[PATCH 27/30] KVM: arm64: Add some initial documentation for pKVM
Will Deacon
will at kernel.org
Fri Jan 9 07:04:37 PST 2026
On Tue, Jan 06, 2026 at 03:59:37PM +0000, Vincent Donnefort wrote:
> On Mon, Jan 05, 2026 at 03:49:35PM +0000, Will Deacon wrote:
> > +CPU memory isolation
> > +--------------------
> > +
> > +Status: Isolation of anonymous memory and metadata pages.
> > +
> > +Metadata pages (e.g. page-table pages and '``struct kvm_vcpu``' pages)
> > +are donated from the host to the hypervisor during pVM creation and
> > +are consequently unmapped from the stage-2 identity map until the pVM is
> > +destroyed.
> > +
> > +Similarly to regular KVM, pages are lazily mapped into the guest in
> > +response to stage-2 page faults handled by the host. However, when
> > +running a pVM, these pages are first pinned and then unmapped from the
> > +stage-2 identity map as part of the donation procedure. This gives rise
> > +to some user-visible differences when compared to non-protected VMs,
> > +largely due to the lack of MMU notifiers:
> > +
> > +* Memslots cannot be moved or deleted once the pVM has started running.
> > +* Read-only memslots and dirty logging are not supported.
> > +* With the exception of swap, file-backed pages cannot be mapped into a
> > + pVM.
> > +* Donated pages are accounted against ``RLIMIT_MLOCK`` and so the VMM
> > + must have a sufficient resource limit or be granted ``CAP_IPC_LOCK``.
>
> Perhaps worth to add that there's no runtime reclaim either so the accounting
> will only grow until the VM is destroyed?
Good idea, I'll extend this to cover that. We just need to remember to
remove it when we add support for the relinquish hypercall.
Cheers,
Will
More information about the linux-arm-kernel
mailing list