Re: [RFC] KVM: mm: fd-based approach for supporting KVM guest private memory

From: David Hildenbrand
Date: Wed Sep 15 2021 - 11:35:57 EST



who will actually do some kind of gfn-epfn etc. mapping, how we'll
forbid access to this memory e.g., via /proc/kcore or when dumping memory

It's not aimed to prevent root to shoot into his leg. Root do root.

IMHO being root is not an excuse to read some random file (actually used
in production environments) to result in the machine crashing. Not
acceptable for distributions.
I just realized that reading encrypted memory should be ok and only writing is an issue, right?


--
Thanks,

David / dhildenb