tmp: set memory attributes to private on x86

The current version of the mmap-support patches require that on x86,
memory attributes have to be set to private even if the guest_memfd VMA
is short-circuited back into the memslot (on ARM, memory attributes are
not even supported in this scenario).

Signed-off-by: Patrick Roy <[email protected]>

Author: roypat

src/vmm/src/builder.rs

@@ -266,6 +266,9 @@ pub fn build_microvm_for_boot(
             .map_err(VmmError::Vm)?;
     }
 
+    #[cfg(target_arch = "x86_64")]
+    vmm.vm.set_memory_private().map_err(VmmError::Vm)?;
+
     if let Some(swiotlb) = swiotlb {
         vmm.vm
             .register_swiotlb_region(swiotlb)

src/vmm/src/vstate/vm.rs

@@ -13,7 +13,7 @@ use std::os::fd::FromRawFd;
 use std::path::Path;
 use std::sync::Arc;
 
-use kvm_bindings::kvm_create_guest_memfd;
+use kvm_bindings::{KVM_MEMORY_ATTRIBUTE_PRIVATE, kvm_create_guest_memfd, kvm_memory_attributes};
 use kvm_ioctls::{Cap, VmFd};
 use userfaultfd::{FeatureFlags, Uffd, UffdBuilder};
 use vmm_sys_util::eventfd::EventFd;
@@ -68,6 +68,8 @@ pub enum VmError {
     GuestMemfd(kvm_ioctls::Error),
     /// guest_memfd is not supported on this host kernel.
     GuestMemfdNotSupported,
+    /// Failed to set memory attributes to private: {0}
+    SetMemoryAttributes(kvm_ioctls::Error),
 }
 
 /// Contains Vm functions that are usable across CPU architectures
@@ -310,6 +312,26 @@ impl Vm {
         self.common.swiotlb_regions.num_regions() > 0
     }
 
+    /// Sets the memory attributes on all guest_memfd-backed regions to private
+    pub fn set_memory_private(&self) -> Result<(), VmError> {
+        for region in self.guest_memory().iter() {
+            if region.inner().guest_memfd != 0 {
+                let attr = kvm_memory_attributes {
+                    address: region.start_addr().0,
+                    size: region.len(),
+                    attributes: KVM_MEMORY_ATTRIBUTE_PRIVATE as u64,
+                    ..Default::default()
+                };
+
+                self.fd()
+                    .set_memory_attributes(attr)
+                    .map_err(VmError::SetMemoryAttributes)?
+            }
+        }
+
+        Ok(())
+    }
+
     /// Returns an iterator over all regions, normal and swiotlb.
     fn all_regions(&self) -> impl Iterator<Item = &KvmRegion> {
         self.guest_memory()