kvm, virt_kvm: add confidential APIs and refactor memory in separate module#3737
Open
will-j-wright wants to merge 3 commits into
Open
kvm, virt_kvm: add confidential APIs and refactor memory in separate module#3737will-j-wright wants to merge 3 commits into
will-j-wright wants to merge 3 commits into
Conversation
Add low-level KVM wrappers and constants needed for guest_memfd-backed confidential guests, including memory attributes, x86 SNP VM and launch ioctls, hypercall exits, and Arm CCA realm population support. Note that the ARM CCA bindings are based on the v14 KVM patch series and is subject to change.
Move the existing userspace KVM memory range state and partition memory mapping implementation out of lib.rs into memory.rs. This is a mechanical split that prepares the KVM memory path for guestmemfd support without changing behavior. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
This PR modifies files containing For more on why we check whole files, instead of just diffs, check out the Rustonomicon |
Contributor
There was a problem hiding this comment.
Pull request overview
Adds new KVM UAPI bindings and virt_kvm refactors needed to support upcoming confidential-VM work (AMD SEV-SNP on x86_64 and Arm CCA/Realm on aarch64), including guestmemfd-backed memory and new exit types.
Changes:
- Introduces a dedicated
virt_kvm::memorymodule that encapsulates slot tracking plus guestmemfd/private-memory attribute plumbing. - Extends the
kvmcrate with ioctls/capability checks for guestmemfd, memory attributes, SEV-SNP launch helpers, Arm RMI populate, and new exit decoding (hypercall/system-event/memory-fault). - Wires initial virt_kvm partition construction to track RAM ranges and handle new KVM exits on x86_64.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| vmm_core/virt_kvm/src/memory.rs | New memory-mapping module with guestmemfd classification, slot bookkeeping, and private-memory range helpers. |
| vmm_core/virt_kvm/src/lib.rs | Integrates the new memory module and extends KvmError/partition state for confidential-memory support. |
| vmm_core/virt_kvm/src/arch/x86_64/mod.rs | Initializes RAM range tracking and adds handling for KVM hypercall/system-event exits. |
| vmm_core/virt_kvm/src/arch/aarch64/mod.rs | Initializes RAM range tracking for future guestmemfd/CCA usage. |
| vm/kvm/src/lib.rs | Adds new ioctls/constants/APIs for private memory, guestmemfd, SEV-SNP/CCA-related operations, and new exit decoding. |
jstarks
reviewed
Jun 12, 2026
jstarks
reviewed
Jun 12, 2026
jstarks
reviewed
Jun 12, 2026
will-j-wright
force-pushed
the
snp-cca-pr05c-kvm-guestmemfd
branch
from
58ef6c1 to
2f0ee9b
Compare
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
| host_addr: *mut u8, | ||
| range: MemoryRange, | ||
| guest_memfd_offset: Option<u64>, | ||
| private_attributes_set: bool, |
Member
There was a problem hiding this comment.
I'm pretty unclear on what this private_attributes_set thing is supposed to mean or do.
Contributor
Author
There was a problem hiding this comment.
private_attributes_set tracks whether private-memory attributes were applied for the slot, so unmap can clear those attributes and private-range lookup can reject slots that are guestmemfd-backed but not currently private.
Should guestmemfd-backed imply the slot can service private ranges, or do we still need a separate state which means that private attributes are currently applied?
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
jstarks
reviewed
Jun 15, 2026
| file: File, | ||
| #[inspect(iter_by_index)] | ||
| ranges: Vec<KvmGuestMemfdRange>, | ||
| initial_private: bool, |
Member
There was a problem hiding this comment.
I do not think we should have this initial_private concept.
Contributor
Author
There was a problem hiding this comment.
Okay, should guestmemfd slots always start private, or should we decide some other way?
Add KVM guestmemfd memory-slot plumbing and neutral private-memory range helpers without enabling confidential VM launch behavior yet. Non-isolated KVM partitions continue to use userspace memory backing. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
will-j-wright
force-pushed
the
snp-cca-pr05c-kvm-guestmemfd
branch
from
2f0ee9b to
4ff0791
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add bindings to the kvm crate to support upcoming SNP and CCA changes in virt_kvm. Refactor virt_kvm to move memory into its own module to support guestmemfd usage for SNP and CCA.
Note that the ARM CCA bindings are based on the v14 KVM patch series and is subject to change.
Taken from #3710 with review changes applied.