For confidential guests, guest_memfd is currently used only for private guest memory, and normal guest memory comes from the configured memory backend just as it does for a non-confidential guest. It is now possible to use the same physical memory to back a particular GPA regardless of whether it is in a shared or private state. This avoids the need to rely on discarding memory between shared/private conversions (to avoid doubled memory usage), and is intended to be the primary mode of using guest_memfd for confidential guests moving forward, and future features like hugepage support will likely require it.
Add an option to enable this support. Since ConfidentialGuestSupport is already used to track some guest_memfd-related functionality (e.g. whether it is required for the configured machine), similarly introduce this option as a property of ConfidentialGuestSupport. Also add the KVM-specific checks to enable this support, but leave the option disabled until other required changes are implemented for CGS variants that intend to make use of KVM's in-place conversion support. Signed-off-by: Michael Roth <[email protected]> --- accel/kvm/kvm-all.c | 21 +++++++++++++++++ backends/confidential-guest-support.c | 25 +++++++++++++++++++++ include/system/confidential-guest-support.h | 14 ++++++++++++ qapi/qom.json | 16 +++++++++++++ 4 files changed, 76 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index e6ae2e8ced..a1832712a4 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -52,6 +52,7 @@ #include "kvm-cpus.h" #include "system/dirtylimit.h" #include "qemu/range.h" +#include "system/confidential-guest-support.h" #include "hw/core/boards.h" #include "system/stats.h" @@ -2901,6 +2902,7 @@ static int kvm_reset_vmfd(MachineState *ms) static int kvm_init(AccelState *as, MachineState *ms) { MachineClass *mc = MACHINE_GET_CLASS(ms); + ConfidentialGuestSupport *cgs = ms->cgs; static const char upgrade_note[] = "Please upgrade to at least kernel 4.5.\n"; const struct { @@ -3076,6 +3078,25 @@ static int kvm_init(AccelState *as, MachineState *ms) kvm_vm_check_extension(s, KVM_CAP_USER_MEMORY2); kvm_pre_fault_memory_supported = kvm_vm_check_extension(s, KVM_CAP_PRE_FAULT_MEMORY); + if (cgs && cgs->convert_in_place) { + uint64_t guest_memfd_supported_memory_attributes; + + guest_memfd_supported_memory_attributes = + kvm_vm_check_extension(s, KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES); + + if (!(guest_memfd_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE)) { + ret = -EINVAL; + error_report("In-place conversion is only supported if private " + "memory attributes can be set via guest_memfd. " + "Please ensure the 'vm_memory_attributes' KVM module " + "parameter is set to 0."); + goto err; + } + + assert(kvm_guest_memfd_supported); + kvm_supported_memory_attributes = guest_memfd_supported_memory_attributes; + } + if (s->kernel_irqchip_split == ON_OFF_AUTO_AUTO) { s->kernel_irqchip_split = mc->default_kernel_irqchip_split ? ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF; } diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c index 156dd15e66..c89bcf3cb3 100644 --- a/backends/confidential-guest-support.c +++ b/backends/confidential-guest-support.c @@ -21,6 +21,24 @@ OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport, CONFIDENTIAL_GUEST_SUPPORT, OBJECT) +static bool +cgs_get_convert_in_place(Object *obj, Error **errp) +{ + return CONFIDENTIAL_GUEST_SUPPORT(obj)->convert_in_place; +} + +static void +cgs_set_convert_in_place(Object *obj, bool value, Error **errp) +{ + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); + + if (!cgs->allow_convert_in_place && value) { + error_setg(errp, "In-place conversion support is not supported for this guest configuration."); + } + + cgs->convert_in_place = value; +} + static bool check_support(ConfidentialGuestPlatformType platform, uint16_t platform_version, uint8_t highest_vtl, uint64_t shared_gpa_boundary) @@ -70,6 +88,13 @@ static void confidential_guest_support_class_init(ObjectClass *oc, static void confidential_guest_support_init(Object *obj) { + ConfidentialGuestSupport *cgs = CONFIDENTIAL_GUEST_SUPPORT(obj); + + object_property_add_bool(obj, "convert-in-place", cgs_get_convert_in_place, + cgs_set_convert_in_place); + + cgs->convert_in_place = false; + cgs->allow_convert_in_place = false; } static void confidential_guest_support_finalize(Object *obj) diff --git a/include/system/confidential-guest-support.h b/include/system/confidential-guest-support.h index 5dca717308..c1e9c41ad2 100644 --- a/include/system/confidential-guest-support.h +++ b/include/system/confidential-guest-support.h @@ -20,6 +20,7 @@ #include "qom/object.h" #include "exec/hwaddr.h" +#include "qapi/qapi-visit-qom.h" #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support" OBJECT_DECLARE_TYPE(ConfidentialGuestSupport, @@ -92,6 +93,19 @@ struct ConfidentialGuestSupport { * so 'ready' is not set, we'll abort. */ bool ready; + + /* + * True if the machine re-uses physical pages when converting + * between shared/private (as opposed to using different + * physical pages depending on the access type). + */ + bool convert_in_place; + + /* + * CGS implementations will use this to indicate whether or not + * in-place conversion can be enabled by users. + */ + bool allow_convert_in_place; }; typedef struct ConfidentialGuestSupportClass { diff --git a/qapi/qom.json b/qapi/qom.json index 502fafeb15..037c078799 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -1014,6 +1014,21 @@ 'if': 'CONFIG_IGVM', 'data': { 'file': 'str' } } +## +# @ConfidentialGuestSupportProperties: +# +# Properties for ConfidentialGuestSupport base class. +# +# @convert-in-place: If true, the same physical pages are reused +# when memory is converted between shared and private states. +# If false (default), separate allocations are used depending +# on whether the page is private or shared. +# +# Since: 11.1 +## +{ 'struct': 'ConfidentialGuestSupportProperties', + 'data': { '*convert-in-place': 'bool' } } + ## # @SevCommonProperties: # @@ -1038,6 +1053,7 @@ # Since: 9.1 ## { 'struct': 'SevCommonProperties', + 'base': 'ConfidentialGuestSupportProperties', 'data': { '*sev-device': 'str', '*cbitpos': 'uint32', 'reduced-phys-bits': 'uint32', -- 2.43.0
