[PATCH v5 00/12] Direct Map Removal Support for guest_memfd
David Hildenbrand
david at redhat.com
Thu Aug 28 05:50:12 PDT 2025
On 28.08.25 11:39, Roy, Patrick wrote:
> [ based on kvm/next ]
>
> Unmapping virtual machine guest memory from the host kernel's direct map is a
> successful mitigation against Spectre-style transient execution issues: If the
> kernel page tables do not contain entries pointing to guest memory, then any
> attempted speculative read through the direct map will necessarily be blocked
> by the MMU before any observable microarchitectural side-effects happen. This
> means that Spectre-gadgets and similar cannot be used to target virtual machine
> memory. Roughly 60% of speculative execution issues fall into this category [1,
> Table 1].
>
As discussed, I'll be maintaining a guestmemfd-preview branch where I
just pile patch sets to see how it will all look together.
It's currently based on kvm/next where "stage 1" resides, and has "Add
NUMA mempolicy support for KVM guest-memfdAdd NUMA mempolicy support for
KVM guest-memfd" [1] applied.
There are some minor conflicts with [1] in the "KVM: guest_memfd: Add
flag to remove from direct map" patch, I tried to resolve them, let's
see if I messed up.
https://git.kernel.org/pub/scm/linux/kernel/git/david/linux.git/log/?h=guestmemfd-preview
[1] https://lkml.kernel.org/r/20250827175247.83322-2-shivankg@amd.com
--
Cheers
David / dhildenb
More information about the linux-arm-kernel
mailing list