Hi Ackerley, On Thu, 7 May 2026 at 21:22, Ackerley Tng via B4 Relay <[email protected]> wrote: > > From: Sean Christopherson <[email protected]> > > Make vm_memory_attributes a module parameter so that userspace can disable > the use of memory attributes on the VM level. > > To avoid inconsistencies in the way memory attributes are tracked in KVM > and guest_memfd, the vm_memory_attributes module_param is made > read-only (0444). > > Make CONFIG_KVM_VM_MEMORY_ATTRIBUTES selectable, only for (CoCo) VM types > that might use vm_memory_attributes. > > Signed-off-by: Sean Christopherson <[email protected]> > Signed-off-by: Ackerley Tng <[email protected]>
Config files always confuse me, but Sashiko might be onto something: https://sashiko.dev/#/patchset/20260507-gmem-inplace-conversion-v6-0-91ab5a8b19a4%40google.com?part=19 I think this partially goes back to commit 6, the one I flagged yesterday. But also adding "default y" to KVM_VM_MEMORY_ATTRIBUTES? The default value should at least fix this issue, but I'm not sure if it would cause other problems... Cheers, /fuad > --- > arch/x86/kvm/Kconfig | 13 +++++++++---- > virt/kvm/kvm_main.c | 1 + > 2 files changed, 10 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig > index b6d65ee664d0f..8b97d341bd33f 100644 > --- a/arch/x86/kvm/Kconfig > +++ b/arch/x86/kvm/Kconfig > @@ -82,13 +82,20 @@ config KVM_WERROR > > config KVM_VM_MEMORY_ATTRIBUTES > select KVM_MEMORY_ATTRIBUTES > - bool > + depends on KVM_SW_PROTECTED_VM || KVM_INTEL_TDX || KVM_AMD_SEV > + bool "Enable per-VM memory attributes (for CoCo VMs)" > + help > + Enable support for per-VM memory attributes, which are deprecated in > + favor of tracking memory attributes in guest_memfd. Select this if > + you need to run CoCo VMs using a VMM that doesn't support > guest_memfd > + memory attributes. > + > + If unsure, say N. > > config KVM_SW_PROTECTED_VM > bool "Enable support for KVM software-protected VMs" > depends on EXPERT > depends on KVM_X86 && X86_64 > - select KVM_VM_MEMORY_ATTRIBUTES > help > Enable support for KVM software-protected VMs. Currently, software- > protected VMs are purely a development and testing vehicle for > @@ -139,7 +146,6 @@ config KVM_INTEL_TDX > bool "Intel Trust Domain Extensions (TDX) support" > default y > depends on INTEL_TDX_HOST > - select KVM_VM_MEMORY_ATTRIBUTES > select HAVE_KVM_ARCH_GMEM_POPULATE > help > Provides support for launching Intel Trust Domain Extensions (TDX) > @@ -163,7 +169,6 @@ config KVM_AMD_SEV > depends on KVM_AMD && X86_64 > depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) > select ARCH_HAS_CC_PLATFORM > - select KVM_VM_MEMORY_ATTRIBUTES > select HAVE_KVM_ARCH_GMEM_PREPARE > select HAVE_KVM_ARCH_GMEM_INVALIDATE > select HAVE_KVM_ARCH_GMEM_POPULATE > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index cec02d68d7039..ba195bb239aaa 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -104,6 +104,7 @@ module_param(allow_unsafe_mappings, bool, 0444); > #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES > #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES > bool vm_memory_attributes = true; > +module_param(vm_memory_attributes, bool, 0444); > #endif > DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, > kvm_get_memory_attributes_t); > EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes)); > > -- > 2.54.0.563.g4f69b47b94-goog > >
