On Thu, Jun 18, 2026 at 05:32:01PM -0700, Ackerley Tng via B4 Relay wrote: > From: Ackerley Tng <[email protected]> > > Make in-place conversion the default if the arch has private mem. > > The default can be overridden at compile type by enabling > CONFIG_KVM_VM_MEMORY_ATTRIBUTES, or at KVM load time through a module > parameter. > > In-place conversion also implies tracking a guest's private/shared state in > guest_memfd. To avoid inconsistencies in the way memory attributes are > tracked between the per-VM or by guest_memfd, make the module_param > read-only (0444). > > Document that using per-VM attributes for tracking private/shared state of > guest memory is deprecated in favor of tracking in guest_memfd. > > Warn if the admin sets gmem_in_place_conversion as false when > CONFIG_KVM_VM_MEMORY_ATTRIBUTES is not enabled. Add warning in the code > path where guest memory is populated for a CoCo VM, since that's the > earliest point in a CoCo VM's lifecycle where memory attributes are > queried. Unlike other query sites, this site is exclusively used by CoCo > VMs. > > Signed-off-by: Sean Christopherson <[email protected]> > --- > arch/x86/kvm/Kconfig | 7 ++++++- > virt/kvm/guest_memfd.c | 5 +++++ > virt/kvm/kvm_main.c | 3 ++- > 3 files changed, 13 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig > index c28393dc664eb..a3c189d765150 100644 > --- a/arch/x86/kvm/Kconfig > +++ b/arch/x86/kvm/Kconfig > @@ -85,7 +85,12 @@ config KVM_VM_MEMORY_ATTRIBUTES > bool "Enable per-VM PRIVATE vs. SHARED attributes (for CoCo VMs)" > help > Enable support for tracking PRIVATE vs. SHARED memory using per-VM > - memory attributes. > + memory attributes. Using per-VM attributes are deprecated in favor > + of tracking PRIVATE state in guest_memfd. Select this if you need > + to run CoCo VMs using a VMM that doesn't support guest_memfd memory > + attributes. > + > + If unsure, say N. > > config KVM_SW_PROTECTED_VM > bool "Enable support for KVM software-protected VMs" > diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c > index 86c9f5b0863cb..5cb73543c03c8 100644 > --- a/virt/kvm/guest_memfd.c > +++ b/virt/kvm/guest_memfd.c > @@ -1193,10 +1193,15 @@ static bool kvm_gmem_range_is_private(struct file > *file, pgoff_t index, > { > struct maple_tree *mt = &GMEM_I(file_inode(file))->attributes; > > +#ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES > if (!gmem_in_place_conversion) > return kvm_range_has_vm_memory_attributes(kvm, gfn, gfn + > nr_pages, > > KVM_MEMORY_ATTRIBUTE_PRIVATE, > > KVM_MEMORY_ATTRIBUTE_PRIVATE); > +#else > + if (WARN_ON_ONCE(!gmem_in_place_conversion)) > + return false; > +#endif > > return kvm_gmem_range_has_attributes(mt, index, nr_pages, > KVM_MEMORY_ATTRIBUTE_PRIVATE); > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > index dd1d18a1d2f68..46e92b5dc3804 100644 > --- a/virt/kvm/kvm_main.c > +++ b/virt/kvm/kvm_main.c > @@ -102,7 +102,8 @@ static bool __ro_after_init allow_unsafe_mappings; > module_param(allow_unsafe_mappings, bool, 0444); > > #ifdef kvm_arch_has_private_mem > -bool __ro_after_init gmem_in_place_conversion = false; > +bool __ro_after_init gmem_in_place_conversion = > !IS_ENABLED(CONFIG_KVM_VM_MEMORY_ATTRIBUTES); > +module_param(gmem_in_place_conversion, bool, 0444);
With gmem_in_place_conversion=true, userspace can create guest_memfd without the MMAP flag. In such cases, shared memory is allocated from different backends. This means this module parameter only enables per-gmem memory attribute and does not guarantee that gmem in-place conversion will actually occur. To avoid confusion, could we rename this module parameter to something more accurate, such as gmem_memory_attribute? > EXPORT_SYMBOL_FOR_KVM_INTERNAL(gmem_in_place_conversion); > #endif > > > -- > 2.55.0.rc0.738.g0c8ab3ebcc-goog > >
