On 20.10.20 08:18, Kirill A. Shutemov wrote: > If the protected memory feature enabled, unmap guest memory from > kernel's direct mappings. Gah, ugly. I guess this also defeats compaction, swapping, ... oh gosh. As if all of the encrypted VM implementations didn't bring us enough ugliness already (SEV extensions also don't support reboots, but can at least kexec() IIRC). Something similar is done with secretmem [1]. And people don't seem to like fragmenting the direct mapping (including me). [1] https://lkml.kernel.org/r/20200924132904.1391-1-rppt@xxxxxxxxxx -- Thanks, David / dhildenb
