From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926842; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=DfrfmThPDcQ5vor8M9g1OeXGwKBXKT5fMK5TlbuWZ/zldCc9IP+IL+7CbyrPUSqwF31g5vTJ0eGgVADvObqVJu69jTOPBtbHsFdNxhGs97fP5hLgMa89G/zKIGFI2iZN9y0X5FVwII88yx+d4AOfM/qBxOSihaA86wiVXYGiIDs=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926842;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=mtMqU+Z7r/iC6dFVUfUvh7Dedue+Qx7VZulVemFDXaE=;
	b=RYxXdHtUyJ/SamaMR7E4QZpXattX7lHYfH60Oq+kJ9m+EgAMUHZkmItnKxPy826a/7pQqNrqNkocoyc5S0z/MBXuxfcWcD2nMRLWl4/4k9iUgO+3GaZ0J+tA7dFcbs1n6/1LXelj0AjEwQooE5L3bdgnKQL2iqU0+t2PkI7gP8w=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926842181711.7653446086447;
 Wed, 27 May 2026 17:07:22 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOHG-00056z-Nf; Wed, 27 May 2026 20:07:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOH0-0004wN-7a
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:55 -0400
Received: from mail-westus2azlp170120002.outbound.protection.outlook.com
 ([2a01:111:f403:c007::2] helo=MW6PR02CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOGu-0004Cy-Du
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:50 -0400
Received: from PH8P222CA0010.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:2d7::8)
 by DM6PR12MB4451.namprd12.prod.outlook.com (2603:10b6:5:2ab::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.18; Thu, 28 May
 2026 00:06:40 +0000
Received: from SN1PEPF000252A1.namprd05.prod.outlook.com
 (2603:10b6:510:2d7:cafe::78) by PH8P222CA0010.outlook.office365.com
 (2603:10b6:510:2d7::8) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:06:40 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:06:40 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:06:39 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=vkkMgIMSNwezHkmXpXn5dgbeemxz1gvitxSHc3gQ4P94SI1nN1McfEoX/4bvn2uv9tJYmwSC61Fnz0LLGIesWRK5B+A/VaqjuaK7sMfeFlPdwzB1Ftep64/nfBYF6cYonwQYDkz7/PbPavh1Au8UfYZTO+taufL/bdszMlg/w4uS04CR62iQWs1S/uBdmLGb4Yh1L86ET2RbRXEmVTjK3ynjZih1g1AnP8bD496wvqU1eQ0Gz1Dt9ycBs2jbSZjbligEjWCbKsqhEFvQ4Ss0TeyEsfTcoh++Av4MGwTvWhvM10TmuGrU5nJ4+MINz59jnuw5hNVqFXQg12h+NeX9JA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=mtMqU+Z7r/iC6dFVUfUvh7Dedue+Qx7VZulVemFDXaE=;
 b=HqNlvQSUTej+POdWa4oisfiVwgCXjmY3S5EZS/YdjMiXJwOiqH2vA5P7UWsN5AGiWm6DfP1pYSzL4NwVqbmiGaIxwXNGYr2G5Rk4CPJaIohouKyL/Fq6FbrLIYb3Q51wKqq9x+4WrRVYM+IoGiUQPP8xNpP1T9g2LLcMS6ir6PCv81q5TmQcTU9g7XkVQhWUyCEUdMNedMp5k0FjkpSuGFDr7/JXtYI2Rdj7JxLLqU/6MXFSgKI4eBO4A2cpy6EARc3Gy6Y718oTJb3iEWFklCWJh77ET+In4ja+ROs3qtiBlvuP+9RSe79iNZVjieQ+u1CVNhqGKCwcA/7nlcmC3A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=mtMqU+Z7r/iC6dFVUfUvh7Dedue+Qx7VZulVemFDXaE=;
 b=SvCqHa8fNjl0IEuUdq7LMXewe/YfQORDVf9Kuaa8cE/M1AMvqhrK3yOgbnytoaVPxuGzyvllb2IRl5XwMcV0vbIfvYowSFcZqDN/ahLjLl8iopRZ8a4mhqvZYH3JH2APSKwjsm0/YG66zP4xUu3sWK4LbQIcFjYqa+XkzIE3uo8=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 01/12] accel/kvm: Decouple guest_memfd checks from memory
 attribute checks
Date: Wed, 27 May 2026 19:03:26 -0500
Message-ID: <20260528000416.8161-2-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|DM6PR12MB4451:EE_
X-MS-Office365-Filtering-Correlation-Id: 43b30e9f-5a55-44b3-3958-08debc4cfe39
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|1800799024|376014|7416014|36860700016|82310400026|11063799006|18002099003|22082099003|6133799003|56012099006;
X-Microsoft-Antispam-Message-Info: 
 Agal6DOEi1NeF55mlEzdj9hgLvFEFk41FYmJprtR5+EwIx8mFquS9PafW8wk+Ynbgy3JlSejDmcfUtjiObssV228oiRKC9seYswQ1IAkyeRD78rTU4lqIMCmaHubmujQiQ7WPNBVtYnXGwEHSW4e67HKuuRFVdwHDteEyi+rNsGblovkQUHD59LRx5PR548/Usv7ECtwermQienpsF+6YPGJWKjR7an0hZ3TnzbCEu/Ovqwmrf57wVF9He0IT4akk9RBYWeJgV6lsT2gpcbWmHThDEKmbueK807hbUWAvw/Lv8xCS5jSp/zazsxy3oBMa7zSDHneNNQPQcCKE7s2d7d5RoCo2zHyg2GLkh13186FdE8BYEuztpvNGvN5j7xP6bTZE5CCH65kp/TV+eEI7SFBjhQtAQziIn0EWvtRkBykiU3MzoCIIzZJ4YigQlzyk/hk4BmdZjDGd9mc9Jlp2LrluS1SCjWX7PiQh3oIw0TN3Vz/Pzh9guDOZjtkdRdr3jYBS76rf6TJGRtmhLQ+8t3UK+8mnE7vX2CBVbXRKiq+YNdoA4ma2NQgI76F2Ci69LtYZKZmbbWQf/Xh46RyacZbaXRkxU88PKEJwR0YzyayTzjAs8dIRe9fFqeNmQiOVUMlC+GQN0EW0yX0l7ajNURsGyvrFpZgIxF9OVk/2hipkQ6UBnH5hkgYvIUmqsYzStx3PN5V80MwbehLMHPcMI5cNT0xyBznzigTFg0rLBQ=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(1800799024)(376014)(7416014)(36860700016)(82310400026)(11063799006)(18002099003)(22082099003)(6133799003)(56012099006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 Etm0OAbVPaSkx41YHq2kkFwmE97dlMLPaBw2v4GvVHXCvgUEl/4LbJEYfiVzLQGiGpxD0HMF1kw77MLla6OK/MsJn6Ij5qdd/2/+RbJM4efmoHBL81iW+Yi358ikWQd1JpOfdZzRo9chkwJW0ERMuPjm3mM/r5uk0skMClJASI/atX0rBilnYoqkwckyQXp03x4lLabasVUnFpwGHpfJUVKWIEljE2yu6uEmObSh0wBSWPcq9dAE0pet/f/FYFP++edWMIOKs2CKRQ8rMrbZKkyekOgzjPheLM7X5lwPoo4OYq+2GCDutTtr7Jb4dxqScBxNmfoOzp90IL/LvE35gcRqAmd5aO6Ei4Wpxea2ol6gNei2btyyKkI+rM0FKmebxQ+OTcM44G6yB+6PTLatDF82Vscz9bJYLVldiVQNXXDcDE6XaPEh6oApyA6+DsFk
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:06:40.1225 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 43b30e9f-5a55-44b3-3958-08debc4cfe39
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A1.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4451
Received-SPF: permerror client-ip=2a01:111:f403:c007::2;
 envelope-from=Michael.Roth@amd.com;
 helo=MW6PR02CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926843436158500
Content-Type: text/plain; charset="utf-8"

Currently QEMU supports using guest_memfd internally (separately from
user-specified memory backends) to handle private memory for
confidential VMs, and as a result has checks for guest_memfd support
merged with checks to see if KVM can handle mapping private memory (as
determined by KVM_MEMORY_ATTRIBUTE_PRIVATE).

Future QEMU support will allow using guest_memfd not just for private
memory, but as mmap()'able memory that can be used by non-confidential
guests as well.

In prep for this, split the checks for guest_memfd out from the check
for KVM_MEMORY_ATTRIBUTE_PRIVATE, and rename the current
kvm_create_guest_memfd() to kvm_create_guest_memfd_private() to
self-document current behavior/expectations and disambiguate from future
helpers intended for creating a guest_memfd to handle non-private/shared
memory. While there, fix up the missing error_setg() handling in the
stub functions.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c     | 20 +++++++++++++++++---
 accel/stubs/kvm-stub.c  |  3 ++-
 include/system/kvm.h    |  2 +-
 include/system/memory.h |  5 +++--
 system/physmem.c        |  8 ++++----
 5 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 585f1cea35..02911ff6e3 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -795,6 +795,11 @@ static int kvm_mem_flags(MemoryRegion *mr)
     }
     if (memory_region_has_guest_memfd(mr)) {
         assert(kvm_guest_memfd_supported);
+        /*
+         * memory_region_has_guest_memfd() is specifically pertaining to
+         * using guest_memfd to handle private memory use cases.
+         */
+        assert(kvm_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIV=
ATE);
         flags |=3D KVM_MEM_GUEST_MEMFD;
     }
     return flags;
@@ -3066,8 +3071,7 @@ static int kvm_init(AccelState *as, MachineState *ms)
     kvm_supported_memory_attributes =3D kvm_vm_check_extension(s, KVM_CAP_=
MEMORY_ATTRIBUTES);
     kvm_guest_memfd_supported =3D
         kvm_vm_check_extension(s, KVM_CAP_GUEST_MEMFD) &&
-        kvm_vm_check_extension(s, KVM_CAP_USER_MEMORY2) &&
-        (kvm_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE);
+        kvm_vm_check_extension(s, KVM_CAP_USER_MEMORY2);
     kvm_pre_fault_memory_supported =3D kvm_vm_check_extension(s, KVM_CAP_P=
RE_FAULT_MEMORY);
=20
     if (s->kernel_irqchip_split =3D=3D ON_OFF_AUTO_AUTO) {
@@ -4854,7 +4858,7 @@ void kvm_mark_guest_state_protected(void)
     kvm_state->guest_state_protected =3D true;
 }
=20
-int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp)
+static int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **e=
rrp)
 {
     int fd;
     struct kvm_create_guest_memfd guest_memfd =3D {
@@ -4875,3 +4879,13 @@ int kvm_create_guest_memfd(uint64_t size, uint64_t f=
lags, Error **errp)
=20
     return fd;
 }
+
+int kvm_create_guest_memfd_private(uint64_t size, Error **errp)
+{
+    if (!(kvm_supported_memory_attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE))=
 {
+        error_setg(errp, "KVM does not support using guest_memfd for priva=
te memory");
+        return -1;
+    }
+
+    return kvm_create_guest_memfd(size, 0, errp);
+}
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index c4617caac6..1940bcbd2c 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -139,7 +139,8 @@ bool kvm_hwpoisoned_mem(void)
     return false;
 }
=20
-int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp)
+int kvm_create_guest_memfd_private(uint64_t size, Error **errp)
 {
+    error_setg(errp, "guest_memfd is not supported for this configuration"=
);
     return -ENOSYS;
 }
diff --git a/include/system/kvm.h b/include/system/kvm.h
index 5fa33eddda..aeb0c7ca8f 100644
--- a/include/system/kvm.h
+++ b/include/system/kvm.h
@@ -561,7 +561,7 @@ void kvm_mark_guest_state_protected(void);
  */
 bool kvm_hwpoisoned_mem(void);
=20
-int kvm_create_guest_memfd(uint64_t size, uint64_t flags, Error **errp);
+int kvm_create_guest_memfd_private(uint64_t size, Error **errp);
=20
 int kvm_set_memory_attributes_private(hwaddr start, uint64_t size);
 int kvm_set_memory_attributes_shared(hwaddr start, uint64_t size);
diff --git a/include/system/memory.h b/include/system/memory.h
index 1417132f6d..24c68720aa 100644
--- a/include/system/memory.h
+++ b/include/system/memory.h
@@ -1745,9 +1745,10 @@ bool memory_region_is_protected(const MemoryRegion *=
mr);
=20
 /**
  * memory_region_has_guest_memfd: check whether a memory region has guest_=
memfd
- *     associated
+ *     associated with it for handling private memory
  *
- * Returns %true if a memory region's ram_block has valid guest_memfd assi=
gned.
+ * Returns %true if a memory region's ram_block has valid guest_memfd assi=
gned
+ * for handling private memory.
