Add VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED (bit 6): when negotiated, the device guarantees it initializes reported pages (zeros, or poison_val if PAGE_POISON). The device signals success via the used length of each reporting_vq element.
Gate host_zeroes_pages on both the feature bit and the actual page content: when PAGE_POISON is negotiated with poison_val != 0, the device fills with poison bytes, not zeros. Clear the feature in validate() if REPORTING is not present or if running in a confidential computing environment (untrusted host). Renumber DEVICE_INIT_ON_INFLATE from bit 6 to bit 7 to make room. See the virtio spec change: https://github.com/oasis-tcs/virtio-spec/issues/244 Signed-off-by: Michael S. Tsirkin <[email protected]> Assisted-by: Claude:claude-opus-4-6 Assisted-by: cursor-agent:GPT-5.4-xhigh virtio_balloon: skip zeroing for host-zeroed reported pages Check per-page used length returned by the device to determine which reported pages were zeroed. If used_len matches the page size, the device successfully initialized the page (e.g. via MADV_DONTNEED), and we set the corresponding zeroed_bitmap bit. This requires no feature negotiation: existing devices return used_len=0 (the conservative "not zeroed" case), while updated devices return the page size on successful discard. host_zeroes_pages is set unconditionally so the page_reporting drain path checks the bitmap and marks matching pages as PG_zeroed in the buddy allocator. Signed-off-by: Michael S. Tsirkin <[email protected]> Assisted-by: Claude:claude-opus-4-6 --- drivers/virtio/virtio_balloon.c | 30 ++++++++++++++++++++++++++--- include/uapi/linux/virtio_balloon.h | 3 ++- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/drivers/virtio/virtio_balloon.c b/drivers/virtio/virtio_balloon.c index 1eb9a6376038..f1ad842eb3d6 100644 --- a/drivers/virtio/virtio_balloon.c +++ b/drivers/virtio/virtio_balloon.c @@ -218,6 +218,8 @@ static int virtballoon_free_page_report(struct page_reporting_dev_info *pr_dev_i struct virtqueue *vq = vb->reporting_vq; unsigned int i, err; + bitmap_zero(pr_dev_info->zeroed_bitmap, nents); + /* We should always be able to add these buffers to an empty queue. */ for (i = 0; i < nents; i++) { struct scatterlist one; @@ -237,10 +239,14 @@ static int virtballoon_free_page_report(struct page_reporting_dev_info *pr_dev_i /* When host has read buffer, this completes via balloon_ack */ for (i = 0; i < nents; i++) { - unsigned int unused; + struct scatterlist *entry; + unsigned int used_len; wait_event(vb->acked, - virtqueue_get_buf(vq, &unused)); + (entry = virtqueue_get_buf(vq, &used_len))); + if (used_len == entry->length) + set_bit(entry - sg, + pr_dev_info->zeroed_bitmap); } } @@ -1118,8 +1124,16 @@ static int virtballoon_probe(struct virtio_device *vdev) #endif vb->pr_dev_info.capacity = capacity; + /* + * With PAGE_POISON, device fills with poison_val not + * zeros; only treat as zeroed when poison_val is 0. + */ vb->pr_dev_info.host_zeroes_pages = - !cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT); + virtio_has_feature(vdev, + VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED) && + (!virtio_has_feature(vdev, + VIRTIO_BALLOON_F_PAGE_POISON) || + want_init_on_free()); err = page_reporting_register(&vb->pr_dev_info); if (err) goto out_unregister_oom; @@ -1245,9 +1259,18 @@ static int virtballoon_validate(struct virtio_device *vdev) else if (!virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON)) __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_REPORTING); + if (!virtio_has_feature(vdev, VIRTIO_BALLOON_F_REPORTING)) + __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED); + + /* Device fills with poison_val, not zeros; disable zeroed hint */ if (virtio_has_feature(vdev, VIRTIO_BALLOON_F_PAGE_POISON) && !want_init_on_free()) __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE); + + if (cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) { + __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED); + __virtio_clear_bit(vdev, VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE); + } __virtio_clear_bit(vdev, VIRTIO_F_ACCESS_PLATFORM); return 0; } @@ -1259,6 +1282,7 @@ static unsigned int features[] = { VIRTIO_BALLOON_F_FREE_PAGE_HINT, VIRTIO_BALLOON_F_PAGE_POISON, VIRTIO_BALLOON_F_REPORTING, + VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED, VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE, }; diff --git a/include/uapi/linux/virtio_balloon.h b/include/uapi/linux/virtio_balloon.h index d129736cc3a8..cbaf18e0b17c 100644 --- a/include/uapi/linux/virtio_balloon.h +++ b/include/uapi/linux/virtio_balloon.h @@ -37,7 +37,8 @@ #define VIRTIO_BALLOON_F_FREE_PAGE_HINT 3 /* VQ to report free pages */ #define VIRTIO_BALLOON_F_PAGE_POISON 4 /* Guest is using page poisoning */ #define VIRTIO_BALLOON_F_REPORTING 5 /* Page reporting virtqueue */ -#define VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE 6 /* Device initializes pages on inflate */ +#define VIRTIO_BALLOON_F_DEVICE_INIT_REPORTED 6 /* Device initializes reported pages */ +#define VIRTIO_BALLOON_F_DEVICE_INIT_ON_INFLATE 7 /* Device initializes pages on inflate */ /* Size of a PFN in the balloon interface. */ #define VIRTIO_BALLOON_PFN_SHIFT 12 -- MST
