The purpose of this series is to serve as a potential base for restricted mmap() support for guest_memfd [1]. It would allow experimentation with what that support would be like, in the safe environment of a new VM type used for testing. This series adds a new VM type for arm64, KVM_VM_TYPE_ARM_SW_PROTECTED, analogous to the x86 KVM_X86_SW_PROTECTED_VM. This type is to serve as a development and testing vehicle for Confidential (CoCo) VMs. Similar to the x86 type, this is currently only for development and testing. It's not meant to be used for "real" VMs, and especially not in production. The behavior and effective ABI for software-protected VMs is unstable. This series enables mmap() support for guest_memfd specifically for the new software-protected VM type, only when explicitly enabled in the config. The series is based on Linux 6.13-rc7 and much of the code within is a subset of the latest series I sent [1], with the addition of the new software protected vm type. To test this series, there's a kvmtool branch with support for guest_memfd for arm64 and the new runtime options of --guest_memfd and --sw_protected, which marks the VM as software protected [2]. I plan on upstreaming this kvmtool branch after more testing and tidying up. Please let me know if this series is useful as a stand-alone series, or if I should merge it with the other guest_memfd for future respins [1]. Cheers, /fuad [1] https://lore.kernel.org/all/20250117163001.2326672-1-tabba@xxxxxxxxxx/ [2] https://android-kvm.googlesource.com/kvmtool/+/refs/heads/tabba/guestmem-6.13 Fuad Tabba (9): KVM: guest_memfd: Allow host to mmap guest_memfd() pages KVM: guest_memfd: Add guest_memfd support to kvm_(read|/write)_guest_page() KVM: guest_memfd: Add KVM capability to check if guest_memfd is host mappable KVM: arm64: Skip VMA checks for slots without userspace address KVM: arm64: Refactor user_mem_abort() calculation of force_pte KVM: arm64: Handle guest_memfd()-backed guest page faults KVM: arm64: Introduce KVM_VM_TYPE_ARM_SW_PROTECTED machine type KVM: guest_memfd: selftests: guest_memfd mmap() test when mapping is allowed KVM: arm64: Enable mapping guest_memfd in arm64 Documentation/virt/kvm/api.rst | 5 + arch/arm64/include/asm/kvm_host.h | 10 ++ arch/arm64/kvm/Kconfig | 1 + arch/arm64/kvm/arm.c | 5 + arch/arm64/kvm/mmu.c | 101 ++++++++++---- arch/x86/include/asm/kvm_host.h | 2 + include/linux/kvm_host.h | 16 +++ include/uapi/linux/kvm.h | 7 + tools/testing/selftests/kvm/Makefile | 1 + .../testing/selftests/kvm/guest_memfd_test.c | 60 ++++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 3 +- virt/kvm/Kconfig | 4 + virt/kvm/guest_memfd.c | 71 ++++++++++ virt/kvm/kvm_main.c | 127 ++++++++++++++---- 14 files changed, 353 insertions(+), 60 deletions(-) base-commit: 5bc55a333a2f7316b58edc7573e8e893f7acb532 -- 2.48.0.rc2.279.g1de40edade-goog