  *
  * @mr: the memory region being queried
  */
diff --git a/system/physmem.c b/system/physmem.c
index 7bcbf87573..04c7c38721 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -2202,8 +2202,8 @@ static void ram_block_add(RAMBlock *new_block, Error =
**errp)
             goto out_free;
         }
=20
-        new_block->guest_memfd =3D kvm_create_guest_memfd(new_block->max_l=
ength,
-                                                        0, errp);
+        new_block->guest_memfd =3D kvm_create_guest_memfd_private(new_bloc=
k->max_length,
+                                                                errp);
         if (new_block->guest_memfd < 0) {
             qemu_mutex_unlock_ramlist();
             goto out_free;
@@ -2835,8 +2835,8 @@ int ram_block_rebind(Error **errp)
             if (block->guest_memfd >=3D 0) {
                 close(block->guest_memfd);
             }
-            block->guest_memfd =3D kvm_create_guest_memfd(block->max_lengt=
h,
-                                                        0, errp);
+            block->guest_memfd =3D kvm_create_guest_memfd_private(block->m=
ax_length,
+                                                                errp);
             if (block->guest_memfd < 0) {
                 qemu_mutex_unlock_ramlist();
                 return -1;
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926850; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=AMC6odgVZ2LKLzluGVAoBPZelPdCf9h/iajQWZzqoQbYNcac3VTC1xtQY/o9Dyunrdl+lPb6j5aJ6bDthpuyqubK+XAKgo/NuI5mT6dWAnx2OHXQfbttJ7wiP+ldO35SV+sDAzrKCe4sel0RbOBLM95z4eY4QXgoMJxlsyFBD0A=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926850;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=lPSEL+debwnbzMHvk7DlbLgXycL1K8gupIP8QRoxvik=;
	b=GibwhEqxAoLgTzb/CritQKjrazw5cFFrfA7SURft6qW9APSfg0SNTNMeGT86h/pvu6N6xk92LVhugqhBdmmR68zT1BeEHz4lI/rVwlQ8LRCDJLfK0dF03IhBXBPGl8Wyex8SejG30AipWJIShPc1Mh4HyyFv1ZinO9LR+hkksdo=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926850523482.7507493460714;
 Wed, 27 May 2026 17:07:30 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOHT-0005E0-Gj; Wed, 27 May 2026 20:07:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOHK-00059g-1Z
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:07:14 -0400
Received: from
 mail-southcentralusazlp170110003.outbound.protection.outlook.com
 ([2a01:111:f403:c10d::3] helo=SN4PR0501CU005.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOHF-0004Kx-UO
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:07:13 -0400
Received: from SA9P221CA0025.NAMP221.PROD.OUTLOOK.COM (2603:10b6:806:25::30)
 by DS4PR12MB9659.namprd12.prod.outlook.com (2603:10b6:8:27f::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.17; Thu, 28 May
 2026 00:07:01 +0000
Received: from SN1PEPF000252A2.namprd05.prod.outlook.com
 (2603:10b6:806:25:cafe::22) by SA9P221CA0025.outlook.office365.com
 (2603:10b6:806:25::30) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.12 via Frontend Transport; Thu, 28
 May 2026 00:07:01 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A2.mail.protection.outlook.com (10.167.242.9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:07:00 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:07:00 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=NZTDSa7JhMNgrXKqhzpkcRrrPgHcePV6/RUtLw8vj3NiTRXWhdjAkLQcHpLcKy385nkhVPzmf+HemcDKNBvWOpar4eBFUya7TYGBRzyVs6QsF/UzScHNxhFmlkLqAUCNpCoqA4CG8wjZu5sTpwXqT5wxRTPJimnkHSshDo1Kx6/aZntaZYTLMGGzB7vUk3nCSYZnrig2btrnkZX0xeHVdCvu8HgAnEuvcM7WYrUbymgiQ1KVZXCDWcu6hosQNJv9V8N+DSKkQUZ0Qomnnluh2Qa3519fPFJy3pIGxOf/JQKDQOHWLmLysXelxio47J1BPInEJU23JxCxGW+T8CwbsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=lPSEL+debwnbzMHvk7DlbLgXycL1K8gupIP8QRoxvik=;
 b=d30NMuv5cuwfMs5znklHJ0Iyze1QeUY3EqpmaIYgBKBtLGsYmG4Q7TN19Pkuae13cHXFU/zOnfcZqJGamQtKY//zUt+Ty0D0QbVErMuxCuWiu4QXBw3wLpSJE4aILL84ODcdN+E92xr7pDbEf26MpCo29MmD6OJMWVohGPcD6tYv3kLe4dPiE0c0ompT+uerptzut6iCId59925rtZ6TYlZiyQo1f90kutCN6yyRrl9LQcue50yiosMPfMpyyG/S1uJ2h89etTVdww+WKJMWiQoJ1T1AdpklrPGtB0iG/kU0kq4NpQbmAtmUHVZpt+abMg87x2GXQMnPW37noYVyNQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=lPSEL+debwnbzMHvk7DlbLgXycL1K8gupIP8QRoxvik=;
 b=U+G/5UwRFmM1HCeOsTmYHdFr4qmObaqcilfOg6G9B6OnkJ6l/+YhfBucHmtUWKz8q7BKIhqvddlWk2KPsdgr+j5TRpElDi1o2Ix1JQEFQcj4TFhikzE1potOtjkCWnxFfXuDHEShhMN7PLRrb/SZnqWrQPUonpV5C1hEAylw44I=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 02/12] hostmem: Introduce dedicated memory backend for
 guest_memfd
Date: Wed, 27 May 2026 19:03:27 -0500
Message-ID: <20260528000416.8161-3-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A2:EE_|DS4PR12MB9659:EE_
X-MS-Office365-Filtering-Correlation-Id: 4968c41e-bae7-4877-dce9-08debc4d0a89
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|82310400026|36860700016|1800799024|376014|7416014|22082099003|18002099003|11063799006|6133799003|56012099006;
X-Microsoft-Antispam-Message-Info: 
 TcqXHLrXdQMQpooAD6zkNglNOt9l+bW+6C9mOkUlU+tSlmAu3LjFWOtTGdidcNpa0vRiEN3JVWPx6SzUif/Bvh1uaSFbEziOLO724gGjLTg2lCKxUBZujUwIjnmAloB9pgjbEKjcOPgnHCBvxSKh/TnPU4uBc/0TMRhEkQFBo5XbWQstW2C3cZFnMW2nsdm5fUXT6K02JM1FOwEAeYd2Hdr05YC2QAKlGnlykSCc2YYMIoFQ2CSy39twKWMxH0jeTcqns0J/ff79ZX8w/lqdFGhF5gmKVZvGKv8jXw0oJGE2X1qfTqWqxKoyKUzJ5L8dVZfvqXxMbIX9SlW4zR4w5qXJp5Q28avrpQ9B8f6aGiI5CxgAhlegx5JWZWj3+98TJyrB1MLeD4Z3OaFQCDP7xpv8dTMKymw3a1LWS6voy+miQ0rX74LEqNRiqXESKk10spoAOfbb0AOTl457moYDuXU+KuZ0l4eO4n29hffPlclACZXOUGah5tHi8hDXAoUaj7Oot7WBztt+f6IqF+Ik5uRDKVZcW/le0ARVKnaa8+Qs1gEwaZcOb/meE5aqE8EqG918agQYG1BTGEsnuLb5fJ2TQo2S5B9r0/sugA82WbcGh3y262ZFVO+wRu1bPXkSQykUS1IPvP/mZJCQu0hSAEsZ7nfv2o3LOEsBLYVSfGnoqhJQ2y6YpIEffXRLhYlKivDMYSEUUTQe9a8YDLtCwvKz8c5LDMM2a9vcyW4Y3yQ=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(82310400026)(36860700016)(1800799024)(376014)(7416014)(22082099003)(18002099003)(11063799006)(6133799003)(56012099006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 HelIj+BSiMAhAPxbJZIlPLJ/ofB/5GQ0s7I+aX0D27konJ3SSkGYP5jWvrINeiS9SNV4aWkNRfGd3s9C9BBCw8W1LzG62LsCG2NpVEKkW57aVRm9g9BY4x/rlPL37c1gvgVXQ5cpy78bMRvX4ssOeD7GGCx1RQS5LYoRG1aig8Z0RPsqbX2doIGoBQWuQSbjH9F+1fq1FwNjny0t5PEKvx3IwDD+V9Lu3+Q0+tmSUMMpRgWiCPqBaY7HvARNgo92LibLy7oa2u20doI3Pl2/L2vQVVH5x4e8eyq9SUovQIHMBDann5zVMgi3JpJvPT6/dSigPJeleWJVl+Hz10NpVj0yJslQtQvTJfQGtjLarMGI6OYOSup0OttyTyoFFRqwEQlSmUqBc53OShkRgQhzEvmcdlSBo+WXkUNXsL6Tly2SMUEyPtMc0V2I0yuM8Aeb
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:07:00.7850 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 4968c41e-bae7-4877-dce9-08debc4d0a89
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A2.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS4PR12MB9659
Received-SPF: permerror client-ip=2a01:111:f403:c10d::3;
 envelope-from=Michael.Roth@amd.com;
 helo=SN4PR0501CU005.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 PDS_LTC_HUSH=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926851559158500
Content-Type: text/plain; charset="utf-8"

In the initial implementation of guest_memfd in the linux kernel, it
was not possible to map memory into userspace for direct access; instead
the memory provided by the memory backend would be used for cases where
a confidential VM wants to access normal/unprotected/unencrypted memory
that can be used for shared memory use cases, and for access to private
memory a guest_memfd could be associated with the same memslot. A memory
'private' attribute set via KVM_SET_MEMORY_ATTRIBUTES could then be used
to have KVM route to the approprate backing memory.

In that model, it didn't make sense to introduce a specific backend for
guest_memfd, since there was always a generally need to have a separate
backend type to handle shared memory access/allocation. Instead, QEMU
configures the guest_memfd support for the associated memslots
internally for cases where it is running a confidential VM.

However, with recent changes in guest_memfd kernel support, it is now
possible to mmap() a guest_memfd FD into userspace and use it for shared
memory, as well as continue to use the same physical pages for the same
GPA ranges after they are converted to private ("in-place conversion").

To enable the use of this mmap()-able/guest_memfd-provided memory to be
used for normal/shared memory instead of just for private memory,
introduce a dedicated guest_memfd memory backend that can be used both
for confidential VMs that wish to make use of in-place conversion, as
well as for non-confidential VMs that just want to make use of
guest_memfd for normal memory (which can be useful both for testing as
well as a stepping stone to things like software-protected VMs where the
host can be trusted to provided some additional degree of isolation for
the VM independently of hardware support).

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c            | 15 ++++++
 accel/stubs/kvm-stub.c         |  6 +++
 backends/hostmem-guest-memfd.c | 92 ++++++++++++++++++++++++++++++++++
 backends/meson.build           |  1 +
 include/system/hostmem.h       |  1 +
 include/system/kvm.h           |  1 +
 qapi/qom.json                  | 19 ++++++-
 qemu-options.hx                |  5 ++
 8 files changed, 139 insertions(+), 1 deletion(-)
 create mode 100644 backends/hostmem-guest-memfd.c

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 02911ff6e3..e6ae2e8ced 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -108,6 +108,7 @@ static bool kvm_has_guest_debug;
 static int kvm_sstep_flags;
 static bool kvm_immediate_exit;
 static uint64_t kvm_supported_memory_attributes;
+static uint64_t kvm_supported_guest_memfd_flags;
 static bool kvm_guest_memfd_supported;
 static hwaddr kvm_max_slot_size =3D ~0;
=20
@@ -3069,6 +3070,7 @@ static int kvm_init(AccelState *as, MachineState *ms)
     }
=20
     kvm_supported_memory_attributes =3D kvm_vm_check_extension(s, KVM_CAP_=
MEMORY_ATTRIBUTES);
+    kvm_supported_guest_memfd_flags =3D kvm_vm_check_extension(s, KVM_CAP_=
GUEST_MEMFD_FLAGS);
     kvm_guest_memfd_supported =3D
         kvm_vm_check_extension(s, KVM_CAP_GUEST_MEMFD) &&
         kvm_vm_check_extension(s, KVM_CAP_USER_MEMORY2);
@@ -4889,3 +4891,16 @@ int kvm_create_guest_memfd_private(uint64_t size, Er=
ror **errp)
=20
     return kvm_create_guest_memfd(size, 0, errp);
 }
+
+int kvm_create_guest_memfd_shared(uint64_t size, Error **errp)
+{
+    if (!(kvm_supported_guest_memfd_flags & GUEST_MEMFD_FLAG_MMAP) ||
+        !(kvm_supported_guest_memfd_flags & GUEST_MEMFD_FLAG_INIT_SHARED))=
 {
+        error_setg(errp, "KVM does not support using guest_memfd for share=
d memory");
+        return -1;
+    }
+
+    return kvm_create_guest_memfd(size,
+                                  GUEST_MEMFD_FLAG_MMAP | GUEST_MEMFD_FLAG=
_INIT_SHARED,
+                                  errp);
+}
diff --git a/accel/stubs/kvm-stub.c b/accel/stubs/kvm-stub.c
index 1940bcbd2c..e50329f26e 100644
--- a/accel/stubs/kvm-stub.c
+++ b/accel/stubs/kvm-stub.c
@@ -144,3 +144,9 @@ int kvm_create_guest_memfd_private(uint64_t size, Error=
 **errp)
     error_setg(errp, "guest_memfd is not supported for this configuration"=
);
     return -ENOSYS;
 }
+
+int kvm_create_guest_memfd_shared(uint64_t size, Error **errp)
+{
+    error_setg(errp, "guest_memfd is not supported for this configuration"=
);
+    return -ENOSYS;
+}
diff --git a/backends/hostmem-guest-memfd.c b/backends/hostmem-guest-memfd.c
new file mode 100644
index 0000000000..deb796a6bd
--- /dev/null
+++ b/backends/hostmem-guest-memfd.c
@@ -0,0 +1,92 @@
+/*
+ * QEMU guest_memfd memory backend
+ *
+ * Copyright (C) 2026 Advanced Micro Devices, Inc.
