Without in-place conversion, QEMU can still access shared memory to load initial state into guest memory prior to launch even if the GPA's memory attributes default to private, since userspace is accessing a completely separate pool of memory. With in-place conversion, all these accesses would need to first be converted to shared, then back to private, since the memory all comes from guest_memfd and only shared memory can be accessed by userspace.
To avoid sprinkling these differences in behavior throughout QEMU when in-place conversion is enabled, just default to shared. This does not compromise guest security, since Confidential VMs will necessarily enforce this via trusted entities, and simply generate implicit page state changes if their default expectations don't match KVM's. However, in most cases a guest will explicitly convert memory to a particular state before actually using it, so even these implicit conversion requests should be rare. Signed-off-by: Michael Roth <[email protected]> --- accel/kvm/kvm-all.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index fd01435a0f..c3d399517d 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -1808,7 +1808,26 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml, abort(); } - if (memory_region_has_guest_memfd(mr)) { + /* + * Without in-place conversion, QEMU can still access shared memory + * to load initial state into guest memory prior to launch even if + * the GPA's memory attributes default to private, since userspace + * is accessing a completely separate pool of memory. With in-place + * conversion, all these accesses would need to first be converted + * to shared, then back to private, since the memory all comes from + * guest_memfd and only shared memory can be accessed by userspace. + * + * To avoid sprinkling these differences in behavior throughout QEMU + * when in-place conversion is enabled, just default to shared. This + * does not compromise guest security, since Confidential VMs will + * necessarily enforce this via trusted entities, and simply generate + * implicit page state changes if their default expectations don't + * match KVM's. However, in most cases a guest will explicitly + * convert memory to a particular state before actually using it, so + * even these implicit conversion requests should be rare. + */ + if (memory_region_has_guest_memfd(mr) && + !(current_machine->cgs && current_machine->cgs->convert_in_place)) { err = kvm_set_memory_attributes_private(start_addr, slot_size); if (err) { error_report("%s: failed to set memory attribute private: %s", -- 2.43.0
