kvm, virt_kvm: add confidential APIs and refactor memory in separate module#3710
kvm, virt_kvm: add confidential APIs and refactor memory in separate module#3710chris-oo wants to merge 3 commits into
Conversation
Add low-level KVM wrappers and constants needed for guest_memfd-backed confidential guests, including memory attributes, x86 SNP VM and launch ioctls, hypercall exits, and Arm CCA realm population support. Note that the ARM CCA bindings are based on the v14 KVM patch series and is subject to change.
Move the existing userspace KVM memory range state and partition memory mapping implementation out of lib.rs into memory.rs. This is a mechanical split that prepares the KVM memory path for guestmemfd support without changing behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Add KVM guestmemfd memory-slot plumbing and neutral private-memory range helpers without enabling confidential VM launch behavior yet. Non-isolated KVM partitions continue to use userspace memory backing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
| @@ -1432,6 +1332,15 @@ impl Processor for KvmProcessor<'_> { | |||
| KvmHypercallExit::DISPATCHER.dispatch(&self.partition.gm, &mut handler); | |||
| *result = handler.registers.result; | |||
| } | |||
| kvm::Exit::Hypercall { | |||
There was a problem hiding this comment.
the page visibility changes come as kvm hypercall exits. i can move this to the snp change if you'd like?
| @@ -1468,6 +1377,28 @@ impl Processor for KvmProcessor<'_> { | |||
| tracing::error!(hardware_entry_failure_reason, "VP entry failed"); | |||
| return Err(dev.fatal_error(KvmRunVpError::InvalidVpState.into())); | |||
| } | |||
| kvm::Exit::SystemEvent { | |||
There was a problem hiding this comment.
this one was to debug fatal crashes from the guest, linux will signal a fatal system event via ghcb
There was a problem hiding this comment.
Pull request overview
This PR extends the vm/kvm bindings with additional UAPI/ioctl support needed for upcoming confidential guest work (SNP on x86_64 and CCA/Realm on aarch64), and refactors virt_kvm memory mapping into a dedicated module that can support guestmemfd-backed private memory.
Changes:
- Added new
virt_kvmmemory module (memory.rs) to centralize slot tracking and introduce guestmemfd/private-memory attribute plumbing plus unit tests. - Updated
virt_kvmpartition initialization to track RAM ranges and memory backing mode, and added handling for new KVM exits (hypercall + system event paths). - Expanded the
vm/kvmcrate with new ioctls/APIs for guestmemfd, memory attributes, VM type selection, SEV-SNP launch helpers, and additional exit decoding.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vmm_core/virt_kvm/src/memory.rs | New memory mapping module with guestmemfd/private-memory support scaffolding and tests. |
| vmm_core/virt_kvm/src/lib.rs | Wires in the new memory module, adds error variants, and extends partition state to include backing mode + RAM ranges. |
| vmm_core/virt_kvm/src/arch/x86_64/mod.rs | Initializes RAM range list; adds handling for KVM Hypercall/SystemEvent exits. |
| vmm_core/virt_kvm/src/arch/aarch64/mod.rs | Initializes RAM range list for future guestmemfd/private-memory classification. |
| vm/kvm/src/lib.rs | Adds confidential-memory related ioctls/APIs (guestmemfd, memory attributes), VM-type helpers, SEV-SNP helpers, and new exit decoding. |
| let raw_vm_type = vm_type.as_raw(); | ||
| if supported_vm_types & (1 << raw_vm_type) == 0 { | ||
| return Err(Error::UnsupportedX86VmType(vm_type)); | ||
| } |
| kvm::Exit::Hypercall { | ||
| nr, | ||
| args, | ||
| result, | ||
| flags, | ||
| } => { | ||
| tracing::error!(nr, ?args, flags, "unhandled KVM hypercall"); | ||
| *result = 1; | ||
| } |
| None | ||
| } | ||
| KvmMemoryBacking::GuestMemfd => { | ||
| let guest_memfd = self.kvm.create_guest_memfd(size as u64)?; |
There was a problem hiding this comment.
Rather than creating the memfd dynamically.. I was thinking we'd create a single parallel guest memfd at partition creation time, using MemoryLayout.ram() to get the total size. And then we just reference the existing guest_memfd here, calculating the offset appropriately.
| Some((&guest_memfd, 0)), | ||
| )?; | ||
| }; | ||
| if let Err(err) = self.kvm.set_memory_attributes( |
There was a problem hiding this comment.
Is this the right thing, to set everything to private here? Or should we do this explicitly elsewhere, e.g. in membacking somehow?
|
Closing in favor of #3737 |
Add bindings to the kvm crate to support upcoming SNP and CCA changes in virt_kvm. Refactor virt_kvm to move memory into its own module to support guestmemfd usage for SNP and CCA.
Note that the ARM CCA bindings are based on the v14 KVM patch series and is subject to change.