tmp: set memory attributes to private on x86

roypat · roypat · commit 4ab07cb295a1 · 2025-04-09T12:59:31.000+01:00
The current version of the mmap-support patches require that on x86,
memory attributes have to be set to private even if the guest_memfd VMA
is short-circuited back into the memslot (on ARM, memory attributes are
not even supported in this scenario).

Signed-off-by: Patrick Roy &lt;roypat@amazon.co.uk&gt;
diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -264,6 +264,9 @@ pub fn build_microvm_for_boot(
         .register_memory_regions(guest_memory, secret_free)
         .map_err(VmmError::Vm)?;
 
+    #[cfg(target_arch = "x86_64")]
+    vmm.vm.set_memory_private().map_err(VmmError::Vm)?;
+
     if let Some(swiotlb) = swiotlb {
         vmm.vm
             .register_swiotlb_region(swiotlb)
diff --git a/src/vmm/src/vstate/vm.rs b/src/vmm/src/vstate/vm.rs
@@ -12,7 +12,10 @@ use std::os::fd::FromRawFd;
 use std::path::Path;
 use std::sync::Arc;
 
-use kvm_bindings::{kvm_create_guest_memfd, kvm_userspace_memory_region};
+use kvm_bindings::{
+    KVM_MEMORY_ATTRIBUTE_PRIVATE, kvm_create_guest_memfd, kvm_memory_attributes,
+    kvm_userspace_memory_region,
+};
 use kvm_ioctls::{Cap, VmFd};
 use userfaultfd::{FeatureFlags, Uffd, UffdBuilder};
 use vmm_sys_util::eventfd::EventFd;
@@ -67,6 +70,8 @@ pub enum VmError {
     GuestMemfd(kvm_ioctls::Error),
     /// guest_memfd is not supported on this host kernel.
     GuestMemfdNotSupported,
+    /// Failed to set memory attributes to private: {0}
+    SetMemoryAttributes(kvm_ioctls::Error),
 }
 
 /// Contains Vm functions that are usable across CPU architectures
@@ -312,6 +317,26 @@ impl Vm {
         self.common.swiotlb_regions.num_regions() > 0
     }
 
+    /// Sets the memory attributes on all guest_memfd-backed regions to private
+    pub fn set_memory_private(&self) -> Result<(), VmError> {
+        for region in self.guest_memory().iter() {
+            if region.inner().guest_memfd != 0 {
+                let attr = kvm_memory_attributes {
+                    address: region.start_addr().0,
+                    size: region.len(),
+                    attributes: KVM_MEMORY_ATTRIBUTE_PRIVATE as u64,
+                    ..Default::default()
+                };
+
+                self.fd()
+                    .set_memory_attributes(attr)
+                    .map_err(VmError::SetMemoryAttributes)?
+            }
+        }
+
+        Ok(())
+    }
+
     /// Returns an iterator over all regions, normal and swiotlb.
     fn all_regions(&self) -> impl Iterator<Item = &KvmRegion> {
         self.guest_memory()
