Hi Ackerley, Sorry, but I completely missed this!
[...snip...] > 4. guest_memfd ioctl flag > SET_MEMORY_ATTRIBUTES2_FLAG_PRESERVE_CONTENTS. -EINVAL if kernel and > vendor don't support content preservation > > Specifying a flag to choose whether content should be preserved at > conversion-time is the current best suggestion. > > What does the rest of the community think of a conversion ioctl flag to > choose whether to preserve memory contents on conversion? > > Fuad, I think you also made a related comment on an earlier internal > version we were working on. What do you/pKVM think? Introducing PRESERVE_CONTENTS seems like the correct architectural approach to me. pKVM fully supports requiring the PRESERVE_CONTENTS flag on every conversion where data retention is expected. As you know, pKVM operates at EL2 with control over Stage-2 page tables, so we intrinsically support in-place state transitions. Requiring the VMM to explicitly pass this flag when injecting payloads ensures we have explicit userspace intent without artificially restricting pKVM's capabilities. If userspace omits the PRESERVE_CONTENTS flag, KVM must zero the page contents in software and proceed. Returning -EINVAL would be incorrect because it would make the flag mandatory, eliminating userspace's ability to request clean-slate, destructive conversions when needed. Additionally, software zeroing ensures deterministic behavior across pKVM, TDX, and SNP. The guest is guaranteed a clean page, isolating the KVM uAPI from micro-architectural data destruction nuances. Cheers, /fuad
