On 6/19/2026 8:31 AM, Ackerley Tng via B4 Relay wrote:
From: Ackerley Tng <[email protected]>
Make CONFIG_KVM_VM_MEMORY_ATTRIBUTES selectable, only for (CoCo) VM types
that might use vm_memory_attributes.
Also document CONFIG_KVM_VM_MEMORY_ATTRIBUTES to specifically be about the
private/shared attribute.
I think this patch needs to be moved later after per-gmem shared/private
attribute is implemented. Because so far, TDX/SEV indeed depend on
CONFIG_KVM_VM_MEMORY_ATTRIBUTES.
Not to discuss if it makes sense to report TDX as supported VM TYPE when
CONFIG_KVM_VM_MEMORY_ATTRIBUTES is not enabled, this patch just fails
the compilation when
CONFIG_KVM_VM_MEMORY_ATTRIBUTES = n
and KVM_INTEL_TDX/KVM_AMD_SEV is enabled:
arch/x86/kvm/../../../virt/kvm/guest_memfd.c: In function
‘__kvm_gmem_populate’:
arch/x86/kvm/../../../virt/kvm/guest_memfd.c:918:14: error: implicit
declaration of function ‘kvm_range_has_memory_attributes’
[-Werror=implicit-function-declaration]
918 | if (!kvm_range_has_memory_attributes(kvm, gfn, gfn + 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Sean Christopherson <[email protected]>
---
arch/x86/kvm/Kconfig | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index 24f96396cfa1c..c28393dc664eb 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -81,13 +81,16 @@ config KVM_WERROR
If in doubt, say "N".
config KVM_VM_MEMORY_ATTRIBUTES
- bool
+ depends on KVM_SW_PROTECTED_VM || KVM_INTEL_TDX || KVM_AMD_SEV
+ bool "Enable per-VM PRIVATE vs. SHARED attributes (for CoCo VMs)"
+ help
+ Enable support for tracking PRIVATE vs. SHARED memory using per-VM
+ memory attributes.
config KVM_SW_PROTECTED_VM
bool "Enable support for KVM software-protected VMs"
depends on EXPERT
depends on KVM_X86 && X86_64
- select KVM_VM_MEMORY_ATTRIBUTES
help
Enable support for KVM software-protected VMs. Currently, software-
protected VMs are purely a development and testing vehicle for
@@ -138,7 +141,6 @@ config KVM_INTEL_TDX
bool "Intel Trust Domain Extensions (TDX) support"
default y
depends on INTEL_TDX_HOST
- select KVM_VM_MEMORY_ATTRIBUTES
select HAVE_KVM_ARCH_GMEM_POPULATE
help
Provides support for launching Intel Trust Domain Extensions (TDX)
@@ -162,7 +164,6 @@ config KVM_AMD_SEV
depends on KVM_AMD && X86_64
depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
select ARCH_HAS_CC_PLATFORM
- select KVM_VM_MEMORY_ATTRIBUTES
select HAVE_KVM_ARCH_GMEM_PREPARE
select HAVE_KVM_ARCH_GMEM_INVALIDATE
select HAVE_KVM_ARCH_GMEM_POPULATE