computing environments, such as TDX and pKVM. This series is intended to work with the kernel in of the V9 proposal [1], in addition to work to port it to pKVM [3]. It has been tested on qemu/arm64. The patch series is divided as follows: Patches 1--4: General fixes and tidying up Patches 5--18: Move kvmtool from allocating guest vm memory using anonymous mmap to using memfd/ftruncate. The main motivation is to support the fd-based kvm guest memory proposal [1, 2]. It also facilitates using ipc memory sharing should that be needed in the future. It also moves kvmtool to using only a file based backend for guest memory allocation, with the file descriptor being the canonical reference to guest memory. The idea is to refer to all allocated guest memory via a file descriptor. Patches 19--28: Add architecture-independent framework to support restricted guest memory. Patches 29--32: Add pKVM-specific (arm64) support for restricted guest memory. I had posted a subset of this series earlier covering patches 1--18 [4]. This series incorporates fixes and suggestions from Alex into those patches. Cheers, /fuad [1] https://lore.kernel.org/all/20221025151344.3784230-1-chao.p.peng@xxxxxxxxxxxxxxx/ [2] https://lore.kernel.org/all/20221202061347.1070246-1-chao.p.peng@xxxxxxxxxxxxxxx/ [3] https://android-kvm.googlesource.com/kvmtool/+/refs/heads/tabba/fdmem-v9-core [4] https://lore.kernel.org/all/20221115111549.2784927-1-tabba@xxxxxxxxxx/ Fuad Tabba (31): Initialize the return value in kvm__for_each_mem_bank() Remove newline from end of die() aborts Make mmap_hugetlbfs() static Rename parameter in mmap_anon_or_hugetlbfs() Add hostmem va to debug print Factor out getting the hugetlb block size Use memfd for hugetlbfs when allocating guest ram Make blk_size a parameter and pass it to mmap_hugetlbfs() Use memfd for all guest ram allocations Allocate pvtime memory with memfd Allocate vesa memory with memfd Add a function that allocates aligned memory if specified Use new function to align memory Remove struct fields and code used for alignment Replace kvm__arch_delete_ram() with kvm__delete_ram() Remove no-longer used macro Factor out set_user_memory_region code Pass the memory file descriptor and offset when registering ram Add memfd_restricted system call Add kvm linux headers and structure extensions for restricted_fd Add option for enabling restricted memory for guests Change guest ram mapping from private to shared Change pvtime mapping from private to shared Change vesa mapping from private to shared Allocate guest memory as restricted if needed Use the new fd-based extended memory region Track the memfd in the bank Add functions for mapping/unmapping guest memory pkvm: Enable exit hypercall capability if supported pkvm: Handle (un)share hypercalls coming from the guest pkvm: Unmap all guest memory after initialization Will Deacon (1): pkvm: Add option to spawn a protected vm in pkvm arm/aarch32/include/kvm/kvm-arch.h | 1 + arm/aarch64/include/asm/kvm.h | 7 + arm/aarch64/include/kvm/kvm-arch.h | 1 + arm/aarch64/kvm.c | 26 +++ arm/aarch64/pvtime.c | 20 +- arm/fdt.c | 18 ++ arm/include/arm-common/fdt-arch.h | 2 +- arm/include/arm-common/kvm-arch.h | 7 - arm/kvm-cpu.c | 58 ++++++ arm/kvm.c | 41 ++-- arm/pci.c | 3 + builtin-run.c | 7 + framebuffer.c | 2 + hw/cfi_flash.c | 4 +- hw/vesa.c | 17 +- include/kvm/framebuffer.h | 1 + include/kvm/kvm-config.h | 2 + include/kvm/kvm.h | 25 ++- include/kvm/util.h | 5 +- include/linux/kvm.h | 19 ++ kvm.c | 301 ++++++++++++++++++++++++++--- mips/kvm.c | 11 +- powerpc/kvm.c | 7 +- riscv/include/kvm/kvm-arch.h | 7 - riscv/kvm.c | 26 +-- util/util.c | 131 ++++++++++--- vfio/core.c | 3 +- virtio/pci-modern.c | 3 + x86/kvm.c | 11 +- 29 files changed, 606 insertions(+), 160 deletions(-) base-commit: e17d182ad3f797f01947fc234d95c96c050c534b -- 2.39.0.rc0.267.gcb52ba06e7-goog
