From: Paolo Bonzini Date: Wed, 27 Aug 2025 08:37:40 +0000 (-0400) Subject: Merge branch 'guest-memfd-mmap' into HEAD X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a6ad54137af9;p=thirdparty%2Fkernel%2Fstable.git Merge branch 'guest-memfd-mmap' into HEAD Add support for host userspace mapping of guest_memfd-backed memory for VM types that do NOT use support KVM_MEMORY_ATTRIBUTE_PRIVATE (which isn't precisely the same thing as CoCo VMs, since x86's SEV-MEM and SEV-ES have no way to detect private vs. shared). mmap() support paves the way for several evolving KVM use cases: * Allows VMMs like Firecracker to run guests entirely backed by guest_memfd [1]. This provides a unified memory management model for both confidential and non-confidential guests, simplifying VMM design. * Enhanced Security via direct map removal: When combined with Patrick's series for direct map removal [2], this provides additional hardening against Spectre-like transient execution attacks by eliminating the need for host kernel direct maps of guest memory. * Lays the groundwork for *restricted* mmap() support for guest_memfd-backed memory on CoCo platforms [3] that permit in-place sharing of guest memory with the host. Signed-off-by: Paolo Bonzini --- a6ad54137af92535cfe32e19e5f3bc1bb7dbd383