summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2024-08-02 18:31:48 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2024-08-02 18:33:43 +0200
commit1773014a975919195be71646fc2c2cad1570fce4 (patch)
tree3871bb33896b7b703cb54ec373706ba573cd83de /Documentation
parentMerge tag 'kvm-riscv-fixes-6.11-1' of https://github.com/kvm-riscv/linux into... (diff)
parentKVM: x86/mmu: fix determination of max NPT mapping level for private pages (diff)
downloadlinux-1773014a975919195be71646fc2c2cad1570fce4.tar.xz
linux-1773014a975919195be71646fc2c2cad1570fce4.zip
Merge branch 'kvm-fixes' into HEAD
* fix latent bug in how usage of large pages is determined for confidential VMs * fix "underline too short" in docs * eliminate log spam from limited APIC timer periods * disallow pre-faulting of memory before SEV-SNP VMs are initialized * delay clearing and encrypting private memory until it is added to guest page tables * this change also enables another small cleanup: the checks in SNP_LAUNCH_UPDATE that limit it to non-populated, private pages can now be moved in the common kvm_gmem_populate() function
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/virt/kvm/api.rst8
1 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index fe722c5dada9..33938468d62d 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -6368,7 +6368,7 @@ a single guest_memfd file, but the bound ranges must not overlap).
See KVM_SET_USER_MEMORY_REGION2 for additional details.
4.143 KVM_PRE_FAULT_MEMORY
-------------------------
+---------------------------
:Capability: KVM_CAP_PRE_FAULT_MEMORY
:Architectures: none
@@ -6405,6 +6405,12 @@ for the current vCPU state. KVM maps memory as if the vCPU generated a
stage-2 read page fault, e.g. faults in memory as needed, but doesn't break
CoW. However, KVM does not mark any newly created stage-2 PTE as Accessed.
+In the case of confidential VM types where there is an initial set up of
+private guest memory before the guest is 'finalized'/measured, this ioctl
+should only be issued after completing all the necessary setup to put the
+guest into a 'finalized' state so that the above semantics can be reliably
+ensured.
+
In some cases, multiple vCPUs might share the page tables. In this
case, the ioctl can be called in parallel.