On 4/7/2025 3:49 PM, Chenyi Qiang wrote:
With the introduction of the RamBlockAttribute object to manage RAMBlocks with guest_memfd and the implementation of PrivateSharedManager interface to convey page conversion events, it is more elegant to move attribute changes into a PrivateSharedListener. The PrivateSharedListener is reigstered/unregistered for each memory region section during kvm_region_add/del(), and listeners are stored in a CVMPrivateSharedListener list for easy management. The listener handler performs attribute changes upon receiving notifications from private_shared_manager_state_change() calls. With this change, the state changes operations in kvm_convert_memory() can be removed. Note that after moving attribute changes into a listener, errors can be returned in ram_block_attribute_notify_to_private() if attribute changes fail in corner cases (e.g. -ENOMEM). Since there is currently no rollback operation for the to_private case, an assert is used to prevent the guest from continuing with a partially changed attribute state.
From the kernel IOMMU subsystem's perspective, this lack of rollback might not be a significant issue. Currently, converting memory pages from shared to private involves unpinning the pages and removing the mappings from the IOMMU page table, both of which are typically non- failing operations. But, in the future, when it comes to partial conversions, there might be a cut operation before the VFIO unmap. The kernel IOMMU subsystem cannot guarantee an always-successful cut operation. Thanks, baolu
