Xiaoyao Li <xiaoyao.li@xxxxxxxxx> writes: > On 7/15/2025 5:33 PM, Fuad Tabba wrote: >> Introduce a new boolean member, supports_gmem, to kvm->arch. >> >> Previously, the has_private_mem boolean within kvm->arch was implicitly >> used to indicate whether guest_memfd was supported for a KVM instance. >> However, with the broader support for guest_memfd, it's not exclusively >> for private or confidential memory. Therefore, it's necessary to >> distinguish between a VM's general guest_memfd capabilities and its >> support for private memory. >> >> This new supports_gmem member will now explicitly indicate guest_memfd >> support for a given VM, allowing has_private_mem to represent only >> support for private memory. >> >> Reviewed-by: Ira Weiny <ira.weiny@xxxxxxxxx> >> Reviewed-by: Gavin Shan <gshan@xxxxxxxxxx> >> Reviewed-by: Shivank Garg <shivankg@xxxxxxx> >> Reviewed-by: Vlastimil Babka <vbabka@xxxxxxx> >> Co-developed-by: David Hildenbrand <david@xxxxxxxxxx> >> Signed-off-by: David Hildenbrand <david@xxxxxxxxxx> >> Signed-off-by: Fuad Tabba <tabba@xxxxxxxxxx> > > Reviewed-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx> > > Btw, it seems that supports_gmem can be enabled for all the types of VM? > For now, not really, because supports_gmem allows mmap support, and mmap support enables KVM_MEMSLOT_GMEM_ONLY, and KVM_MEMSLOT_GMEM_ONLY will mean that shared faults also get faulted from guest_memfd. A TDX VM that wants to use guest_memfd for private memory and some other backing memory for shared memory (let's call this use case "legacy CoCo VMs") will not work if supports_gmem is just enabled for all types of VMs, because then shared faults will also go to kvm_gmem_get_pfn(). This will be cleaned up when guest_memfd supports conversion (guest_memfd stage 2). There, a TDX VM will have .supports_gmem = true. With guest_memfd stage-2 there will also be a KVM_CAP_DISABLE_LEGACY_PRIVATE_TRACKING. KVM_CAP_DISABLE_LEGACY_PRIVATE_TRACKING defaults to false, so for legacy CoCo VMs, shared faults will go to the other non-guest_memfd memory source that is configured in userspace_addr as before. With guest_memfd stage-2, KVM_MEMSLOT_GMEM_ONLY will direct all EPT faults to kvm_gmem_get_pfn(), but KVM_MEMSLOT_GMEM_ONLY will only be allowed if KVM_CAP_DISABLE_LEGACY_PRIVATE_TRACKING is true. TDX VMs wishing to use guest_memfd as the only source of memory for the guest should set KVM_CAP_DISABLE_LEGACY_PRIVATE_TRACKING to true before creating the guest_memfd. > Even without mmap support, allow all the types of VM to create > guest_memfd seems not something wrong. It's just that the guest_memfd > allocated might not be used, e.g., for KVM_X86_DEFAULT_VM. p
