On Fri, Oct 03, 2025, Nikita Kalyazin wrote: > On 05/11/2023 16:30, Paolo Bonzini wrote: > > From: Sean Christopherson <[email protected]> > > > > Introduce an ioctl(), KVM_CREATE_GUEST_MEMFD, to allow creating file-based > > memory that is tied to a specific KVM virtual machine and whose primary > > purpose is to serve guest memory. > > ... > > diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c > > index f1a575d39b3b..8f46d757a2c5 100644 > > --- a/virt/kvm/kvm_main.c > > +++ b/virt/kvm/kvm_main.c > > ... > > > -static int check_memory_region_flags(const struct > > kvm_userspace_memory_region2 *mem) > > +static int check_memory_region_flags(struct kvm *kvm, > > + const struct kvm_userspace_memory_region2 > > *mem) > > { > > u32 valid_flags = KVM_MEM_LOG_DIRTY_PAGES; > > + if (kvm_arch_has_private_mem(kvm)) > > + valid_flags |= KVM_MEM_GUEST_MEMFD; > > + > > + /* Dirty logging private memory is not currently supported. */ > > + if (mem->flags & KVM_MEM_GUEST_MEMFD) > > + valid_flags &= ~KVM_MEM_LOG_DIRTY_PAGES; > > I was wondering whether this restriction is still required at this stage or > can be lifted in cases where the guest memory is accessible by the host.
Off the top of my head, I can't think of any reason why dirty logging wouldn't work with guest_memfd for non-CoCo VMs. We'd likely need to explicitly enumerate support to userspace, and there might be some assumptions lurking in KVM, but fundamentally it should Just Work (TM). > Specifically, it would be useful to support differential memory snapshots > based on dirty page tracking in Firecracker [1] or in live migration. As an > experiment, I removed the check and was able to produce a diff snapshot and > restore a Firecracker VM from it. > > [1] > https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md#creating-diff-snapshots > > > + > > #ifdef __KVM_HAVE_READONLY_MEM > > valid_flags |= KVM_MEM_READONLY; > > #endif > > @@ -2018,7 +2029,7 @@ int __kvm_set_memory_region(struct kvm *kvm, > > int as_id, id; > > int r; > > - r = check_memory_region_flags(mem); > > + r = check_memory_region_flags(kvm, mem); > > if (r) > > return r;
