Enhancing KVM for guest protection and security

Why would KVM need to duplicate much of the host VMM code to avoid mapping data in QEMU? If I were implementing this, I would create a private mm_struct for each VM, and I would create VMAs, roughly as usual, that represent guest memory, but those VMAs would be attached to the private mm_struct.

A naive implementation would have some overhead in that PTEs would be created even though the CPU would never look at the PTEs, although the existing mapping scheme has similar overhead. A future enhancement could add enhance vm_ops.fault, possibly on an opt-in basis, to directly create EPT entries without first creating PTEs.