From: "Marc-André Lureau" <marcandre.lureau@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [PATCH v4 13/13] RFC: hw/virtio: start virtio-mem guest_memfd regions as shared
Date: Mon, 04 May 2026 16:30:19 +0400 [thread overview]
Message-ID: <20260504-rdm5-v4-13-bdf61e57c1e1@redhat.com> (raw)
In-Reply-To: <20260504-rdm5-v4-0-bdf61e57c1e1@redhat.com>
In TDX guests, virtio-mem plug/unplug/re-plug fails because
kvm_set_phys_mem() unconditionally sets KVM memory attributes to
PRIVATE for all guest_memfd regions. On re-plug, the PRIVATE->PRIVATE
transition is a no-op, so KVM doesn't re-AUG pages and the guest's
TDG.MEM.PAGE.ACCEPT fails.
Implement the "start-shared" approach: virtio-mem memory starts with
shared KVM attributes. The guest converts shared->private on plug (via
set_memory_encrypted -> MapGPA + ACCEPT), and back to shared on unplug
(via set_memory_decrypted). This ensures every plug triggers a real
SHARED->PRIVATE transition, causing KVM to AUG fresh pages.
Add RAM_GUEST_MEMFD_START_SHARED flag and set it during virtio-mem
realize for guest_memfd-backed regions. Use
ram_block_attributes_state_change() to properly update the attributes
bitmap through the API. Skip setting PRIVATE in kvm_set_phys_mem()
when the flag is set. On unplug, explicitly reset KVM attributes to
shared on the host side to handle the case where the guest skips
set_memory_decrypted().
See also virtio-comment "[PATCH RFC] virtio-mem: add shared/private memory property details".
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
include/system/memory.h | 6 ++++++
accel/kvm/kvm-all.c | 3 ++-
hw/virtio/virtio-mem.c | 27 ++++++++++++++++++++++++++-
3 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/include/system/memory.h b/include/system/memory.h
index 28a75dac4ae..9dbf67efe50 100644
--- a/include/system/memory.h
+++ b/include/system/memory.h
@@ -277,6 +277,12 @@ typedef struct IOMMUTLBEvent {
*/
#define RAM_PRIVATE (1 << 13)
+/*
+ * RAM with guest_memfd that should start with shared KVM memory
+ * attributes. The guest converts to private on use.
+ */
+#define RAM_GUEST_MEMFD_START_SHARED (1 << 14)
+
static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn,
IOMMUNotifierFlag flags,
hwaddr start, hwaddr end,
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 97463a683f4..c034e74c8e5 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1737,7 +1737,8 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
abort();
}
- if (memory_region_has_guest_memfd(mr)) {
+ if (memory_region_has_guest_memfd(mr) &&
+ !(mr->ram_block->flags & RAM_GUEST_MEMFD_START_SHARED)) {
err = kvm_set_memory_attributes_private(start_addr, slot_size);
if (err) {
error_report("%s: failed to set memory attribute private: %s",
diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 35e03ed7599..b46efe21126 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -19,6 +19,7 @@
#include "system/memory.h"
#include "system/numa.h"
#include "system/system.h"
+#include "system/kvm.h"
#include "system/ramblock.h"
#include "system/reset.h"
#include "system/runstate.h"
@@ -479,6 +480,11 @@ static int virtio_mem_set_block_state(VirtIOMEM *vmem, uint64_t start_gpa,
if (vmem->dynamic_memslots) {
virtio_mem_deactivate_unplugged_memslots(vmem, offset, size);
}
+ if (rb->flags & RAM_GUEST_MEMFD_START_SHARED) {
+ kvm_set_memory_attributes_shared(start_gpa, size);
+ ram_block_attributes_state_change(rb->attributes,
+ offset, size, false);
+ }
return 0;
}
@@ -606,10 +612,12 @@ static int virtio_mem_unplug_all(VirtIOMEM *vmem)
RAMBlock *rb = vmem->memdev->mr.ram_block;
