On Fri, Mar 08, 2024, David Woodhouse wrote: > On Fri, 2024-03-08 at 09:35 -0800, David Matlack wrote: > > I think what James is looking for (and what we are also interested > > in), is _eliminating_ the ability to access guest memory from the > > direct map entirely. And in general, eliminate the ability to access > > guest memory in as many ways as possible. > > Well, pKVM does that... Out-of-tree :-) I'm not just being snarky; when pKVM lands this functionality upstream, I fully expect zapping direct map entries to be generic guest_memfd functionality that would be opt-in, either by the in-kernel technology, e.g. pKVM, or by userspace, or by some combination of the two, e.g. I can see making it optional to nuke the direct map when using guest_memfd for TDX guests so that rogue accesses from the host generate synchronous #PFs instead of latent #MCs.