+ *
+ * Authors:
+ *   Michael Roth <michael.roth@amd.com>
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "system/hostmem.h"
+#include "qom/object_interfaces.h"
+#include "qemu/module.h"
+#include "qapi/error.h"
+#include "qom/object.h"
+#include "migration/cpr.h"
+#include "system/kvm.h"
+
+OBJECT_DECLARE_SIMPLE_TYPE(HostMemoryBackendGuestMemfd, MEMORY_BACKEND_GUE=
ST_MEMFD)
+
+struct HostMemoryBackendGuestMemfd {
+    HostMemoryBackend parent_obj;
+};
+
+static bool
+guest_memfd_backend_memory_alloc(HostMemoryBackend *backend, Error **errp)
+{
+    g_autofree char *name =3D host_memory_backend_get_name(backend);
+    int fd =3D cpr_find_fd(name, 0);
+    uint32_t ram_flags;
+
+    if (!backend->size) {
+        error_setg(errp, "can't create backend with size 0");
+        return false;
+    }
+
+    if (!backend->share) {
+        error_setg(errp, "can't create backend with share=3Doff");
+        return false;
+    }
+
+    if (fd >=3D 0) {
+        goto have_fd;
+    }
+
+    fd =3D kvm_create_guest_memfd_shared(backend->size, errp);
+    if (fd < 0) {
+        return false;
+    }
+    cpr_save_fd(name, 0, fd);
+
+have_fd:
+    backend->aligned =3D true;
+    ram_flags =3D backend->share ? RAM_SHARED : RAM_PRIVATE;
+    ram_flags |=3D backend->reserve ? 0 : RAM_NORESERVE;
+    ram_flags |=3D backend->guest_memfd ? RAM_GUEST_MEMFD : 0;
+    return memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), n=
ame,
+                                          backend->size, ram_flags, fd, 0,=
 errp);
+}
+
+static void
+guest_memfd_backend_instance_init(Object *obj)
+{
+    HostMemoryBackendGuestMemfd *m =3D MEMORY_BACKEND_GUEST_MEMFD(obj);
+
+    MEMORY_BACKEND(m)->share =3D true;
+}
+
+static void
+guest_memfd_backend_class_init(ObjectClass *oc, const void *data)
+{
+    HostMemoryBackendClass *bc =3D MEMORY_BACKEND_CLASS(oc);
+
+    bc->alloc =3D guest_memfd_backend_memory_alloc;
+}
+
+static const TypeInfo guest_memfd_backend_info =3D {
+    .name =3D TYPE_MEMORY_BACKEND_GUEST_MEMFD,
+    .parent =3D TYPE_MEMORY_BACKEND,
+    .instance_init =3D guest_memfd_backend_instance_init,
+    .class_init =3D guest_memfd_backend_class_init,
+    .instance_size =3D sizeof(HostMemoryBackendGuestMemfd),
+};
+
+static void register_types(void)
+{
+    type_register_static(&guest_memfd_backend_info);
+}
+
+type_init(register_types);
diff --git a/backends/meson.build b/backends/meson.build
index 60021f45d1..6c53f4a097 100644
--- a/backends/meson.build
+++ b/backends/meson.build
@@ -20,6 +20,7 @@ endif
 if host_os =3D=3D 'linux'
   system_ss.add(files('hostmem-memfd.c'))
   system_ss.add(files('host_iommu_device.c'))
+  system_ss.add(files('hostmem-guest-memfd.c'))
 endif
 if keyutils.found()
     system_ss.add(keyutils, files('cryptodev-lkcf.c'))
diff --git a/include/system/hostmem.h b/include/system/hostmem.h
index 88fa791ac7..2d0c25a43e 100644
--- a/include/system/hostmem.h
+++ b/include/system/hostmem.h
@@ -41,6 +41,7 @@ OBJECT_DECLARE_TYPE(HostMemoryBackend, HostMemoryBackendC=
lass,
=20
 #define TYPE_MEMORY_BACKEND_MEMFD "memory-backend-memfd"
=20
+#define TYPE_MEMORY_BACKEND_GUEST_MEMFD "memory-backend-guest-memfd"
=20
 /**
  * HostMemoryBackendClass:
diff --git a/include/system/kvm.h b/include/system/kvm.h
index aeb0c7ca8f..b959a6d3df 100644
--- a/include/system/kvm.h
+++ b/include/system/kvm.h
@@ -562,6 +562,7 @@ void kvm_mark_guest_state_protected(void);
 bool kvm_hwpoisoned_mem(void);
=20
 int kvm_create_guest_memfd_private(uint64_t size, Error **errp);
+int kvm_create_guest_memfd_shared(uint64_t size, Error **errp);
=20
 int kvm_set_memory_attributes_private(hwaddr start, uint64_t size);
 int kvm_set_memory_attributes_shared(hwaddr start, uint64_t size);
diff --git a/qapi/qom.json b/qapi/qom.json
index dd45ac1087..502fafeb15 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -661,7 +661,8 @@
 # @share: if false, the memory is private to QEMU; if true, it is
 #     shared (default false for backends memory-backend-file and
 #     memory-backend-ram, true for backends memory-backend-epc,
-#     memory-backend-memfd, and memory-backend-shm)
+#     memory-backend-memfd, memory-backend-shm, and
+#     memory-backend-guest-memfd)
 #
 # @reserve: if true, reserve swap space (or huge pages) if applicable
 #     (default: true) (since 6.1)
@@ -780,6 +781,18 @@
             '*seal': 'bool' },
   'if': 'CONFIG_LINUX' }
=20
+##
+# @MemoryBackendGuestMemfdProperties:
+#
+# Properties for memory-backend-guest-memfd objects.
+#
+# Since: 11.1
+##
+{ 'struct': 'MemoryBackendGuestMemfdProperties',
+  'base': 'MemoryBackendProperties',
+  'data': {},
+  'if': 'CONFIG_LINUX' }
+
 ##
 # @MemoryBackendShmProperties:
 #
@@ -1234,6 +1247,8 @@
     'memory-backend-file',
     { 'name': 'memory-backend-memfd',
       'if': 'CONFIG_LINUX' },
+    { 'name': 'memory-backend-guest-memfd',
+      'if': 'CONFIG_LINUX' },
     'memory-backend-ram',
     { 'name': 'memory-backend-shm',
       'if': 'CONFIG_POSIX' },
@@ -1312,6 +1327,8 @@
       'memory-backend-file':        'MemoryBackendFileProperties',
       'memory-backend-memfd':       { 'type': 'MemoryBackendMemfdPropertie=
s',
                                       'if': 'CONFIG_LINUX' },
+      'memory-backend-guest-memfd': { 'type': 'MemoryBackendGuestMemfdProp=
erties',
+                                      'if': 'CONFIG_LINUX' },
       'memory-backend-ram':         'MemoryBackendProperties',
       'memory-backend-shm':         { 'type': 'MemoryBackendShmProperties',
                                       'if': 'CONFIG_POSIX' },
diff --git a/qemu-options.hx b/qemu-options.hx
index 96ae41f787..3c754c149f 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -5858,6 +5858,11 @@ SRST
         off will cause a failure during allocation because it is not suppo=
rted
         by this backend.
=20
+    ``-object memory-backend-guest-memfd,id=3Did,prealloc=3Don|off,size=3D=
size,host-nodes=3Dhost-nodes,policy=3Ddefault|preferred|bind|interleave``
+        Creates an anonymous memory file backend object that has similar
+        semantics to memfd, but is also usable as private memory when
+        running as a confidential VM. (Linux only)
+
     ``-object iommufd,id=3Did[,fd=3Dfd]``
         Creates an iommufd backend which allows control of DMA mapping
         through the ``/dev/iommu`` device.
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926882; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=asTRID23egi50FRxh25XBAc+J0ro14wo7f8dGGyV7/3Yxu5YRRnuCh99nxPIwClkWzQT2e33FX7NmgfyAqzhEew4guVuea9HxQUlrFjEp5AmMnoe3VQN9ICdPte5CUtrNViqynvTAKM7Nx01ODAmCvwKpI48FhVyw9+Fl/gE9iM=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926882;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=KReqHkkWRL9AWUz6xGPb9tSyK0s2uIkGAcALEz4xPk8=;
	b=WsC647wHjja9/LHeP42BJPhgDgduC1RwS1i+moey4lAMhDX5NyOvFWW2YrTZ0Pc7pvnfWJg36JFpsIM8RQWA1qRnNMnoDdpR0Z0AsuyCM+q/AAmY+pn8/0i8XPwuEmJw6OKlJbIjwXy62dRVk4oe0ZEsPNrBVTaPUV7uucAN3Y0=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926882466876.57238601181;
 Wed, 27 May 2026 17:08:02 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOI1-0005io-2b; Wed, 27 May 2026 20:07:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOHh-0005YJ-JW
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:07:43 -0400
Received: from
 mail-northcentralusazlp170120005.outbound.protection.outlook.com
 ([2a01:111:f403:c105::5] helo=CH5PR02CU005.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOHa-0004Zh-AB
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:07:35 -0400
Received: from PH5P222CA0002.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:34b::9)
 by DS7PR12MB9525.namprd12.prod.outlook.com (2603:10b6:8:251::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.12; Thu, 28 May
 2026 00:07:22 +0000
Received: from SN1PEPF000252A4.namprd05.prod.outlook.com
 (2603:10b6:510:34b:cafe::a9) by PH5P222CA0002.outlook.office365.com
 (2603:10b6:510:34b::9) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:07:21 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A4.mail.protection.outlook.com (10.167.242.11) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:07:21 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:07:20 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=e35ZT2ObyC+bMsIBbLAZXZpG7brVdJ+jDNPuzxQi1hu4w6U+6hIowOsQ7qwneigu60Xdk594xzvW26orhV8lcNno7VKITR7OBavBnXvWW1vrB9wWd+AIwtQYek4I7VWYIqlVTBxBGZFExwSaCDOOcwLxe5ybMzyrjHyNUgihX5671lRLpcC+nMX1qmtRLIWhB0SqVFcNflPhCzvNUmpGZoEgzDqhqJPKyzhLF/2VLrSBzqM6FGeb45s68jTQRRcqqJCggxvdxhO9MbgfdEDjAItWISsm+xjhINLnoO2uXRzJ5OF13AFfQBtyOPStyb42iVsKb9YLcG8O07WXyOXkfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=KReqHkkWRL9AWUz6xGPb9tSyK0s2uIkGAcALEz4xPk8=;
 b=kXVIBOV58rOaMDC0myvReLOKzGtP6U4yHQlstM9S5RjULPaFrmy90I4Z06QfQLBQSfPSQ4PAc+h1R/8Nh2oUoeAjnUY93Ol2swrJ2NUqzKjupZ4by/YxPWQZRuhjGahjvftHJ8bhpQoKKInaNs32Ins5M0d285fe3Uf+ktAY5IRmmKg0C4tfLT/UH5ODcJSll3I/sWbiv/BqpuDQZfzz2F6V5+ldaEt5lHMRWsZVlv++X1d6rZKwwbY/9c2A11PsjK9r5PJiSJTqofwa1jgTG6ypVtWx4ptYxd6JhUFUmMc7f5dXlx/OgPwZZrjjkO4iEzNBdLZgovL7pvPgRFMZng==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KReqHkkWRL9AWUz6xGPb9tSyK0s2uIkGAcALEz4xPk8=;
 b=MGaU8gq4ZwNfuFITprrfvTTm/QieTKyW6XlJes0urwe70uIaTOxIr7XwQKBc65ukOqvF7hUSFkiN5cA9C+Nr6F1S1Qd50KBOmH1sEhYRzRktGvo6be/rvLUfMUq0Bhc/PLJHey5x/SB1I45LIhOjyrCtg5d2ZBUR4J8MlCb3YA0=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 03/12] linux-headers: Update headers for v7 of in-place
 conversion kernel support
Date: Wed, 27 May 2026 19:03:28 -0500
Message-ID: <20260528000416.8161-4-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A4:EE_|DS7PR12MB9525:EE_
X-MS-Office365-Filtering-Correlation-Id: 0764a0ed-771c-4fff-29d5-08debc4d16c8
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|376014|7416014|82310400026|36860700016|1800799024|5023799004|56012099006|6133799003|11063799006|3023799007|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
 vGtjIvkU4J8DqnjSBgeV2V6xIgow/N8HzdYSCj/2loS3KnOxSWTMugQk7ZY5pr04/EQ8chTJq3P2r+v0LKtoSHpziPk9+2FXJgMWc1KSCR+45pBq6RS01/L1tHgzMCGLPvgs8ege5NLNHxqFg4PNIf9XCHilYFK2VuVVt8edFNNH0heKSyUcs3oq7dp9ih3YueiEva1z/VI3Tl5hYoW/Rlsse6DrMat8VPTeJH54cODMJViWj3X4YV7YZ6Y0Ou6Uv2ZjkoMcPr1nuFegPBG8Yqv6TYUjG5fEZD21M4WiP48gju4lUHBRNmiFnar/QSL0bQu0JrvjM+Tm1CrOFftZUKrnxpW7xkn2Ilwx6N+bF0KWgTQRr90YmX4oBK/J/0i2pxev2L+1GO8v85Dr7rVBLi7JW0dygIGe2CKBsyZZfUbEHqo2RLe5kSNZGXvu14jKc16j9kayecx/tE5IscIRB9+mTsRWxsXsGOzv8e5cPQJJFkc8G474AYkgUoQN5HKkrQNFLYUHeOj/g/kbWyuOhh0DrlNr0ZBH9You3aW47cUGzRD+nQ47HEiSESb6dQyXSlGhBYtiyaqTCJ0Z3P4VqNO9Io5rf4zmmbwrIIbAFbfTwndsog5teziaXAqJwlu1GjZilR6xoI7EBn+jCGTn2n+OBGXv4jWm7IB/A/eZsRaY2FbJM5H+PcuPrdKAkCYejkw8OmGQ+qv8OVtoBTUOTXH7b66WnPiKEHwW+UmbA28=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(376014)(7416014)(82310400026)(36860700016)(1800799024)(5023799004)(56012099006)(6133799003)(11063799006)(3023799007)(18002099003)(22082099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 okA15mKQBbXa04ns3O7++9WhbjPnZdi4LNoZdeYC2zibPo5O25bhVE9aiM4wzTe9Z+ohYnxC84Rytk1ubAWu4ziQoj6bhpQxpcLzbTzR/sVbAw39kVFjBAfKgBMCn7WhTYLhwoXqL2fSGUs4QdQL95xCZv0MbukMTxUbmiGbpGK2KRu2Wp0H4Xmy0p/g1SD7GoRnQErsSD+74HYoiGXiDvnLrWslMNxCNHrQ8uno+5fWUI+fuF51fIVN+/t2Xv0ogUjoOI5yxgs98JLGcgdnY+zeO8qG9e+GlL0he5ahkb3KfglE85TKY7R0t/FrxatsRI6TmBia5NV4IVVeFIgoiuAggZMMDfc0p7GNKikncCErLa0Od3ITnD927K+WyU58TvgZvA5lbL0jUJbdN7zVRqiTT9wJ1Q2HW2VwClDBzbcksihAX5PsKhAV+3EA0Ag9
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:07:21.3273 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0764a0ed-771c-4fff-29d5-08debc4d16c8
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A4.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB9525
Received-SPF: permerror client-ip=2a01:111:f403:c105::5;
 envelope-from=Michael.Roth@amd.com;
 helo=CH5PR02CU005.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926885087154100
Content-Type: text/plain; charset="utf-8"

This will also pull in kernel 7.1.0-rc2 definitions.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 include/standard-headers/drm/drm_fourcc.h     |  28 +-
 include/standard-headers/linux/const.h        |  18 +
 include/standard-headers/linux/ethtool.h      |  28 +-
 .../linux/input-event-codes.h                 |  13 +
 include/standard-headers/linux/pci_regs.h     |  71 ++-
 include/standard-headers/linux/typelimits.h   |   8 +
 include/standard-headers/linux/virtio_ring.h  |   5 +-
 include/standard-headers/linux/virtio_rtc.h   | 237 ++++++++++
 include/standard-headers/linux/vmclock-abi.h  |  20 +
 linux-headers/asm-arm64/kvm.h                 |   1 +
 linux-headers/asm-arm64/unistd_64.h           |   1 +
 linux-headers/asm-generic/unistd.h            |   5 +-
 linux-headers/asm-loongarch/kvm.h             |   5 +
 linux-headers/asm-loongarch/kvm_para.h        |   1 +
 linux-headers/asm-loongarch/unistd_64.h       |   2 +
 linux-headers/asm-mips/unistd_n32.h           |   1 +
 linux-headers/asm-mips/unistd_n64.h           |   1 +
 linux-headers/asm-mips/unistd_o32.h           |   1 +
 linux-headers/asm-powerpc/unistd_32.h         |   1 +
 linux-headers/asm-powerpc/unistd_64.h         |   1 +
 linux-headers/asm-riscv/kvm.h                 |  11 +-
 linux-headers/asm-riscv/ptrace.h              |  37 ++
 linux-headers/asm-riscv/unistd_32.h           |   1 +
 linux-headers/asm-riscv/unistd_64.h           |   1 +
 linux-headers/asm-s390/unistd_32.h            | 446 ------------------
 linux-headers/asm-s390/unistd_64.h            |   1 +
 linux-headers/asm-x86/kvm.h                   |  21 +-
 linux-headers/asm-x86/unistd_32.h             |   1 +
 linux-headers/asm-x86/unistd_64.h             |   1 +
 linux-headers/asm-x86/unistd_x32.h            |   1 +
 linux-headers/linux/const.h                   |  18 +
 linux-headers/linux/iommufd.h                 |  48 ++
 linux-headers/linux/kvm.h                     |  62 ++-
 linux-headers/linux/mshv.h                    |   4 +-
 linux-headers/linux/psp-sev.h                 |   2 +-
 linux-headers/linux/stddef.h                  |   4 +
 linux-headers/linux/vduse.h                   |  85 +++-
 linux-headers/linux/vfio.h                    |  30 +-
 38 files changed, 729 insertions(+), 493 deletions(-)
 create mode 100644 include/standard-headers/linux/typelimits.h
 create mode 100644 include/standard-headers/linux/virtio_rtc.h
 delete mode 100644 linux-headers/asm-s390/unistd_32.h

diff --git a/include/standard-headers/drm/drm_fourcc.h b/include/standard-h=
eaders/drm/drm_fourcc.h
index b39e197cc7..4bad457cc2 100644
--- a/include/standard-headers/drm/drm_fourcc.h
+++ b/include/standard-headers/drm/drm_fourcc.h
@@ -400,8 +400,8 @@ extern "C" {
  * implementation can multiply the values by 2^6=3D64. For that reason the=
 padding
  * must only contain zeros.
