tmp: set memory attributes to private on x86

roypat · roypat · commit 302b051269c6 · 2025-04-25T14:19:26.000+01:00
The current version of the mmap-support patches require that on x86,
memory attributes have to be set to private even if the guest_memfd VMA
is short-circuited back into the memslot (on ARM, memory attributes are
not even supported in this scenario).

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -253,6 +253,9 @@ pub fn build_microvm_for_boot(
         .register_memory_regions(guest_memory)
         .map_err(VmmError::Vm)?;
 
+    #[cfg(target_arch = "x86_64")]
+    vmm.vm.set_memory_private().map_err(VmmError::Vm)?;
+
     let entry_point = load_kernel(
         MaybeBounce::new(boot_config.kernel_file.try_clone().unwrap(), secret_free),
         vmm.vm.guest_memory(),
diff --git a/src/vmm/src/vstate/vm.rs b/src/vmm/src/vstate/vm.rs
@@ -13,7 +13,7 @@ use std::path::Path;
 use std::sync::Arc;
 
 use kvm_bindings::{
-    KVM_MEM_GUEST_MEMFD, KVM_MEM_LOG_DIRTY_PAGES, kvm_create_guest_memfd,
+    KVM_MEM_GUEST_MEMFD, KVM_MEM_LOG_DIRTY_PAGES, KVM_MEMORY_ATTRIBUTE_PRIVATE, kvm_create_guest_memfd, kvm_memory_attributes,
     kvm_userspace_memory_region, kvm_userspace_memory_region2,
 };
 use kvm_ioctls::{Cap, VmFd};
@@ -68,6 +68,8 @@ pub enum VmError {
     GuestMemfd(kvm_ioctls::Error),
     /// guest_memfd is not supported on this host kernel.
     GuestMemfdNotSupported,
+    /// Failed to set memory attributes to private: {0}
+    SetMemoryAttributes(kvm_ioctls::Error),
 }
 
 /// Contains Vm functions that are usable across CPU architectures
@@ -274,6 +276,24 @@ impl Vm {
         &self.common.guest_memory
     }
 
+    /// Sets the memory attributes on all guest_memfd-backed regions to private
+    pub fn set_memory_private(&self) -> Result<(), VmError> {
+        for region in self.guest_memory().iter() {
+            let attr = kvm_memory_attributes {
+                address: region.start_addr().0,
+                size: region.len(),
+                attributes: KVM_MEMORY_ATTRIBUTE_PRIVATE as u64,
+                ..Default::default()
+            };
+
+            self.fd()
+                .set_memory_attributes(attr)
+                .map_err(VmError::SetMemoryAttributes)?
+        }
+
+        Ok(())
+    }
+
     /// Resets the KVM dirty bitmap for each of the guest's memory regions.
     pub fn reset_dirty_bitmap(&self) {
         self.guest_memory()
