Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory

[David Hildenbrand]

On 01.09.21 19:50, Sean Christopherson wrote:
> On Wed, Sep 01, 2021, David Hildenbrand wrote:
> > > > > Well not necessarily, but it depends how clever we want to get.  If
> > > > > you look over on the OVMF/edk2 list, there's a proposal to do guest
> > > > > migration via a mirror VM that invokes a co-routine embedded in the
> > > > > OVMF binary:
> > > >
> > > > Yes, I heard of that. "Interesting" design.
> > >
> > > Heh, well what other suggestion do you have?  The problem is there
> > > needs to be code somewhere to perform some operations that's trusted by
> > > both the guest and the host.  The only element for a confidential VM
> > > that has this shared trust is the OVMF firmware, so it seems logical to
> > > use it.
> >
> > <offtopic>
> >
> > Let me put it this way: I worked with another architecture that doesn't
> > fault on access of a secure page, but instead automatically exports/encrypts
>
> I thought s390 does fault on insecure accesses to secure pages, and it's the
> kernel's fault handler that "automatically" converts the page?  E.g. trap 0x3d
> -> do_secure_storage_access() -> arch_make_page_accessible().

"automatic" as in "the kernel can do it easily automatically under the 
hood when accessing such memory", yes that's what I meant :)

--
Thanks,

David / dhildenb