  * index 0 =3D Y plane, [15:0] z:Y [6:10] little endian
- * index 1 =3D Cr plane, [15:0] z:Cr [6:10] little endian
- * index 2 =3D Cb plane, [15:0] z:Cb [6:10] little endian
+ * index 1 =3D Cb plane, [15:0] z:Cb [6:10] little endian
+ * index 2 =3D Cr plane, [15:0] z:Cr [6:10] little endian
  */
 #define DRM_FORMAT_S010	fourcc_code('S', '0', '1', '0') /* 2x2 subsampled =
Cb (1) and Cr (2) planes 10 bits per channel */
 #define DRM_FORMAT_S210	fourcc_code('S', '2', '1', '0') /* 2x1 subsampled =
Cb (1) and Cr (2) planes 10 bits per channel */
@@ -413,8 +413,8 @@ extern "C" {
  * implementation can multiply the values by 2^4=3D16. For that reason the=
 padding
  * must only contain zeros.
  * index 0 =3D Y plane, [15:0] z:Y [4:12] little endian
- * index 1 =3D Cr plane, [15:0] z:Cr [4:12] little endian
- * index 2 =3D Cb plane, [15:0] z:Cb [4:12] little endian
+ * index 1 =3D Cb plane, [15:0] z:Cb [4:12] little endian
+ * index 2 =3D Cr plane, [15:0] z:Cr [4:12] little endian
  */
 #define DRM_FORMAT_S012	fourcc_code('S', '0', '1', '2') /* 2x2 subsampled =
Cb (1) and Cr (2) planes 12 bits per channel */
 #define DRM_FORMAT_S212	fourcc_code('S', '2', '1', '2') /* 2x1 subsampled =
Cb (1) and Cr (2) planes 12 bits per channel */
@@ -423,8 +423,8 @@ extern "C" {
 /*
  * 3 plane YCbCr
  * index 0 =3D Y plane, [15:0] Y little endian
- * index 1 =3D Cr plane, [15:0] Cr little endian
- * index 2 =3D Cb plane, [15:0] Cb little endian
+ * index 1 =3D Cb plane, [15:0] Cb little endian
+ * index 2 =3D Cr plane, [15:0] Cr little endian
  */
 #define DRM_FORMAT_S016	fourcc_code('S', '0', '1', '6') /* 2x2 subsampled =
Cb (1) and Cr (2) planes 16 bits per channel */
 #define DRM_FORMAT_S216	fourcc_code('S', '2', '1', '6') /* 2x1 subsampled =
Cb (1) and Cr (2) planes 16 bits per channel */
@@ -1421,6 +1421,22 @@ drm_fourcc_canonicalize_nvidia_format_mod(uint64_t m=
odifier)
 #define DRM_FORMAT_MOD_ARM_16X16_BLOCK_U_INTERLEAVED \
 	DRM_FORMAT_MOD_ARM_CODE(DRM_FORMAT_MOD_ARM_TYPE_MISC, 1ULL)
=20
+/*
+ * ARM 64k interleaved modifier
+ *
+ * This is used by ARM Mali v10+ GPUs. With this modifier, the plane is di=
vided
+ * into 64k byte 1:1 or 2:1 -sided tiles. The 64k tiles are laid out linea=
rly.
+ * Each 64k tile is divided into blocks of 16x16 texel blocks, which are
+ * themselves laid out linearly within a 64k tile. Then within each 16x16
+ * block, texel blocks are laid out according to U order, similar to
+ * 16X16_BLOCK_U_INTERLEAVED.
+ *
+ * Note that unlike 16X16_BLOCK_U_INTERLEAVED, the layout does not change
+ * depending on whether a format is compressed or not.
+ */
+#define DRM_FORMAT_MOD_ARM_INTERLEAVED_64K \
+	DRM_FORMAT_MOD_ARM_CODE(DRM_FORMAT_MOD_ARM_TYPE_MISC, 2ULL)
+
 /*
  * Allwinner tiled modifier
  *
diff --git a/include/standard-headers/linux/const.h b/include/standard-head=
ers/linux/const.h
index 95ede23342..c6a9d0c983 100644
--- a/include/standard-headers/linux/const.h
+++ b/include/standard-headers/linux/const.h
@@ -50,4 +50,22 @@
=20
 #define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
=20
+/*
+ * Divide positive or negative dividend by positive or negative divisor
+ * and round to closest integer. Result is undefined for negative
+ * divisors if the dividend variable type is unsigned and for negative
+ * dividends if the divisor variable type is unsigned.
+ */
+#define __KERNEL_DIV_ROUND_CLOSEST(x, divisor)		\
+({							\
+	__typeof__(x) __x =3D x;				\
+	__typeof__(divisor) __d =3D divisor;		\
+							\
+	(((__typeof__(x))-1) > 0 ||			\
+	 ((__typeof__(divisor))-1) > 0 ||		\
+	 (((__x) > 0) =3D=3D ((__d) > 0))) ?		\
+		(((__x) + ((__d) / 2)) / (__d)) :	\
+		(((__x) - ((__d) / 2)) / (__d));	\
+})
+
 #endif /* _LINUX_CONST_H */
diff --git a/include/standard-headers/linux/ethtool.h b/include/standard-he=
aders/linux/ethtool.h
index d0f7a63f10..5d82126cd7 100644
--- a/include/standard-headers/linux/ethtool.h
+++ b/include/standard-headers/linux/ethtool.h
@@ -17,11 +17,10 @@
 #include "net/eth.h"
=20
 #include "standard-headers/linux/const.h"
+#include "standard-headers/linux/typelimits.h"
 #include "standard-headers/linux/types.h"
 #include "standard-headers/linux/if_ether.h"
=20
-#include <limits.h> /* for INT_MAX */
-
 /* All structures exposed to userland should be defined such that they
  * have the same layout for 32-bit and 64-bit userland.
  */
@@ -228,7 +227,7 @@ enum tunable_id {
 	ETHTOOL_ID_UNSPEC,
 	ETHTOOL_RX_COPYBREAK,
 	ETHTOOL_TX_COPYBREAK,
-	ETHTOOL_PFC_PREVENTION_TOUT, /* timeout in msecs */
+	ETHTOOL_PFC_PREVENTION_TOUT, /* both pause and pfc, see man ethtool */
 	ETHTOOL_TX_COPYBREAK_BUF_SIZE,
 	/*
 	 * Add your fresh new tunable attribute above and remember to update
@@ -603,6 +602,8 @@ enum ethtool_link_ext_state {
 	ETHTOOL_LINK_EXT_STATE_POWER_BUDGET_EXCEEDED,
 	ETHTOOL_LINK_EXT_STATE_OVERHEAT,
 	ETHTOOL_LINK_EXT_STATE_MODULE,
+	ETHTOOL_LINK_EXT_STATE_OTP_SPEED_VIOLATION,
+	ETHTOOL_LINK_EXT_STATE_BMC_REQUEST_DOWN,
 };
=20
 /* More information in addition to ETHTOOL_LINK_EXT_STATE_AUTONEG. */
@@ -1094,13 +1095,20 @@ enum ethtool_module_fw_flash_status {
  * struct ethtool_gstrings - string set for data tagging
  * @cmd: Command number =3D %ETHTOOL_GSTRINGS
  * @string_set: String set ID; one of &enum ethtool_stringset
- * @len: On return, the number of strings in the string set
+ * @len: Number of strings in the string set
  * @data: Buffer for strings.  Each string is null-padded to a size of
  *	%ETH_GSTRING_LEN.
  *
  * Users must use %ETHTOOL_GSSET_INFO to find the number of strings in
  * the string set.  They must allocate a buffer of the appropriate
  * size immediately following this structure.
+ *
+ * Setting @len on input is optional (though preferred), but must be zeroed
+ * otherwise.
+ * When set, @len will return the requested count if it matches the actual
+ * count; otherwise, it will be zero.
+ * This prevents issues when the number of strings is different than the
+ * userspace allocation.
  */
 struct ethtool_gstrings {
 	uint32_t	cmd;
@@ -1177,13 +1185,20 @@ struct ethtool_test {
 /**
  * struct ethtool_stats - device-specific statistics
  * @cmd: Command number =3D %ETHTOOL_GSTATS
- * @n_stats: On return, the number of statistics
+ * @n_stats: Number of statistics
  * @data: Array of statistics
  *
  * Users must use %ETHTOOL_GSSET_INFO or %ETHTOOL_GDRVINFO to find the
  * number of statistics that will be returned.  They must allocate a
  * buffer of the appropriate size (8 * number of statistics)
  * immediately following this structure.
+ *
+ * Setting @n_stats on input is optional (though preferred), but must be z=
eroed
+ * otherwise.
+ * When set, @n_stats will return the requested count if it matches the ac=
tual
+ * count; otherwise, it will be zero.
+ * This prevents issues when the number of stats is different than the
+ * userspace allocation.
  */
 struct ethtool_stats {
 	uint32_t	cmd;
@@ -2190,6 +2205,7 @@ enum ethtool_link_mode_bit_indices {
 #define SPEED_40000		40000
 #define SPEED_50000		50000
 #define SPEED_56000		56000
+#define SPEED_80000		80000
 #define SPEED_100000		100000
 #define SPEED_200000		200000
 #define SPEED_400000		400000
@@ -2200,7 +2216,7 @@ enum ethtool_link_mode_bit_indices {
=20
 static inline int ethtool_validate_speed(uint32_t speed)
 {
-	return speed <=3D INT_MAX || speed =3D=3D (uint32_t)SPEED_UNKNOWN;
+	return speed <=3D __KERNEL_INT_MAX || speed =3D=3D (uint32_t)SPEED_UNKNOW=
N;
 }
=20
 /* Duplex, half or full. */
diff --git a/include/standard-headers/linux/input-event-codes.h b/include/s=
tandard-headers/linux/input-event-codes.h
index ede79c6ae4..dd7c986106 100644
--- a/include/standard-headers/linux/input-event-codes.h
+++ b/include/standard-headers/linux/input-event-codes.h
@@ -643,6 +643,10 @@
 #define KEY_EPRIVACY_SCREEN_ON		0x252
 #define KEY_EPRIVACY_SCREEN_OFF		0x253
=20
+#define KEY_ACTION_ON_SELECTION		0x254	/* AL Action on Selection (HUTRR119=
) */
+#define KEY_CONTEXTUAL_INSERT		0x255	/* AL Contextual Insertion (HUTRR119)=
 */
+#define KEY_CONTEXTUAL_QUERY		0x256	/* AL Contextual Query (HUTRR119) */
+
 #define KEY_KBDINPUTASSIST_PREV		0x260
 #define KEY_KBDINPUTASSIST_NEXT		0x261
 #define KEY_KBDINPUTASSIST_PREVGROUP		0x262
@@ -891,6 +895,7 @@
=20
 #define ABS_VOLUME		0x20
 #define ABS_PROFILE		0x21
+#define ABS_SND_PROFILE		0x22
=20
 #define ABS_MISC		0x28
=20
@@ -1000,4 +1005,12 @@
 #define SND_MAX			0x07
 #define SND_CNT			(SND_MAX+1)
=20
+/*
+ * ABS_SND_PROFILE values
+ */
+
+#define SND_PROFILE_SILENT	0x00
+#define SND_PROFILE_VIBRATE	0x01
+#define SND_PROFILE_RING	0x02
+
 #endif
diff --git a/include/standard-headers/linux/pci_regs.h b/include/standard-h=
eaders/linux/pci_regs.h
index 3add74ae25..14f634ab93 100644
--- a/include/standard-headers/linux/pci_regs.h
+++ b/include/standard-headers/linux/pci_regs.h
@@ -132,6 +132,11 @@
 #define PCI_SECONDARY_BUS	0x19	/* Secondary bus number */
 #define PCI_SUBORDINATE_BUS	0x1a	/* Highest bus number behind the bridge */
 #define PCI_SEC_LATENCY_TIMER	0x1b	/* Latency timer for secondary interfac=
e */
+/* Masks for dword-sized processing of Bus Number and Sec Latency Timer fi=
elds */
+#define  PCI_PRIMARY_BUS_MASK		0x000000ff
+#define  PCI_SECONDARY_BUS_MASK		0x0000ff00
+#define  PCI_SUBORDINATE_BUS_MASK	0x00ff0000
+#define  PCI_SEC_LATENCY_TIMER_MASK	0xff000000
 #define PCI_IO_BASE		0x1c	/* I/O range behind the bridge */
 #define PCI_IO_LIMIT		0x1d
 #define  PCI_IO_RANGE_TYPE_MASK	0x0fUL	/* I/O bridging type */
@@ -707,7 +712,7 @@
 #define  PCI_EXP_LNKCTL2_HASD		0x0020 /* HW Autonomous Speed Disable */
 #define PCI_EXP_LNKSTA2		0x32	/* Link Status 2 */
 #define  PCI_EXP_LNKSTA2_FLIT		0x0400 /* Flit Mode Status */
-#define PCI_CAP_EXP_ENDPOINT_SIZEOF_V2	0x32	/* end of v2 EPs w/ link */
+#define PCI_CAP_EXP_ENDPOINT_SIZEOF_V2	0x34	/* end of v2 EPs w/ link */
 #define PCI_EXP_SLTCAP2		0x34	/* Slot Capabilities 2 */
 #define  PCI_EXP_SLTCAP2_IBPD	0x00000001 /* In-band PD Disable Supported */
 #define PCI_EXP_SLTCTL2		0x38	/* Slot Control 2 */
@@ -1253,11 +1258,6 @@
 #define PCI_DEV3_STA		0x0c	/* Device 3 Status Register */
 #define  PCI_DEV3_STA_SEGMENT	0x8	/* Segment Captured (end-to-end flit-mod=
e detected) */
=20
-/* Compute Express Link (CXL r3.1, sec 8.1.5) */
-#define PCI_DVSEC_CXL_PORT				3
-#define PCI_DVSEC_CXL_PORT_CTL				0x0c
-#define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR		0x00000001
-
 /* Integrity and Data Encryption Extended Capability */
 #define PCI_IDE_CAP			0x04
 #define  PCI_IDE_CAP_LINK		0x1  /* Link IDE Stream Supported */
@@ -1338,4 +1338,63 @@
 #define  PCI_IDE_SEL_ADDR_3(x)		(28 + (x) * PCI_IDE_SEL_ADDR_BLOCK_SIZE)
 #define PCI_IDE_SEL_BLOCK_SIZE(nr_assoc)  (20 + PCI_IDE_SEL_ADDR_BLOCK_SIZ=
E * (nr_assoc))
=20
+/*
+ * Compute Express Link (CXL r4.0, sec 8.1)
+ *
+ * Note that CXL DVSEC id 3 and 7 to be ignored when the CXL link state
+ * is "disconnected" (CXL r4.0, sec 9.12.3). Re-enumerate these
+ * registers on downstream link-up events.
