From: Sean Christopherson <[email protected]> Make vm_memory_attributes a module parameter so that userspace can disable the use of memory attributes on the VM level.
To avoid inconsistencies in the way memory attributes are tracked in KVM and guest_memfd, the vm_memory_attributes module_param is made read-only (0444). Make CONFIG_KVM_VM_MEMORY_ATTRIBUTES selectable, only for (CoCo) VM types that might use vm_memory_attributes. Signed-off-by: Sean Christopherson <[email protected]> [Drop compile-time check for CONFIG_KVM_VM_MEMORY_ATTRIBUTES in kvm_gmem_range_is_private() since vm_memory_attributes, if defined false with a macro, should elide generation of the if block anyway] Signed-off-by: Ackerley Tng <[email protected]> --- arch/x86/kvm/Kconfig | 13 +++++++++---- virt/kvm/kvm_main.c | 1 + 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 49c7709e3d895..5cd5046c542ba 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -82,13 +82,20 @@ config KVM_WERROR config KVM_VM_MEMORY_ATTRIBUTES select KVM_MEMORY_ATTRIBUTES - bool + depends on KVM_SW_PROTECTED_VM || KVM_INTEL_TDX || KVM_AMD_SEV + bool "Enable per-VM memory attributes (for CoCo VMs)" + help + Enable support for per-VM memory attributes, which are deprecated in + favor of tracking memory attributes in guest_memfd. Select this if + you need to run CoCo VMs using a VMM that doesn't support guest_memfd + memory attributes. + + If unsure, say N. config KVM_SW_PROTECTED_VM bool "Enable support for KVM software-protected VMs" depends on EXPERT depends on KVM_X86 && X86_64 - select KVM_VM_MEMORY_ATTRIBUTES help Enable support for KVM software-protected VMs. Currently, software- protected VMs are purely a development and testing vehicle for @@ -138,7 +145,6 @@ config KVM_INTEL_TDX bool "Intel Trust Domain Extensions (TDX) support" default y depends on INTEL_TDX_HOST - select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_POPULATE help Provides support for launching Intel Trust Domain Extensions (TDX) @@ -162,7 +168,6 @@ config KVM_AMD_SEV depends on KVM_AMD && X86_64 depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m) select ARCH_HAS_CC_PLATFORM - select KVM_VM_MEMORY_ATTRIBUTES select HAVE_KVM_ARCH_GMEM_PREPARE select HAVE_KVM_ARCH_GMEM_INVALIDATE select HAVE_KVM_ARCH_GMEM_POPULATE diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 3506a2f2be041..7680c868fd6e1 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -104,6 +104,7 @@ module_param(allow_unsafe_mappings, bool, 0444); #ifdef CONFIG_KVM_MEMORY_ATTRIBUTES #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES bool vm_memory_attributes = true; +module_param(vm_memory_attributes, bool, 0444); #endif DEFINE_STATIC_CALL_RET0(__kvm_get_memory_attributes, kvm_get_memory_attributes_t); EXPORT_SYMBOL_FOR_KVM_INTERNAL(STATIC_CALL_KEY(__kvm_get_memory_attributes)); -- 2.51.0.858.gf9c4a03a3a-goog
