Commit 42269209 authored by Sean Christopherson's avatar Sean Christopherson

KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP

Rewrite the help message for KVM_SW_PROTECTED_VM to make it clear that
software-protected VMs are a development and testing vehicle for
guest_memfd(), and that attempting to use KVM_SW_PROTECTED_VM for anything
remotely resembling a "real" VM will fail.  E.g. any memory accesses from
KVM will incorrectly access shared memory, nested TDP is wildly broken,
and so on and so forth.

Update KVM's API documentation with similar warnings to discourage anyone
from attempting to run anything but selftests with KVM_X86_SW_PROTECTED_VM.

Fixes: 89ea60c2 ("KVM: x86: Add support for "protected VMs" that can utilize private memory")
Link: https://lore.kernel.org/r/20240222190612.2942589-3-seanjc@google.comSigned-off-by: default avatarSean Christopherson <seanjc@google.com>
parent e5635922
...@@ -8791,6 +8791,11 @@ means the VM type with value @n is supported. Possible values of @n are:: ...@@ -8791,6 +8791,11 @@ means the VM type with value @n is supported. Possible values of @n are::
#define KVM_X86_DEFAULT_VM 0 #define KVM_X86_DEFAULT_VM 0
#define KVM_X86_SW_PROTECTED_VM 1 #define KVM_X86_SW_PROTECTED_VM 1
Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing.
Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in
production. The behavior and effective ABI for software-protected VMs is
unstable.
9. Known KVM API problems 9. Known KVM API problems
========================= =========================
......
...@@ -80,9 +80,10 @@ config KVM_SW_PROTECTED_VM ...@@ -80,9 +80,10 @@ config KVM_SW_PROTECTED_VM
depends on KVM && X86_64 depends on KVM && X86_64
select KVM_GENERIC_PRIVATE_MEM select KVM_GENERIC_PRIVATE_MEM
help help
Enable support for KVM software-protected VMs. Currently "protected" Enable support for KVM software-protected VMs. Currently, software-
means the VM can be backed with memory provided by protected VMs are purely a development and testing vehicle for
KVM_CREATE_GUEST_MEMFD. KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a
software-protected VM will fail miserably.
If unsure, say "N". If unsure, say "N".
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment