www.infradead.org Git - users/hch/configfs.git/commit

author	Sean Christopherson <seanjc@google.com>
	Fri, 27 Oct 2023 18:22:05 +0000 (11:22 -0700)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 14 Nov 2023 13:01:05 +0000 (08:01 -0500)
commit	89ea60c2c7b5838bf192c50062d5720cd6ab8662
tree	5de2ed5bc72317b7fad029b32dddf53b1b653f16	tree
parent	eed52e434bc33603ddb0af62b6c4ef818948489d	commit \| diff

KVM: x86: Add support for "protected VMs" that can utilize private memory

Add a new x86 VM type, KVM_X86_SW_PROTECTED_VM, to serve as a development
and testing vehicle for Confidential (CoCo) VMs, and potentially to even
become a "real" product in the distant future, e.g. a la pKVM.

The private memory support in KVM x86 is aimed at AMD's SEV-SNP and
Intel's TDX, but those technologies are extremely complex (understatement),
difficult to debug, don't support running as nested guests, and require
hardware that's isn't universally accessible. I.e. relying SEV-SNP or TDX
for maintaining guest private memory isn't a realistic option.

At the very least, KVM_X86_SW_PROTECTED_VM will enable a variety of
selftests for guest_memfd and private memory support without requiring
unique hardware.

Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20231027182217.3615211-24-seanjc@google.com>
Reviewed-by: Fuad Tabba <tabba@google.com>
Tested-by: Fuad Tabba <tabba@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Documentation/virt/kvm/api.rst		diff \| blob \| history
arch/x86/include/asm/kvm_host.h		diff \| blob \| history
arch/x86/include/uapi/asm/kvm.h		diff \| blob \| history
arch/x86/kvm/Kconfig		diff \| blob \| history
arch/x86/kvm/mmu/mmu_internal.h		diff \| blob \| history
arch/x86/kvm/x86.c		diff \| blob \| history
include/uapi/linux/kvm.h		diff \| blob \| history
virt/kvm/Kconfig		diff \| blob \| history