On 28.08.25 11:39, Roy, Patrick wrote:
[ based on kvm/next ] Unmapping virtual machine guest memory from the host kernel's direct map is a successful mitigation against Spectre-style transient execution issues: If the kernel page tables do not contain entries pointing to guest memory, then any attempted speculative read through the direct map will necessarily be blocked by the MMU before any observable microarchitectural side-effects happen. This means that Spectre-gadgets and similar cannot be used to target virtual machine memory. Roughly 60% of speculative execution issues fall into this category [1, Table 1].
As discussed, I'll be maintaining a guestmemfd-preview branch where I just pile patch sets to see how it will all look together.
It's currently based on kvm/next where "stage 1" resides, and has "Add NUMA mempolicy support for KVM guest-memfdAdd NUMA mempolicy support for KVM guest-memfd" [1] applied.
There are some minor conflicts with [1] in the "KVM: guest_memfd: Add flag to remove from direct map" patch, I tried to resolve them, let's see if I messed up.
https://git.kernel.org/pub/scm/linux/kernel/git/david/linux.git/log/?h=guestmemfd-preview [1] https://lkml.kernel.org/r/20250827175247.83322-2-shivankg@xxxxxxx -- Cheers David / dhildenb