if (vmem->size) {
+ uint64_t used = qemu_ram_get_used_length(rb);
+
if (virtio_mem_is_busy()) {
return -EBUSY;
}
- if (ram_block_discard_range(rb, 0, qemu_ram_get_used_length(rb))) {
+ if (ram_block_discard_range(rb, 0, used)) {
return -EBUSY;
}
virtio_mem_notify_unplug_all(vmem);
@@ -622,6 +630,11 @@ static int virtio_mem_unplug_all(VirtIOMEM *vmem)
if (vmem->dynamic_memslots) {
virtio_mem_deactivate_unplugged_memslots(vmem, 0, region_size);
}
+ if (rb->flags & RAM_GUEST_MEMFD_START_SHARED) {
+ kvm_set_memory_attributes_shared(vmem->addr, used);
+ ram_block_attributes_state_change(rb->attributes,
+ 0, used, false);
+ }
}
trace_virtio_mem_unplugged_all();
@@ -859,6 +872,18 @@ static void virtio_mem_device_realize(DeviceState *dev, Error **errp)
rb = vmem->memdev->mr.ram_block;
page_size = qemu_ram_pagesize(rb);
+ /*
+ * For CoCo VMs with guest_memfd, use the "start-shared" model:
+ * memory starts as shared and the guest converts to private on
+ * plug.
+ */
+ if (rb->flags & RAM_GUEST_MEMFD) {
+ rb->flags |= RAM_GUEST_MEMFD_START_SHARED;
+ ram_block_attributes_state_change(rb->attributes, 0,
+ qemu_ram_get_used_length(rb),
+ false);
+ }
+
if (virtio_mem_has_legacy_guests()) {
switch (vmem->unplugged_inaccessible) {
case ON_OFF_AUTO_AUTO:
--
2.54.0
next prev parent reply other threads:[~2026-05-04 12:32 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-04 12:30 [PATCH v4 00/13] Make RamDiscardManager work with multiple sources & virtio-mem Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 01/13] system/memory: split RamDiscardManager into source and manager Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 02/13] system/memory: move RamDiscardManager to separate compilation unit Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 03/13] system/memory: constify section arguments Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 04/13] system/ram-discard-manager: implement replay via is_populated iteration Marc-André Lureau
2026-05-13 20:40 ` Peter Xu
2026-05-04 12:30 ` [PATCH v4 05/13] virtio-mem: remove replay_populated/replay_discarded implementation Marc-André Lureau
2026-05-13 20:40 ` Peter Xu
2026-05-04 12:30 ` [PATCH v4 06/13] system/ram-discard-manager: drop replay from source interface Marc-André Lureau
2026-05-13 20:40 ` Peter Xu
2026-05-04 12:30 ` [PATCH v4 07/13] system/memory: implement RamDiscardManager multi-source aggregation Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 08/13] system/physmem: destroy ram block attributes before RCU-deferred reclaim Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 09/13] system/memory: add RamDiscardManager reference counting and cleanup Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 10/13] tests: add unit tests for RamDiscardManager multi-source aggregation Marc-André Lureau
2026-05-04 12:30 ` [PATCH v4 11/13] system/physmem: make ram_block_discard_range() handle guest_memfd Marc-André Lureau
2026-05-13 20:37 ` Peter Xu
2026-05-04 12:30 ` [PATCH v4 12/13] monitor: add 'info ramblock-attributes' command Marc-André Lureau
2026-05-13 20:39 ` Peter Xu
2026-05-04 12:30 ` Marc-André Lureau [this message]
2026-05-13 20:47 ` [PATCH v4 13/13] RFC: hw/virtio: start virtio-mem guest_memfd regions as shared Peter Xu
2026-05-14 7:32 ` Chenyi Qiang
2026-05-13 20:53 ` [PATCH v4 00/13] Make RamDiscardManager work with multiple sources & virtio-mem Peter Xu
2026-05-14 5:15 ` Chenyi Qiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260504-rdm5-v4-13-bdf61e57c1e1@redhat.com \
--to=marcandre.lureau@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.