On 11/29/24 06:39, Nikita Kalyazin wrote:
+#if defined(CONFIG_KVM_GENERIC_PRIVATE_MEM) && !defined(CONFIG_KVM_AMD_SEV)
Another option is to use the confidential computing (coco) attributes to keep the write operation limited to clear-text guests (diff against patch 1/2): There are a couple of benefits and shortcomings that I've listed below the diff.
diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index 9aba0ba25276..b7a0c7f2f82d 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -1,5 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 #include <linux/backing-dev.h> +#include <linux/cc_platform.h> #include <linux/falloc.h> #include <linux/kvm_host.h> #include <linux/pagemap.h> @@ -274,7 +275,14 @@ static struct folio *kvm_gmem_get_folio(struct inode *inode, pgoff_t index) return filemap_grab_folio(inode->i_mapping, index); }
-#if defined(CONFIG_KVM_GENERIC_PRIVATE_MEM) && !defined(CONFIG_KVM_AMD_SEV) +static bool kvm_has_cc(void) +{ + if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) + return true; + return false; +} + +#if defined(CONFIG_KVM_GENERIC_PRIVATE_MEM) static ssize_t kvm_kmem_gmem_write(struct file *file, const char __user *buf, size_t count, loff_t *offset) { @@ -290,6 +298,9 @@ static ssize_t kvm_kmem_gmem_write(struct file *file, const char __user *buf, if (!buf) return -EINVAL;
+ if (kvm_has_cc()) + return -EIO; + start = *offset >> PAGE_SHIFT; end = (*offset + count) >> PAGE_SHIFT;
@@ -564,7 +575,7 @@ static pgoff_t kvm_gmem_get_index(struct kvm_memory_slot *slot, gfn_t gfn) }
static struct file_operations kvm_gmem_fops = { -#if defined(CONFIG_KVM_GENERIC_PRIVATE_MEM) && !defined(CONFIG_KVM_AMD_SEV) +#if defined(CONFIG_KVM_GENERIC_PRIVATE_MEM) .llseek = default_llseek, .write = kvm_kmem_gmem_write, #endif
Advantages: * works with multiple architectures (powerpc and x86 so far) * enumerates specific types of coco attributes
Disadvantages: * The platform can have an encryption attribute but still be running a guest in clear text * Some guests could be encrypted while others are clear text
To remedy the disadvantage, the write function would need to check if guest encryption is currently active for a specific guest.
Mike
+static ssize_t kvm_kmem_gmem_write(struct file *file, const char __user *buf,
size_t count, loff_t *offset)
+{
- pgoff_t start, end, index;
- ssize_t ret = 0;