+ */
+
+/* CXL r4.0, 8.1.3: PCIe DVSEC for CXL Device */
+#define PCI_DVSEC_CXL_DEVICE				0
+#define  PCI_DVSEC_CXL_CAP				0xA
+#define   PCI_DVSEC_CXL_MEM_CAPABLE			_BITUL(2)
+#define   PCI_DVSEC_CXL_HDM_COUNT			__GENMASK(5, 4)
+#define  PCI_DVSEC_CXL_CTRL				0xC
+#define   PCI_DVSEC_CXL_MEM_ENABLE			_BITUL(2)
+#define  PCI_DVSEC_CXL_RANGE_SIZE_HIGH(i)		(0x18 + (i * 0x10))
+#define  PCI_DVSEC_CXL_RANGE_SIZE_LOW(i)		(0x1C + (i * 0x10))
+#define   PCI_DVSEC_CXL_MEM_INFO_VALID			_BITUL(0)
+#define   PCI_DVSEC_CXL_MEM_ACTIVE			_BITUL(1)
+#define   PCI_DVSEC_CXL_MEM_SIZE_LOW			__GENMASK(31, 28)
+#define  PCI_DVSEC_CXL_RANGE_BASE_HIGH(i)		(0x20 + (i * 0x10))
+#define  PCI_DVSEC_CXL_RANGE_BASE_LOW(i)		(0x24 + (i * 0x10))
+#define   PCI_DVSEC_CXL_MEM_BASE_LOW			__GENMASK(31, 28)
+
+#define CXL_DVSEC_RANGE_MAX				2
+
+/* CXL r4.0, 8.1.4: Non-CXL Function Map DVSEC */
+#define PCI_DVSEC_CXL_FUNCTION_MAP			2
+
+/* CXL r4.0, 8.1.5: Extensions DVSEC for Ports */
+#define PCI_DVSEC_CXL_PORT				3
+#define  PCI_DVSEC_CXL_PORT_CTL				0x0c
+#define   PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR		0x00000001
+
+/* CXL r4.0, 8.1.6: GPF DVSEC for CXL Port */
+#define PCI_DVSEC_CXL_PORT_GPF				4
+#define  PCI_DVSEC_CXL_PORT_GPF_PHASE_1_CONTROL		0x0C
+#define   PCI_DVSEC_CXL_PORT_GPF_PHASE_1_TMO_BASE	__GENMASK(3, 0)
+#define   PCI_DVSEC_CXL_PORT_GPF_PHASE_1_TMO_SCALE	__GENMASK(11, 8)
+#define  PCI_DVSEC_CXL_PORT_GPF_PHASE_2_CONTROL		0xE
+#define   PCI_DVSEC_CXL_PORT_GPF_PHASE_2_TMO_BASE	__GENMASK(3, 0)
+#define   PCI_DVSEC_CXL_PORT_GPF_PHASE_2_TMO_SCALE	__GENMASK(11, 8)
+
+/* CXL r4.0, 8.1.7: GPF DVSEC for CXL Device */
+#define PCI_DVSEC_CXL_DEVICE_GPF			5
+
+/* CXL r4.0, 8.1.8: Flex Bus DVSEC */
+#define PCI_DVSEC_CXL_FLEXBUS_PORT			7
+#define  PCI_DVSEC_CXL_FLEXBUS_PORT_STATUS		0xE
+#define   PCI_DVSEC_CXL_FLEXBUS_PORT_STATUS_CACHE	_BITUL(0)
+#define   PCI_DVSEC_CXL_FLEXBUS_PORT_STATUS_MEM		_BITUL(2)
+
+/* CXL r4.0, 8.1.9: Register Locator DVSEC */
+#define PCI_DVSEC_CXL_REG_LOCATOR			8
+#define  PCI_DVSEC_CXL_REG_LOCATOR_BLOCK1		0xC
+#define   PCI_DVSEC_CXL_REG_LOCATOR_BIR			__GENMASK(2, 0)
+#define   PCI_DVSEC_CXL_REG_LOCATOR_BLOCK_ID		__GENMASK(15, 8)
+#define   PCI_DVSEC_CXL_REG_LOCATOR_BLOCK_OFF_LOW	__GENMASK(31, 16)
+
 #endif /* LINUX_PCI_REGS_H */
diff --git a/include/standard-headers/linux/typelimits.h b/include/standard=
-headers/linux/typelimits.h
new file mode 100644
index 0000000000..1304520082
--- /dev/null
+++ b/include/standard-headers/linux/typelimits.h
@@ -0,0 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_TYPELIMITS_H
+#define _LINUX_TYPELIMITS_H
+
+#define __KERNEL_INT_MAX ((int)(~0U >> 1))
+#define __KERNEL_INT_MIN (-__KERNEL_INT_MAX - 1)
+
+#endif /* _LINUX_TYPELIMITS_H */
diff --git a/include/standard-headers/linux/virtio_ring.h b/include/standar=
d-headers/linux/virtio_ring.h
index 22f6eb8ca7..a0f73a1c7b 100644
--- a/include/standard-headers/linux/virtio_ring.h
+++ b/include/standard-headers/linux/virtio_ring.h
@@ -1,5 +1,7 @@
 #ifndef _LINUX_VIRTIO_RING_H
 #define _LINUX_VIRTIO_RING_H
+
+#define VIRTIO_RING_NO_LEGACY
 /* An interface for efficient virtio implementation, currently for use by =
KVM,
  * but hopefully others soon.  Do NOT change this since it will
  * break existing servers and clients.
@@ -31,7 +33,6 @@
  * SUCH DAMAGE.
  *
  * Copyright Rusty Russell IBM Corporation 2007. */
-#include <stdint.h>
 #include "standard-headers/linux/types.h"
 #include "standard-headers/linux/virtio_types.h"
=20
@@ -200,7 +201,7 @@ static inline void vring_init(struct vring *vr, unsigne=
d int num, void *p,
 	vr->num =3D num;
 	vr->desc =3D p;
 	vr->avail =3D (struct vring_avail *)((char *)p + num * sizeof(struct vrin=
g_desc));
-	vr->used =3D (void *)(((uintptr_t)&vr->avail->ring[num] + sizeof(__virtio=
16)
+	vr->used =3D (void *)(((unsigned long)&vr->avail->ring[num] + sizeof(__vi=
rtio16)
 		+ align-1) & ~(align - 1));
 }
=20
diff --git a/include/standard-headers/linux/virtio_rtc.h b/include/standard=
-headers/linux/virtio_rtc.h
new file mode 100644
index 0000000000..7e2c21ebff
--- /dev/null
+++ b/include/standard-headers/linux/virtio_rtc.h
@@ -0,0 +1,237 @@
+/* SPDX-License-Identifier: ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-C=
lause) */
+/*
+ * Copyright (C) 2022-2024 OpenSynergy GmbH
+ * Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved.
+ */
+
+#ifndef _LINUX_VIRTIO_RTC_H
+#define _LINUX_VIRTIO_RTC_H
+
+#include "standard-headers/linux/types.h"
+
+/* alarm feature */
+#define VIRTIO_RTC_F_ALARM	0
+
+/* read request message types */
+
+#define VIRTIO_RTC_REQ_READ			0x0001
+#define VIRTIO_RTC_REQ_READ_CROSS		0x0002
+
+/* control request message types */
+
+#define VIRTIO_RTC_REQ_CFG			0x1000
+#define VIRTIO_RTC_REQ_CLOCK_CAP		0x1001
+#define VIRTIO_RTC_REQ_CROSS_CAP		0x1002
+#define VIRTIO_RTC_REQ_READ_ALARM		0x1003
+#define VIRTIO_RTC_REQ_SET_ALARM		0x1004
+#define VIRTIO_RTC_REQ_SET_ALARM_ENABLED	0x1005
+
+/* alarmq message types */
+
+#define VIRTIO_RTC_NOTIF_ALARM			0x2000
+
+/* Message headers */
+
+/** common request header */
+struct virtio_rtc_req_head {
+	uint16_t msg_type;
+	uint8_t reserved[6];
+};
+
+/** common response header */
+struct virtio_rtc_resp_head {
+#define VIRTIO_RTC_S_OK			0
+#define VIRTIO_RTC_S_EOPNOTSUPP		2
+#define VIRTIO_RTC_S_ENODEV		3
+#define VIRTIO_RTC_S_EINVAL		4
+#define VIRTIO_RTC_S_EIO		5
+	uint8_t status;
+	uint8_t reserved[7];
+};
+
+/** common notification header */
+struct virtio_rtc_notif_head {
+	uint16_t msg_type;
+	uint8_t reserved[6];
+};
+
+/* read requests */
+
+/* VIRTIO_RTC_REQ_READ message */
+
+struct virtio_rtc_req_read {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+	uint8_t reserved[6];
+};
+
+struct virtio_rtc_resp_read {
+	struct virtio_rtc_resp_head head;
+	uint64_t clock_reading;
+};
+
+/* VIRTIO_RTC_REQ_READ_CROSS message */
+
+struct virtio_rtc_req_read_cross {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+/* Arm Generic Timer Counter-timer Virtual Count Register (CNTVCT_EL0) */
+#define VIRTIO_RTC_COUNTER_ARM_VCT	0
+/* x86 Time-Stamp Counter */
+#define VIRTIO_RTC_COUNTER_X86_TSC	1
+/* Invalid */
+#define VIRTIO_RTC_COUNTER_INVALID	0xFF
+	uint8_t hw_counter;
+	uint8_t reserved[5];
+};
+
+struct virtio_rtc_resp_read_cross {
+	struct virtio_rtc_resp_head head;
+	uint64_t clock_reading;
+	uint64_t counter_cycles;
+};
+
+/* control requests */
+
+/* VIRTIO_RTC_REQ_CFG message */
+
+struct virtio_rtc_req_cfg {
+	struct virtio_rtc_req_head head;
+	/* no request params */
+};
+
+struct virtio_rtc_resp_cfg {
+	struct virtio_rtc_resp_head head;
+	/** # of clocks -> clock ids < num_clocks are valid */
+	uint16_t num_clocks;
+	uint8_t reserved[6];
+};
+
+/* VIRTIO_RTC_REQ_CLOCK_CAP message */
+
+struct virtio_rtc_req_clock_cap {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+	uint8_t reserved[6];
+};
+
+struct virtio_rtc_resp_clock_cap {
+	struct virtio_rtc_resp_head head;
+#define VIRTIO_RTC_CLOCK_UTC			0
+#define VIRTIO_RTC_CLOCK_TAI			1
+#define VIRTIO_RTC_CLOCK_MONOTONIC		2
+#define VIRTIO_RTC_CLOCK_UTC_SMEARED		3
+#define VIRTIO_RTC_CLOCK_UTC_MAYBE_SMEARED	4
+	uint8_t type;
+#define VIRTIO_RTC_SMEAR_UNSPECIFIED	0
+#define VIRTIO_RTC_SMEAR_NOON_LINEAR	1
+#define VIRTIO_RTC_SMEAR_UTC_SLS	2
+	uint8_t leap_second_smearing;
+#define VIRTIO_RTC_FLAG_ALARM_CAP		(1 << 0)
+	uint8_t flags;
+	uint8_t reserved[5];
+};
+
+/* VIRTIO_RTC_REQ_CROSS_CAP message */
+
+struct virtio_rtc_req_cross_cap {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+	uint8_t hw_counter;
+	uint8_t reserved[5];
+};
+
+struct virtio_rtc_resp_cross_cap {
+	struct virtio_rtc_resp_head head;
+#define VIRTIO_RTC_FLAG_CROSS_CAP	(1 << 0)
+	uint8_t flags;
+	uint8_t reserved[7];
+};
+
+/* VIRTIO_RTC_REQ_READ_ALARM message */
+
+struct virtio_rtc_req_read_alarm {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+	uint8_t reserved[6];
+};
+
+struct virtio_rtc_resp_read_alarm {
+	struct virtio_rtc_resp_head head;
+	uint64_t alarm_time;
+#define VIRTIO_RTC_FLAG_ALARM_ENABLED	(1 << 0)
+	uint8_t flags;
+	uint8_t reserved[7];
+};
+
+/* VIRTIO_RTC_REQ_SET_ALARM message */
+
+struct virtio_rtc_req_set_alarm {
+	struct virtio_rtc_req_head head;
+	uint64_t alarm_time;
+	uint16_t clock_id;
+	/* flag VIRTIO_RTC_FLAG_ALARM_ENABLED */
+	uint8_t flags;
+	uint8_t reserved[5];
+};
+
+struct virtio_rtc_resp_set_alarm {
+	struct virtio_rtc_resp_head head;
+	/* no response params */
+};
+
+/* VIRTIO_RTC_REQ_SET_ALARM_ENABLED message */
+
+struct virtio_rtc_req_set_alarm_enabled {
+	struct virtio_rtc_req_head head;
+	uint16_t clock_id;
+	/* flag VIRTIO_RTC_ALARM_ENABLED */
+	uint8_t flags;
+	uint8_t reserved[5];
+};
+
+struct virtio_rtc_resp_set_alarm_enabled {
+	struct virtio_rtc_resp_head head;
+	/* no response params */
+};
+
+/** Union of request types for requestq */
+union virtio_rtc_req_requestq {
+	struct virtio_rtc_req_read read;
+	struct virtio_rtc_req_read_cross read_cross;
+	struct virtio_rtc_req_cfg cfg;
+	struct virtio_rtc_req_clock_cap clock_cap;
+	struct virtio_rtc_req_cross_cap cross_cap;
+	struct virtio_rtc_req_read_alarm read_alarm;
+	struct virtio_rtc_req_set_alarm set_alarm;
+	struct virtio_rtc_req_set_alarm_enabled set_alarm_enabled;
+};
+
+/** Union of response types for requestq */
+union virtio_rtc_resp_requestq {
+	struct virtio_rtc_resp_read read;
+	struct virtio_rtc_resp_read_cross read_cross;
+	struct virtio_rtc_resp_cfg cfg;
+	struct virtio_rtc_resp_clock_cap clock_cap;
+	struct virtio_rtc_resp_cross_cap cross_cap;
+	struct virtio_rtc_resp_read_alarm read_alarm;
+	struct virtio_rtc_resp_set_alarm set_alarm;
+	struct virtio_rtc_resp_set_alarm_enabled set_alarm_enabled;
+};
+
+/* alarmq notifications */
+
+/* VIRTIO_RTC_NOTIF_ALARM notification */
+
+struct virtio_rtc_notif_alarm {
+	struct virtio_rtc_notif_head head;
+	uint16_t clock_id;
+	uint8_t reserved[6];
+};
+
+/** Union of notification types for alarmq */
+union virtio_rtc_notif_alarmq {
+	struct virtio_rtc_notif_alarm alarm;
+};
+
+#endif /* _LINUX_VIRTIO_RTC_H */
diff --git a/include/standard-headers/linux/vmclock-abi.h b/include/standar=
d-headers/linux/vmclock-abi.h
index 15b0316cb4..fe824badc0 100644
--- a/include/standard-headers/linux/vmclock-abi.h
+++ b/include/standard-headers/linux/vmclock-abi.h
@@ -115,6 +115,17 @@ struct vmclock_abi {
 	 * bit again after the update, using the about-to-be-valid fields.
