On Thu, Jul 11, 2024 at 06:27:50PM -0400, Paolo Bonzini wrote: > This is now possible because preparation is done by kvm_gmem_get_pfn() > instead of fallocate(). In practice this is not a limitation, because > even though guest_memfd can be bound to multiple struct kvm, for > hardware implementations of confidential computing only one guest > (identified by an ASID on SEV-SNP, or an HKID on TDX) will be able > to access it. > > In the case of intra-host migration (not implemented yet for SEV-SNP, > but we can use SEV-ES as an idea of how it will work), the new struct > kvm inherits the same ASID and preparation need not be repeated. > > Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> Reviewed-by: Michael Roth <michael.roth@xxxxxxx>
