Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement

From: Vishal Annapurve
Date: Wed Jun 21 2023 - 16:46:50 EST


On Wed, Jun 21, 2023 at 11:20 AM Dong, Eddie <eddie.dong@xxxxxxxxx> wrote:
>
>
>
> > -----Original Message-----
> > From: Vishal Annapurve <vannapurve@xxxxxxxxxx>
> > Sent: Monday, June 19, 2023 2:55 PM
> > To: Zhi Wang <zhi.wang.linux@xxxxxxxxx>
> > Cc: Yamahata, Isaku <isaku.yamahata@xxxxxxxxx>; kvm@xxxxxxxxxxxxxxx;
> > linux-kernel@xxxxxxxxxxxxxxx; isaku.yamahata@xxxxxxxxx; Paolo Bonzini
> > <pbonzini@xxxxxxxxxx>; Aktas, Erdem <erdemaktas@xxxxxxxxxx>;
> > Christopherson,, Sean <seanjc@xxxxxxxxxx>; Shahar, Sagi
> > <sagis@xxxxxxxxxx>; David Matlack <dmatlack@xxxxxxxxxx>; Huang, Kai
> > <kai.huang@xxxxxxxxx>; Chen, Bo2 <chen.bo@xxxxxxxxx>; linux-
> > coco@xxxxxxxxxxxxxxx; Chao Peng <chao.p.peng@xxxxxxxxxxxxxxx>; Ackerley
> > Tng <ackerleytng@xxxxxxxxxx>; Michael Roth <michael.roth@xxxxxxx>
> > Subject: Re: [RFC PATCH 0/6] KVM: guest memory: Misc enhacnement
> >
> > On Mon, Jun 19, 2023 at 1:11 PM Zhi Wang <zhi.wang.linux@xxxxxxxxx>
> > wrote:
> > >
> > > On Mon, 19 Jun 2023 12:11:50 -0700
> ...
> >
> > Protected VM effort is about being able to have guest memory ranges not
> > mapped into Userspace VMM and so are unreachable for most of the cases
> > from KVM as well. Non-CC VMs can use this support to mitigate any
> > unintended accesses from userspace VMM/KVM possibly using enlightened
> > kernels.
>
> "PROTECTED" seems to be not very close to what you mean here. "PROTECTED_MEM" ?
> What case of non-CC VMs may use this feature in reality? Or do you have any expected cases?
>

Similar to pKvm efforts [1], PROTECTED_VM functionality may be used to
unmap guest memory ranges from the host and userspace VMM on x86
platforms. If the KVM/host kernel and the guest VMs are enlightened
for this usecase, then it should be possible to deploy this feature
for normal VMs irrespective of the platforms they are running on.

Primary usecase here would be to prevent unintended accesses from
KVM/userspace VMM which would normally go undetected at runtime or are
hard to trace back to the original culprit.

[1] https://source.android.com/docs/core/virtualization/architecture#hypervisor