 	 */
 #define VMCLOCK_FLAG_TIME_MONOTONIC		(1 << 7)
+	/*
+	 * If the VM_GEN_COUNTER_PRESENT flag is set, the hypervisor will
+	 * bump the vm_generation_counter field every time the guest is
+	 * loaded from some save state (restored from a snapshot).
+	 */
+#define VMCLOCK_FLAG_VM_GEN_COUNTER_PRESENT     (1 << 8)
+	/*
+	 * If the NOTIFICATION_PRESENT flag is set, the hypervisor will send
+	 * a notification every time it updates seq_count to a new even number.
+	 */
+#define VMCLOCK_FLAG_NOTIFICATION_PRESENT       (1 << 9)
=20
 	uint8_t pad[2];
 	uint8_t clock_status;
@@ -177,6 +188,15 @@ struct vmclock_abi {
 	uint64_t time_frac_sec;		/* Units of 1/2^64 of a second */
 	uint64_t time_esterror_nanosec;
 	uint64_t time_maxerror_nanosec;
+
+	/*
+	 * This field changes to another non-repeating value when the guest
+	 * has been loaded from a snapshot. In addition to handling a
+	 * disruption in time (which will also be signalled through the
+	 * disruption_marker field), a guest may wish to discard UUIDs,
+	 * reset network connections, reseed entropy, etc.
+	 */
+	uint64_t vm_generation_counter;
 };
=20
 #endif /*  __VMCLOCK_ABI_H__ */
diff --git a/linux-headers/asm-arm64/kvm.h b/linux-headers/asm-arm64/kvm.h
index 46ffbddab5..6aefe79738 100644
--- a/linux-headers/asm-arm64/kvm.h
+++ b/linux-headers/asm-arm64/kvm.h
@@ -416,6 +416,7 @@ enum {
 #define   KVM_DEV_ARM_ITS_RESTORE_TABLES        2
 #define   KVM_DEV_ARM_VGIC_SAVE_PENDING_TABLES	3
 #define   KVM_DEV_ARM_ITS_CTRL_RESET		4
+#define   KVM_DEV_ARM_VGIC_USERSPACE_PPIS	5
=20
 /* Device Control API on vcpu fd */
 #define KVM_ARM_VCPU_PMU_V3_CTRL	0
diff --git a/linux-headers/asm-arm64/unistd_64.h b/linux-headers/asm-arm64/=
unistd_64.h
index 1ef9c40813..70b3754a42 100644
--- a/linux-headers/asm-arm64/unistd_64.h
+++ b/linux-headers/asm-arm64/unistd_64.h
@@ -327,6 +327,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-generic/unistd.h b/linux-headers/asm-generic=
/unistd.h
index 942370b3f5..a627acc8fb 100644
--- a/linux-headers/asm-generic/unistd.h
+++ b/linux-headers/asm-generic/unistd.h
@@ -860,8 +860,11 @@ __SYSCALL(__NR_file_setattr, sys_file_setattr)
 #define __NR_listns 470
 __SYSCALL(__NR_listns, sys_listns)
=20
+#define __NR_rseq_slice_yield 471
+__SYSCALL(__NR_rseq_slice_yield, sys_rseq_slice_yield)
+
 #undef __NR_syscalls
-#define __NR_syscalls 471
+#define __NR_syscalls 472
=20
 /*
  * 32 bit systems traditionally used different
diff --git a/linux-headers/asm-loongarch/kvm.h b/linux-headers/asm-loongarc=
h/kvm.h
index de6c3f18e4..cd0b5c11ca 100644
--- a/linux-headers/asm-loongarch/kvm.h
+++ b/linux-headers/asm-loongarch/kvm.h
@@ -105,6 +105,7 @@ struct kvm_fpu {
 #define  KVM_LOONGARCH_VM_FEAT_PV_STEALTIME	7
 #define  KVM_LOONGARCH_VM_FEAT_PTW		8
 #define  KVM_LOONGARCH_VM_FEAT_MSGINT		9
+#define  KVM_LOONGARCH_VM_FEAT_PV_PREEMPT	10
=20
 /* Device Control API on vcpu fd */
 #define KVM_LOONGARCH_VCPU_CPUCFG	0
@@ -154,4 +155,8 @@ struct kvm_iocsr_entry {
 #define KVM_DEV_LOONGARCH_PCH_PIC_GRP_CTRL	        0x40000006
 #define KVM_DEV_LOONGARCH_PCH_PIC_CTRL_INIT	        0
=20
+#define KVM_DEV_LOONGARCH_DMSINTC_GRP_CTRL		0x40000007
+#define KVM_DEV_LOONGARCH_DMSINTC_MSG_ADDR_BASE		0x0
+#define KVM_DEV_LOONGARCH_DMSINTC_MSG_ADDR_SIZE		0x1
+
 #endif /* __UAPI_ASM_LOONGARCH_KVM_H */
diff --git a/linux-headers/asm-loongarch/kvm_para.h b/linux-headers/asm-loo=
ngarch/kvm_para.h
index fd7f40713d..3fd87a096b 100644
--- a/linux-headers/asm-loongarch/kvm_para.h
+++ b/linux-headers/asm-loongarch/kvm_para.h
@@ -15,6 +15,7 @@
 #define CPUCFG_KVM_FEATURE		(CPUCFG_KVM_BASE + 4)
 #define  KVM_FEATURE_IPI		1
 #define  KVM_FEATURE_STEAL_TIME		2
+#define  KVM_FEATURE_PREEMPT		3
 /* BIT 24 - 31 are features configurable by user space vmm */
 #define  KVM_FEATURE_VIRT_EXTIOI	24
 #define  KVM_FEATURE_USER_HCALL		25
diff --git a/linux-headers/asm-loongarch/unistd_64.h b/linux-headers/asm-lo=
ongarch/unistd_64.h
index aa5daac4ef..3a29d86e1d 100644
--- a/linux-headers/asm-loongarch/unistd_64.h
+++ b/linux-headers/asm-loongarch/unistd_64.h
@@ -300,6 +300,7 @@
 #define __NR_landlock_create_ruleset 444
 #define __NR_landlock_add_rule 445
 #define __NR_landlock_restrict_self 446
+#define __NR_memfd_secret 447
 #define __NR_process_mrelease 448
 #define __NR_futex_waitv 449
 #define __NR_set_mempolicy_home_node 450
@@ -323,6 +324,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-mips/unistd_n32.h b/linux-headers/asm-mips/u=
nistd_n32.h
index a33d106dca..5fa1ee0cb4 100644
--- a/linux-headers/asm-mips/unistd_n32.h
+++ b/linux-headers/asm-mips/unistd_n32.h
@@ -399,5 +399,6 @@
 #define __NR_file_getattr (__NR_Linux + 468)
 #define __NR_file_setattr (__NR_Linux + 469)
 #define __NR_listns (__NR_Linux + 470)
+#define __NR_rseq_slice_yield (__NR_Linux + 471)
=20
 #endif /* _ASM_UNISTD_N32_H */
diff --git a/linux-headers/asm-mips/unistd_n64.h b/linux-headers/asm-mips/u=
nistd_n64.h
index 1bc251e450..e1f873d83a 100644
--- a/linux-headers/asm-mips/unistd_n64.h
+++ b/linux-headers/asm-mips/unistd_n64.h
@@ -375,5 +375,6 @@
 #define __NR_file_getattr (__NR_Linux + 468)
 #define __NR_file_setattr (__NR_Linux + 469)
 #define __NR_listns (__NR_Linux + 470)
+#define __NR_rseq_slice_yield (__NR_Linux + 471)
=20
 #endif /* _ASM_UNISTD_N64_H */
diff --git a/linux-headers/asm-mips/unistd_o32.h b/linux-headers/asm-mips/u=
nistd_o32.h
index c57175d496..8207e9ca4f 100644
--- a/linux-headers/asm-mips/unistd_o32.h
+++ b/linux-headers/asm-mips/unistd_o32.h
@@ -445,5 +445,6 @@
 #define __NR_file_getattr (__NR_Linux + 468)
 #define __NR_file_setattr (__NR_Linux + 469)
 #define __NR_listns (__NR_Linux + 470)
+#define __NR_rseq_slice_yield (__NR_Linux + 471)
=20
 #endif /* _ASM_UNISTD_O32_H */
diff --git a/linux-headers/asm-powerpc/unistd_32.h b/linux-headers/asm-powe=
rpc/unistd_32.h
index a3f4aa2fe2..1f63360120 100644
--- a/linux-headers/asm-powerpc/unistd_32.h
+++ b/linux-headers/asm-powerpc/unistd_32.h
@@ -452,6 +452,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_32_H */
diff --git a/linux-headers/asm-powerpc/unistd_64.h b/linux-headers/asm-powe=
rpc/unistd_64.h
index d4444557f1..87439c53c1 100644
--- a/linux-headers/asm-powerpc/unistd_64.h
+++ b/linux-headers/asm-powerpc/unistd_64.h
@@ -424,6 +424,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-riscv/kvm.h b/linux-headers/asm-riscv/kvm.h
index 54f3ad7ed2..504e733053 100644
--- a/linux-headers/asm-riscv/kvm.h
+++ b/linux-headers/asm-riscv/kvm.h
@@ -110,6 +110,10 @@ struct kvm_riscv_timer {
 	__u64 state;
 };
=20
+/* Possible states for kvm_riscv_timer */
+#define KVM_RISCV_TIMER_STATE_OFF	0
+#define KVM_RISCV_TIMER_STATE_ON	1
+
 /*
  * ISA extension IDs specific to KVM. This is not the same as the host ISA
  * extension IDs as that is internal to the host and should not be exposed
@@ -192,6 +196,9 @@ enum KVM_RISCV_ISA_EXT_ID {
 	KVM_RISCV_ISA_EXT_ZFBFMIN,
 	KVM_RISCV_ISA_EXT_ZVFBFMIN,
 	KVM_RISCV_ISA_EXT_ZVFBFWMA,
+	KVM_RISCV_ISA_EXT_ZCLSD,
+	KVM_RISCV_ISA_EXT_ZILSD,
+	KVM_RISCV_ISA_EXT_ZALASR,
 	KVM_RISCV_ISA_EXT_MAX,
 };
=20
@@ -235,10 +242,6 @@ struct kvm_riscv_sbi_fwft {
 	struct kvm_riscv_sbi_fwft_feature pointer_masking;
 };
=20
-/* Possible states for kvm_riscv_timer */
-#define KVM_RISCV_TIMER_STATE_OFF	0
-#define KVM_RISCV_TIMER_STATE_ON	1
-
 /* If you need to interpret the index values, here is the key: */
 #define KVM_REG_RISCV_TYPE_MASK		0x00000000FF000000
 #define KVM_REG_RISCV_TYPE_SHIFT	24
diff --git a/linux-headers/asm-riscv/ptrace.h b/linux-headers/asm-riscv/ptr=
ace.h
index a3f8211ede..cf87642994 100644
--- a/linux-headers/asm-riscv/ptrace.h
+++ b/linux-headers/asm-riscv/ptrace.h
@@ -9,6 +9,7 @@
 #ifndef __ASSEMBLER__
=20
 #include <linux/types.h>
+#include <linux/const.h>
=20
 #define PTRACE_GETFDPIC		33
=20
@@ -127,6 +128,42 @@ struct __riscv_v_regset_state {
  */
 #define RISCV_MAX_VLENB (8192)
=20
+struct __sc_riscv_cfi_state {
+	unsigned long ss_ptr;   /* shadow stack pointer */
+};
+
+#define PTRACE_CFI_BRANCH_LANDING_PAD_EN_BIT		0
+#define PTRACE_CFI_BRANCH_LANDING_PAD_LOCK_BIT		1
+#define PTRACE_CFI_BRANCH_EXPECTED_LANDING_PAD_BIT	2
+#define PTRACE_CFI_SHADOW_STACK_EN_BIT			3
+#define PTRACE_CFI_SHADOW_STACK_LOCK_BIT		4
+#define PTRACE_CFI_SHADOW_STACK_PTR_BIT			5
+
+#define PTRACE_CFI_BRANCH_LANDING_PAD_EN_STATE		_BITUL(PTRACE_CFI_BRANCH_L=
ANDING_PAD_EN_BIT)
+#define PTRACE_CFI_BRANCH_LANDING_PAD_LOCK_STATE	\
+	_BITUL(PTRACE_CFI_BRANCH_LANDING_PAD_LOCK_BIT)
+#define PTRACE_CFI_BRANCH_EXPECTED_LANDING_PAD_STATE	\
+	_BITUL(PTRACE_CFI_BRANCH_EXPECTED_LANDING_PAD_BIT)
+#define PTRACE_CFI_SHADOW_STACK_EN_STATE		_BITUL(PTRACE_CFI_SHADOW_STACK_E=
N_BIT)
+#define PTRACE_CFI_SHADOW_STACK_LOCK_STATE		_BITUL(PTRACE_CFI_SHADOW_STACK=
_LOCK_BIT)
+#define PTRACE_CFI_SHADOW_STACK_PTR_STATE		_BITUL(PTRACE_CFI_SHADOW_STACK_=
PTR_BIT)
+
+#define PTRACE_CFI_STATE_INVALID_MASK	~(PTRACE_CFI_BRANCH_LANDING_PAD_EN_S=
TATE | \
+					  PTRACE_CFI_BRANCH_LANDING_PAD_LOCK_STATE | \
+					  PTRACE_CFI_BRANCH_EXPECTED_LANDING_PAD_STATE | \
+					  PTRACE_CFI_SHADOW_STACK_EN_STATE | \
+					  PTRACE_CFI_SHADOW_STACK_LOCK_STATE | \
+					  PTRACE_CFI_SHADOW_STACK_PTR_STATE)
+
+struct __cfi_status {
+	__u64 cfi_state;
+};
+
+struct user_cfi_state {
+	struct __cfi_status	cfi_status;
+	__u64 shstk_ptr;
+};
+
 #endif /* __ASSEMBLER__ */
=20
 #endif /* _ASM_RISCV_PTRACE_H */
diff --git a/linux-headers/asm-riscv/unistd_32.h b/linux-headers/asm-riscv/=
unistd_32.h
index 9f33956246..828f3c2b9d 100644
--- a/linux-headers/asm-riscv/unistd_32.h
+++ b/linux-headers/asm-riscv/unistd_32.h
@@ -318,6 +318,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_32_H */
diff --git a/linux-headers/asm-riscv/unistd_64.h b/linux-headers/asm-riscv/=
unistd_64.h
index c2e7258916..8fa59835a3 100644
--- a/linux-headers/asm-riscv/unistd_64.h
+++ b/linux-headers/asm-riscv/unistd_64.h
@@ -328,6 +328,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-s390/unistd_32.h b/linux-headers/asm-s390/un=
