-
- Downloads
KVM: x86: Add support for "protected VMs" that can utilize private memory
Add a new x86 VM type, KVM_X86_SW_PROTECTED_VM, to serve as a development and testing vehicle for Confidential (CoCo) VMs, and potentially to even become a "real" product in the distant future, e.g. a la pKVM. The private memory support in KVM x86 is aimed at AMD's SEV-SNP and Intel's TDX, but those technologies are extremely complex (understatement), difficult to debug, don't support running as nested guests, and require hardware that's isn't universally accessible. I.e. relying SEV-SNP or TDX for maintaining guest private memory isn't a realistic option. At the very least, KVM_X86_SW_PROTECTED_VM will enable a variety of selftests for guest_memfd and private memory support without requiring unique hardware. Signed-off-by:Sean Christopherson <seanjc@google.com> Reviewed-by:
Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20231027182217.3615211-24-seanjc@google.com> Reviewed-by:
Fuad Tabba <tabba@google.com> Tested-by:
Showing
- Documentation/virt/kvm/api.rst 32 additions, 0 deletionsDocumentation/virt/kvm/api.rst
- arch/x86/include/asm/kvm_host.h 9 additions, 6 deletionsarch/x86/include/asm/kvm_host.h
- arch/x86/include/uapi/asm/kvm.h 3 additions, 0 deletionsarch/x86/include/uapi/asm/kvm.h
- arch/x86/kvm/Kconfig 12 additions, 0 deletionsarch/x86/kvm/Kconfig
- arch/x86/kvm/mmu/mmu_internal.h 1 addition, 0 deletionsarch/x86/kvm/mmu/mmu_internal.h
- arch/x86/kvm/x86.c 15 additions, 1 deletionarch/x86/kvm/x86.c
- include/uapi/linux/kvm.h 1 addition, 0 deletionsinclude/uapi/linux/kvm.h
- virt/kvm/Kconfig 5 additions, 0 deletionsvirt/kvm/Kconfig
Loading
Please register or sign in to comment