On Tue, Jul 9, 2024 at 6:21 AM Patrick Roy <roypat@xxxxxxxxxxxx> wrote: > > Hey all, > > This RFC series is a rough draft adding support for running > non-confidential compute VMs in guest_memfd, based on prior discussions > with Sean [1]. Our specific usecase for this is the ability to unmap > guest memory from the host kernel's direct map, as a mitigation against > a large class of speculative execution issues. Not to sound like a salesman, but did you happen to come across the RFC for ASI? https://lore.kernel.org/lkml/20240712-asi-rfc-24-v1-0-144b319a40d8@xxxxxxxxxx/ The current implementation considers userspace allocations as sensitive, so when a VM is running with ASI, the memory of other VMs is unmapped from the direct map (i.e. in the restricted address space). It also incorporates a mechanism to map this memory on-demand when needed (i.e. switch to the unrestricted address space), and running mitigations at this point to make sure it isn't exploited. In theory, it should be a more generic approach because it should apply to VMs that do not use guest_memfd as well, and it should be extensible to protect other parts of memory (e.g. sensitive kernel allocations). I understand that unmapping guest_memfd memory from the direct map in general could still be favorable, and for other reasons beyond mitigating speculative execution attacks. Just thought you may be interested in looking at ASI.
