Sean Christopherson <[email protected]> writes: >> >> [...snip...] >> >> we have one open Question left: >> 1. How to check guest_memfd is fully shared. >> >> [...snip...] >> > > Given that lack of support isn't going to be limited to _just_ guest_memfd, > simply disallow preservation if the VM supports private memory: > > if (kvm_arch_has_private_mem(kvm)) > return -EOPNOTSUPP;
Makes sense. Tarun this was the other option that I was suggesting when we discussed offline. I think (?) it is possible to create a fully-private guest_memfd for a non-Confidential VM, and even after conversion lands, for both vm_memory_attributes=true and vm_memory_attributes=false. In that case, your preservation series can still preserve memory tracked as private by guest_memfd but not used as private, right? I don't think anyone will use this combination before guest_memfd write() support lands, we just need to make sure there's no kernel crash or corruption in this case.
