Sean Christopherson <[email protected]> writes: > On Fri, Oct 24, 2025, Ackerley Tng wrote: >> Sean Christopherson <[email protected]> writes: >> >> >> >> [...snip...] >> >> >> >> I've been thinking more about this: >> >> #ifdef CONFIG_KVM_VM_MEMORY_ATTRIBUTES >> case KVM_CAP_MEMORY_ATTRIBUTES2: >> case KVM_CAP_MEMORY_ATTRIBUTES: >> if (!vm_memory_attributes) >> return 0; >> >> return kvm_supported_mem_attributes(kvm); >> #endif >> >> And the purpose of adding KVM_CAP_MEMORY_ATTRIBUTES2 is that >> KVM_CAP_MEMORY_ATTRIBUTES2 tells userspace that >> KVM_SET_MEMORY_ATTRIBUTES2 is available iff there are valid >> attributes. >> >> (So there's still a purpose) >> >> Without valid attributes, userspace can't tell if it should use >> KVM_SET_MEMORY_ATTRIBUTES or the 2 version. > > To do what? If there are no attributes, userspace can't do anything useful > anyways. > >> I also added KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES, which tells >> userspace the valid attributes when calling KVM_SET_MEMORY_ATTRIBUTES2 >> on a guest_memfd: > > Ya, and that KVM_SET_MEMORY_ATTRIBUTES2 is supported on guest_memfd. > >> #ifdef CONFIG_KVM_GUEST_MEMFD >> case KVM_CAP_GUEST_MEMFD: >> return 1; >> case KVM_CAP_GUEST_MEMFD_FLAGS: >> return kvm_gmem_get_supported_flags(kvm); >> case KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES: >> if (vm_memory_attributes) >> return 0; >> >> return kvm_supported_mem_attributes(kvm); >> #endif >> >> So to set memory attributes, userspace should > > Userspace *can*. User could also decide it only wants to support guest_memfd > attributes, e.g. because the platform admins controls the entire stack and > built > their entire operation around in-place conversion. > >> if (kvm_check_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES) > 0) >> use KVM_SET_MEMORY_ATTRIBUTES2 with guest_memfd >> else if (kvm_check_cap(KVM_CAP_MEMORY_ATTRIBUTES2) > 0) >> use KVM_SET_MEMORY_ATTRIBUTES2 with VM fd >> else if (kvm_check_cap(KVM_CAP_MEMORY_ATTRIBUTES) > 0) >> use KVM_SET_MEMORY_ATTRIBUTES with VM fd >> else >> can't set memory attributes >> >> Something like that? > > More or else, ya. > >> In selftests there's this, when KVM_SET_USER_MEMORY_REGION2 was >> introduced: >> >> #define TEST_REQUIRE_SET_USER_MEMORY_REGION2() \ >> __TEST_REQUIRE(kvm_has_cap(KVM_CAP_USER_MEMORY2), \ >> "KVM selftests now require KVM_SET_USER_MEMORY_REGION2 >> (introduced in v6.8)") >> >> But looks like there's no direct equivalent for the introduction of >> KVM_SET_MEMORY_ATTRIBUTES2? > > KVM_CAP_USER_MEMORY2 is the equivalent. > > There's was no need to enumerate anything beyond yes/no, because > SET_USER_MEMORY_REGION2 didn't introduce new flags, it expanded the size of > the > structure passed in from userspace so that KVM_CAP_GUEST_MEMFD could be > introduced > without breaking backwards compatibility. > >> The closest would be to add a TEST_REQUIRE_VALID_ATTRIBUTES() which >> checks KVM_CAP_MEMORY_ATTRIBUTES2 or >> KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES before making the vm or >> guest_memfd ioctl respsectively. > > Yes. This is what I did in my (never posted, but functional) version: > > @@ -486,6 +488,7 @@ struct kvm_vm *__vm_create(struct vm_shape shape, > uint32_t nr_runnable_vcpus, > } > guest_rng = new_guest_random_state(guest_random_seed); > sync_global_to_guest(vm, guest_rng); > + sync_global_to_guest(vm, kvm_has_gmem_attributes);
I ported this [1] except for syncing this value to the guest, because I think the guest shouldn't need to know this information, the host should decide what to do. I think, if the guests really need to know this, the test itself can do the syncing. [1] https://lore.kernel.org/all/5656d432df1217c08da0cc2694fd79948bfd686f.1760731772.git.ackerley...@google.com/ > > kvm_arch_vm_post_create(vm, nr_runnable_vcpus); > > @@ -2319,6 +2333,8 @@ void __attribute((constructor)) kvm_selftest_init(void) > guest_random_seed = last_guest_seed = random(); > pr_info("Random seed: 0x%x\n", guest_random_seed); > > + kvm_has_gmem_attributes = > kvm_has_cap(KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES); > + > kvm_selftest_arch_init(); > } > > That way the core library code can pivot on gmem vs. VM attributes without > having > to rely on tests to define anything. E.g. > > static inline void vm_mem_set_memory_attributes(struct kvm_vm *vm, uint64_t > gpa, > uint64_t size, uint64_t attrs) > { > if (kvm_has_gmem_attributes) { > off_t fd_offset; > uint64_t len; > int fd; > > fd = kvm_gpa_to_guest_memfd(vm, gpa, &fd_offset, &len); > TEST_ASSERT(len >= size, "Setting attributes beyond the length > of a guest_memfd"); > gmem_set_memory_attributes(fd, fd_offset, size, attrs); > } else { > vm_set_memory_attributes(vm, gpa, size, attrs); > } > }
