[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unmapping KVM Guest Memory from Host Kernel
|
From: |
Sean Christopherson |
|
Subject: |
Re: Unmapping KVM Guest Memory from Host Kernel |
|
Date: |
Fri, 8 Mar 2024 14:47:36 -0800 |
On Fri, Mar 08, 2024, David Woodhouse wrote:
> On Fri, 2024-03-08 at 09:35 -0800, David Matlack wrote:
> > I think what James is looking for (and what we are also interested
> > in), is _eliminating_ the ability to access guest memory from the
> > direct map entirely. And in general, eliminate the ability to access
> > guest memory in as many ways as possible.
>
> Well, pKVM does that...
Out-of-tree :-)
I'm not just being snarky; when pKVM lands this functionality upstream, I fully
expect zapping direct map entries to be generic guest_memfd functionality that
would be opt-in, either by the in-kernel technology, e.g. pKVM, or by userspace,
or by some combination of the two, e.g. I can see making it optional to nuke the
direct map when using guest_memfd for TDX guests so that rogue accesses from the
host generate synchronous #PFs instead of latent #MCs.
Re: Unmapping KVM Guest Memory from Host Kernel, Sean Christopherson, 2024/03/08
Re: Unmapping KVM Guest Memory from Host Kernel, Matthew Wilcox, 2024/03/09