istd_32.h
deleted file mode 100644
index 37b8f6f358..0000000000
--- a/linux-headers/asm-s390/unistd_32.h
+++ /dev/null
@@ -1,446 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
-#ifndef _ASM_S390_UNISTD_32_H
-#define _ASM_S390_UNISTD_32_H
-
-#define __NR_exit 1
-#define __NR_fork 2
-#define __NR_read 3
-#define __NR_write 4
-#define __NR_open 5
-#define __NR_close 6
-#define __NR_restart_syscall 7
-#define __NR_creat 8
-#define __NR_link 9
-#define __NR_unlink 10
-#define __NR_execve 11
-#define __NR_chdir 12
-#define __NR_time 13
-#define __NR_mknod 14
-#define __NR_chmod 15
-#define __NR_lchown 16
-#define __NR_lseek 19
-#define __NR_getpid 20
-#define __NR_mount 21
-#define __NR_umount 22
-#define __NR_setuid 23
-#define __NR_getuid 24
-#define __NR_stime 25
-#define __NR_ptrace 26
-#define __NR_alarm 27
-#define __NR_pause 29
-#define __NR_utime 30
-#define __NR_access 33
-#define __NR_nice 34
-#define __NR_sync 36
-#define __NR_kill 37
-#define __NR_rename 38
-#define __NR_mkdir 39
-#define __NR_rmdir 40
-#define __NR_dup 41
-#define __NR_pipe 42
-#define __NR_times 43
-#define __NR_brk 45
-#define __NR_setgid 46
-#define __NR_getgid 47
-#define __NR_signal 48
-#define __NR_geteuid 49
-#define __NR_getegid 50
-#define __NR_acct 51
-#define __NR_umount2 52
-#define __NR_ioctl 54
-#define __NR_fcntl 55
-#define __NR_setpgid 57
-#define __NR_umask 60
-#define __NR_chroot 61
-#define __NR_ustat 62
-#define __NR_dup2 63
-#define __NR_getppid 64
-#define __NR_getpgrp 65
-#define __NR_setsid 66
-#define __NR_sigaction 67
-#define __NR_setreuid 70
-#define __NR_setregid 71
-#define __NR_sigsuspend 72
-#define __NR_sigpending 73
-#define __NR_sethostname 74
-#define __NR_setrlimit 75
-#define __NR_getrlimit 76
-#define __NR_getrusage 77
-#define __NR_gettimeofday 78
-#define __NR_settimeofday 79
-#define __NR_getgroups 80
-#define __NR_setgroups 81
-#define __NR_symlink 83
-#define __NR_readlink 85
-#define __NR_uselib 86
-#define __NR_swapon 87
-#define __NR_reboot 88
-#define __NR_readdir 89
-#define __NR_mmap 90
-#define __NR_munmap 91
-#define __NR_truncate 92
-#define __NR_ftruncate 93
-#define __NR_fchmod 94
-#define __NR_fchown 95
-#define __NR_getpriority 96
-#define __NR_setpriority 97
-#define __NR_statfs 99
-#define __NR_fstatfs 100
-#define __NR_ioperm 101
-#define __NR_socketcall 102
-#define __NR_syslog 103
-#define __NR_setitimer 104
-#define __NR_getitimer 105
-#define __NR_stat 106
-#define __NR_lstat 107
-#define __NR_fstat 108
-#define __NR_lookup_dcookie 110
-#define __NR_vhangup 111
-#define __NR_idle 112
-#define __NR_wait4 114
-#define __NR_swapoff 115
-#define __NR_sysinfo 116
-#define __NR_ipc 117
-#define __NR_fsync 118
-#define __NR_sigreturn 119
-#define __NR_clone 120
-#define __NR_setdomainname 121
-#define __NR_uname 122
-#define __NR_adjtimex 124
-#define __NR_mprotect 125
-#define __NR_sigprocmask 126
-#define __NR_create_module 127
-#define __NR_init_module 128
-#define __NR_delete_module 129
-#define __NR_get_kernel_syms 130
-#define __NR_quotactl 131
-#define __NR_getpgid 132
-#define __NR_fchdir 133
-#define __NR_bdflush 134
-#define __NR_sysfs 135
-#define __NR_personality 136
-#define __NR_afs_syscall 137
-#define __NR_setfsuid 138
-#define __NR_setfsgid 139
-#define __NR__llseek 140
-#define __NR_getdents 141
-#define __NR__newselect 142
-#define __NR_flock 143
-#define __NR_msync 144
-#define __NR_readv 145
-#define __NR_writev 146
-#define __NR_getsid 147
-#define __NR_fdatasync 148
-#define __NR__sysctl 149
-#define __NR_mlock 150
-#define __NR_munlock 151
-#define __NR_mlockall 152
-#define __NR_munlockall 153
-#define __NR_sched_setparam 154
-#define __NR_sched_getparam 155
-#define __NR_sched_setscheduler 156
-#define __NR_sched_getscheduler 157
-#define __NR_sched_yield 158
-#define __NR_sched_get_priority_max 159
-#define __NR_sched_get_priority_min 160
-#define __NR_sched_rr_get_interval 161
-#define __NR_nanosleep 162
-#define __NR_mremap 163
-#define __NR_setresuid 164
-#define __NR_getresuid 165
-#define __NR_query_module 167
-#define __NR_poll 168
-#define __NR_nfsservctl 169
-#define __NR_setresgid 170
-#define __NR_getresgid 171
-#define __NR_prctl 172
-#define __NR_rt_sigreturn 173
-#define __NR_rt_sigaction 174
-#define __NR_rt_sigprocmask 175
-#define __NR_rt_sigpending 176
-#define __NR_rt_sigtimedwait 177
-#define __NR_rt_sigqueueinfo 178
-#define __NR_rt_sigsuspend 179
-#define __NR_pread64 180
-#define __NR_pwrite64 181
-#define __NR_chown 182
-#define __NR_getcwd 183
-#define __NR_capget 184
-#define __NR_capset 185
-#define __NR_sigaltstack 186
-#define __NR_sendfile 187
-#define __NR_getpmsg 188
-#define __NR_putpmsg 189
-#define __NR_vfork 190
-#define __NR_ugetrlimit 191
-#define __NR_mmap2 192
-#define __NR_truncate64 193
-#define __NR_ftruncate64 194
-#define __NR_stat64 195
-#define __NR_lstat64 196
-#define __NR_fstat64 197
-#define __NR_lchown32 198
-#define __NR_getuid32 199
-#define __NR_getgid32 200
-#define __NR_geteuid32 201
-#define __NR_getegid32 202
-#define __NR_setreuid32 203
-#define __NR_setregid32 204
-#define __NR_getgroups32 205
-#define __NR_setgroups32 206
-#define __NR_fchown32 207
-#define __NR_setresuid32 208
-#define __NR_getresuid32 209
-#define __NR_setresgid32 210
-#define __NR_getresgid32 211
-#define __NR_chown32 212
-#define __NR_setuid32 213
-#define __NR_setgid32 214
-#define __NR_setfsuid32 215
-#define __NR_setfsgid32 216
-#define __NR_pivot_root 217
-#define __NR_mincore 218
-#define __NR_madvise 219
-#define __NR_getdents64 220
-#define __NR_fcntl64 221
-#define __NR_readahead 222
-#define __NR_sendfile64 223
-#define __NR_setxattr 224
-#define __NR_lsetxattr 225
-#define __NR_fsetxattr 226
-#define __NR_getxattr 227
-#define __NR_lgetxattr 228
-#define __NR_fgetxattr 229
-#define __NR_listxattr 230
-#define __NR_llistxattr 231
-#define __NR_flistxattr 232
-#define __NR_removexattr 233
-#define __NR_lremovexattr 234
-#define __NR_fremovexattr 235
-#define __NR_gettid 236
-#define __NR_tkill 237
-#define __NR_futex 238
-#define __NR_sched_setaffinity 239
-#define __NR_sched_getaffinity 240
-#define __NR_tgkill 241
-#define __NR_io_setup 243
-#define __NR_io_destroy 244
-#define __NR_io_getevents 245
-#define __NR_io_submit 246
-#define __NR_io_cancel 247
-#define __NR_exit_group 248
-#define __NR_epoll_create 249
-#define __NR_epoll_ctl 250
-#define __NR_epoll_wait 251
-#define __NR_set_tid_address 252
-#define __NR_fadvise64 253
-#define __NR_timer_create 254
-#define __NR_timer_settime 255
-#define __NR_timer_gettime 256
-#define __NR_timer_getoverrun 257
-#define __NR_timer_delete 258
-#define __NR_clock_settime 259
-#define __NR_clock_gettime 260
-#define __NR_clock_getres 261
-#define __NR_clock_nanosleep 262
-#define __NR_fadvise64_64 264
-#define __NR_statfs64 265
-#define __NR_fstatfs64 266
-#define __NR_remap_file_pages 267
-#define __NR_mbind 268
-#define __NR_get_mempolicy 269
-#define __NR_set_mempolicy 270
-#define __NR_mq_open 271
-#define __NR_mq_unlink 272
-#define __NR_mq_timedsend 273
-#define __NR_mq_timedreceive 274
-#define __NR_mq_notify 275
-#define __NR_mq_getsetattr 276
-#define __NR_kexec_load 277
-#define __NR_add_key 278
-#define __NR_request_key 279
-#define __NR_keyctl 280
-#define __NR_waitid 281
-#define __NR_ioprio_set 282
-#define __NR_ioprio_get 283
-#define __NR_inotify_init 284
-#define __NR_inotify_add_watch 285
-#define __NR_inotify_rm_watch 286
-#define __NR_migrate_pages 287
-#define __NR_openat 288
-#define __NR_mkdirat 289
-#define __NR_mknodat 290
-#define __NR_fchownat 291
-#define __NR_futimesat 292
-#define __NR_fstatat64 293
-#define __NR_unlinkat 294
-#define __NR_renameat 295
-#define __NR_linkat 296
-#define __NR_symlinkat 297
-#define __NR_readlinkat 298
-#define __NR_fchmodat 299
-#define __NR_faccessat 300
-#define __NR_pselect6 301
-#define __NR_ppoll 302
-#define __NR_unshare 303
-#define __NR_set_robust_list 304
-#define __NR_get_robust_list 305
-#define __NR_splice 306
-#define __NR_sync_file_range 307
-#define __NR_tee 308
-#define __NR_vmsplice 309
-#define __NR_move_pages 310
-#define __NR_getcpu 311
-#define __NR_epoll_pwait 312
-#define __NR_utimes 313
-#define __NR_fallocate 314
-#define __NR_utimensat 315
-#define __NR_signalfd 316
-#define __NR_timerfd 317
-#define __NR_eventfd 318
-#define __NR_timerfd_create 319
-#define __NR_timerfd_settime 320
-#define __NR_timerfd_gettime 321
-#define __NR_signalfd4 322
-#define __NR_eventfd2 323
-#define __NR_inotify_init1 324
-#define __NR_pipe2 325
-#define __NR_dup3 326
-#define __NR_epoll_create1 327
-#define __NR_preadv 328
-#define __NR_pwritev 329
-#define __NR_rt_tgsigqueueinfo 330
-#define __NR_perf_event_open 331
-#define __NR_fanotify_init 332
-#define __NR_fanotify_mark 333
-#define __NR_prlimit64 334
-#define __NR_name_to_handle_at 335
-#define __NR_open_by_handle_at 336
-#define __NR_clock_adjtime 337
-#define __NR_syncfs 338
-#define __NR_setns 339
-#define __NR_process_vm_readv 340
-#define __NR_process_vm_writev 341
-#define __NR_s390_runtime_instr 342
-#define __NR_kcmp 343
-#define __NR_finit_module 344
-#define __NR_sched_setattr 345
-#define __NR_sched_getattr 346
-#define __NR_renameat2 347
-#define __NR_seccomp 348
-#define __NR_getrandom 349
-#define __NR_memfd_create 350
-#define __NR_bpf 351
-#define __NR_s390_pci_mmio_write 352
-#define __NR_s390_pci_mmio_read 353
-#define __NR_execveat 354
-#define __NR_userfaultfd 355
-#define __NR_membarrier 356
-#define __NR_recvmmsg 357
-#define __NR_sendmmsg 358
-#define __NR_socket 359
-#define __NR_socketpair 360
-#define __NR_bind 361
-#define __NR_connect 362
-#define __NR_listen 363
-#define __NR_accept4 364
-#define __NR_getsockopt 365
-#define __NR_setsockopt 366
-#define __NR_getsockname 367
-#define __NR_getpeername 368
-#define __NR_sendto 369
-#define __NR_sendmsg 370
-#define __NR_recvfrom 371
-#define __NR_recvmsg 372
-#define __NR_shutdown 373
-#define __NR_mlock2 374
-#define __NR_copy_file_range 375
-#define __NR_preadv2 376
-#define __NR_pwritev2 377
-#define __NR_s390_guarded_storage 378
-#define __NR_statx 379
-#define __NR_s390_sthyi 380
-#define __NR_kexec_file_load 381
-#define __NR_io_pgetevents 382
-#define __NR_rseq 383
-#define __NR_pkey_mprotect 384
-#define __NR_pkey_alloc 385
-#define __NR_pkey_free 386
-#define __NR_semget 393
-#define __NR_semctl 394
-#define __NR_shmget 395
-#define __NR_shmctl 396
-#define __NR_shmat 397
-#define __NR_shmdt 398
-#define __NR_msgget 399
-#define __NR_msgsnd 400
-#define __NR_msgrcv 401
-#define __NR_msgctl 402
-#define __NR_clock_gettime64 403
-#define __NR_clock_settime64 404
-#define __NR_clock_adjtime64 405
-#define __NR_clock_getres_time64 406
-#define __NR_clock_nanosleep_time64 407
-#define __NR_timer_gettime64 408
-#define __NR_timer_settime64 409
-#define __NR_timerfd_gettime64 410
-#define __NR_timerfd_settime64 411
-#define __NR_utimensat_time64 412
-#define __NR_pselect6_time64 413
-#define __NR_ppoll_time64 414
-#define __NR_io_pgetevents_time64 416
-#define __NR_recvmmsg_time64 417
-#define __NR_mq_timedsend_time64 418
-#define __NR_mq_timedreceive_time64 419
-#define __NR_semtimedop_time64 420
-#define __NR_rt_sigtimedwait_time64 421
-#define __NR_futex_time64 422
-#define __NR_sched_rr_get_interval_time64 423
-#define __NR_pidfd_send_signal 424
-#define __NR_io_uring_setup 425
-#define __NR_io_uring_enter 426
-#define __NR_io_uring_register 427
-#define __NR_open_tree 428
-#define __NR_move_mount 429
-#define __NR_fsopen 430
-#define __NR_fsconfig 431
-#define __NR_fsmount 432
-#define __NR_fspick 433
-#define __NR_pidfd_open 434
-#define __NR_clone3 435
-#define __NR_close_range 436
-#define __NR_openat2 437
-#define __NR_pidfd_getfd 438
-#define __NR_faccessat2 439
-#define __NR_process_madvise 440
-#define __NR_epoll_pwait2 441
-#define __NR_mount_setattr 442
-#define __NR_quotactl_fd 443
-#define __NR_landlock_create_ruleset 444
-#define __NR_landlock_add_rule 445
-#define __NR_landlock_restrict_self 446
-#define __NR_memfd_secret 447
-#define __NR_process_mrelease 448
-#define __NR_futex_waitv 449
-#define __NR_set_mempolicy_home_node 450
-#define __NR_cachestat 451
-#define __NR_fchmodat2 452
-#define __NR_map_shadow_stack 453
-#define __NR_futex_wake 454
-#define __NR_futex_wait 455
-#define __NR_futex_requeue 456
-#define __NR_statmount 457
-#define __NR_listmount 458
-#define __NR_lsm_get_self_attr 459
-#define __NR_lsm_set_self_attr 460
-#define __NR_lsm_list_modules 461
-#define __NR_mseal 462
-#define __NR_setxattrat 463
-#define __NR_getxattrat 464
-#define __NR_listxattrat 465
-#define __NR_removexattrat 466
-#define __NR_open_tree_attr 467
-#define __NR_file_getattr 468
-#define __NR_file_setattr 469
-
-#endif /* _ASM_S390_UNISTD_32_H */
diff --git a/linux-headers/asm-s390/unistd_64.h b/linux-headers/asm-s390/un=
istd_64.h
index 8d9e579ef5..01f674c1bc 100644
--- a/linux-headers/asm-s390/unistd_64.h
+++ b/linux-headers/asm-s390/unistd_64.h
@@ -390,6 +390,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index b804fd25a2..01d46e2929 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -197,13 +197,13 @@ struct kvm_msrs {
 	__u32 nmsrs; /* number of msrs in entries */
 	__u32 pad;
=20
-	struct kvm_msr_entry entries[];
+	__DECLARE_FLEX_ARRAY(struct kvm_msr_entry, entries);
 };
=20
 /* for KVM_GET_MSR_INDEX_LIST */
 struct kvm_msr_list {
 	__u32 nmsrs; /* number of msrs in entries */
-	__u32 indices[];
+	__DECLARE_FLEX_ARRAY(__u32, indices);
 };
=20
 /* Maximum size of any access bitmap in bytes */
@@ -243,7 +243,7 @@ struct kvm_cpuid_entry {
 struct kvm_cpuid {
 	__u32 nent;
 	__u32 padding;
-	struct kvm_cpuid_entry entries[];
+	__DECLARE_FLEX_ARRAY(struct kvm_cpuid_entry, entries);
 };
=20
 struct kvm_cpuid_entry2 {
@@ -265,7 +265,7 @@ struct kvm_cpuid_entry2 {
 struct kvm_cpuid2 {
 	__u32 nent;
 	__u32 padding;
-	struct kvm_cpuid_entry2 entries[];
+	__DECLARE_FLEX_ARRAY(struct kvm_cpuid_entry2, entries);
 };
=20
 /* for KVM_GET_PIT and KVM_SET_PIT */
@@ -396,7 +396,7 @@ struct kvm_xsave {
 	 * the contents of CPUID leaf 0xD on the host.
 	 */
 	__u32 region[1024];
-	__u32 extra[];
+	__DECLARE_FLEX_ARRAY(__u32, extra);
 };
=20
 #define KVM_MAX_XCRS	16
@@ -474,6 +474,7 @@ struct kvm_sync_regs {
 #define KVM_X86_QUIRK_SLOT_ZAP_ALL		(1 << 7)
 #define KVM_X86_QUIRK_STUFF_FEATURE_MSRS	(1 << 8)
 #define KVM_X86_QUIRK_IGNORE_GUEST_PAT		(1 << 9)
+#define KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM (1 << 10)
=20
 #define KVM_STATE_NESTED_FORMAT_VMX	0
 #define KVM_STATE_NESTED_FORMAT_SVM	1
@@ -501,6 +502,7 @@ struct kvm_sync_regs {
 #define KVM_X86_GRP_SEV			1
 #  define KVM_X86_SEV_VMSA_FEATURES	0
 #  define KVM_X86_SNP_POLICY_BITS	1
+#  define KVM_X86_SEV_SNP_REQ_CERTS	2
=20
 struct kvm_vmx_nested_state_data {
 	__u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
@@ -562,7 +564,7 @@ struct kvm_pmu_event_filter {
 	__u32 fixed_counter_bitmap;
 	__u32 flags;
 	__u32 pad[4];
-	__u64 events[];
+	__DECLARE_FLEX_ARRAY(__u64, events);
 };
=20
 #define KVM_PMU_EVENT_ALLOW 0
@@ -741,6 +743,7 @@ enum sev_cmd_id {
 	KVM_SEV_SNP_LAUNCH_START =3D 100,
 	KVM_SEV_SNP_LAUNCH_UPDATE,
 	KVM_SEV_SNP_LAUNCH_FINISH,
+	KVM_SEV_SNP_ENABLE_REQ_CERTS,
=20
 	KVM_SEV_NR_MAX,
 };
@@ -912,8 +915,10 @@ struct kvm_sev_snp_launch_finish {
 	__u64 pad1[4];
 };
=20
-#define KVM_X2APIC_API_USE_32BIT_IDS            (1ULL << 0)
-#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK  (1ULL << 1)
+#define KVM_X2APIC_API_USE_32BIT_IDS			_BITULL(0)
+#define KVM_X2APIC_API_DISABLE_BROADCAST_QUIRK		_BITULL(1)
+#define KVM_X2APIC_ENABLE_SUPPRESS_EOI_BROADCAST	_BITULL(2)
+#define KVM_X2APIC_DISABLE_SUPPRESS_EOI_BROADCAST	_BITULL(3)
=20
 struct kvm_hyperv_eventfd {
 	__u32 conn_id;
diff --git a/linux-headers/asm-x86/unistd_32.h b/linux-headers/asm-x86/unis=
td_32.h
index 34255aac64..e945468829 100644
--- a/linux-headers/asm-x86/unistd_32.h
+++ b/linux-headers/asm-x86/unistd_32.h
@@ -461,6 +461,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_32_H */
diff --git a/linux-headers/asm-x86/unistd_64.h b/linux-headers/asm-x86/unis=
td_64.h
index 07f242a5fa..3c49b00ed1 100644
--- a/linux-headers/asm-x86/unistd_64.h
+++ b/linux-headers/asm-x86/unistd_64.h
@@ -385,6 +385,7 @@
 #define __NR_file_getattr 468
 #define __NR_file_setattr 469
 #define __NR_listns 470
+#define __NR_rseq_slice_yield 471
=20
=20
 #endif /* _ASM_UNISTD_64_H */
diff --git a/linux-headers/asm-x86/unistd_x32.h b/linux-headers/asm-x86/uni=
std_x32.h
index 08fc9da2fa..bd2af9ad08 100644
--- a/linux-headers/asm-x86/unistd_x32.h
+++ b/linux-headers/asm-x86/unistd_x32.h
@@ -338,6 +338,7 @@
 #define __NR_file_getattr (__X32_SYSCALL_BIT + 468)
 #define __NR_file_setattr (__X32_SYSCALL_BIT + 469)
 #define __NR_listns (__X32_SYSCALL_BIT + 470)
+#define __NR_rseq_slice_yield (__X32_SYSCALL_BIT + 471)
 #define __NR_rt_sigaction (__X32_SYSCALL_BIT + 512)
 #define __NR_rt_sigreturn (__X32_SYSCALL_BIT + 513)
 #define __NR_ioctl (__X32_SYSCALL_BIT + 514)
diff --git a/linux-headers/linux/const.h b/linux-headers/linux/const.h
index 95ede23342..c6a9d0c983 100644
--- a/linux-headers/linux/const.h
+++ b/linux-headers/linux/const.h
@@ -50,4 +50,22 @@
=20
 #define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
=20
+/*
+ * Divide positive or negative dividend by positive or negative divisor
+ * and round to closest integer. Result is undefined for negative
+ * divisors if the dividend variable type is unsigned and for negative
+ * dividends if the divisor variable type is unsigned.
+ */
+#define __KERNEL_DIV_ROUND_CLOSEST(x, divisor)		\
+({							\
+	__typeof__(x) __x =3D x;				\
+	__typeof__(divisor) __d =3D divisor;		\
+							\
+	(((__typeof__(x))-1) > 0 ||			\
+	 ((__typeof__(divisor))-1) > 0 ||		\
+	 (((__x) > 0) =3D=3D ((__d) > 0))) ?		\
+		(((__x) + ((__d) / 2)) / (__d)) :	\
+		(((__x) - ((__d) / 2)) / (__d));	\
+})
+
 #endif /* _LINUX_CONST_H */
diff --git a/linux-headers/linux/iommufd.h b/linux-headers/linux/iommufd.h
index 384183a403..82587c7d62 100644
--- a/linux-headers/linux/iommufd.h
+++ b/linux-headers/linux/iommufd.h
@@ -465,16 +465,27 @@ struct iommu_hwpt_arm_smmuv3 {
 	__aligned_le64 ste[2];
 };
=20
+/**
+ * struct iommu_hwpt_amd_guest - AMD IOMMU guest I/O page table data
+ *				 (IOMMU_HWPT_DATA_AMD_GUEST)
+ * @dte: Guest Device Table Entry (DTE)
+ */
+struct iommu_hwpt_amd_guest {
+	__aligned_u64 dte[4];
+};
+
 /**
  * enum iommu_hwpt_data_type - IOMMU HWPT Data Type
  * @IOMMU_HWPT_DATA_NONE: no data
  * @IOMMU_HWPT_DATA_VTD_S1: Intel VT-d stage-1 page table
  * @IOMMU_HWPT_DATA_ARM_SMMUV3: ARM SMMUv3 Context Descriptor Table
+ * @IOMMU_HWPT_DATA_AMD_GUEST: AMD IOMMU guest page table
  */
 enum iommu_hwpt_data_type {
 	IOMMU_HWPT_DATA_NONE =3D 0,
 	IOMMU_HWPT_DATA_VTD_S1 =3D 1,
 	IOMMU_HWPT_DATA_ARM_SMMUV3 =3D 2,
+	IOMMU_HWPT_DATA_AMD_GUEST =3D 3,
 };
=20
 /**
@@ -623,6 +634,32 @@ struct iommu_hw_info_tegra241_cmdqv {
 	__u8 __reserved;
 };
=20
+/**
+ * struct iommu_hw_info_amd - AMD IOMMU device info
+ *
+ * @efr : Value of AMD IOMMU Extended Feature Register (EFR)
+ * @efr2: Value of AMD IOMMU Extended Feature 2 Register (EFR2)
+ *
+ * Please See description of these registers in the following sections of
+ * the AMD I/O Virtualization Technology (IOMMU) Specification.
+ * (https://docs.amd.com/v/u/en-US/48882_3.10_PUB)
+ *
+ * - MMIO Offset 0030h IOMMU Extended Feature Register
+ * - MMIO Offset 01A0h IOMMU Extended Feature 2 Register
+ *
+ * Note: The EFR and EFR2 are raw values reported by hardware.
+ * VMM is responsible to determine the appropriate flags to be exposed to
+ * the VM since cetertain features are not currently supported by the kern=
el
+ * for HW-vIOMMU.
+ *
+ * Current VMM-allowed list of feature flags are:
+ * - EFR[GTSup, GASup, GioSup, PPRSup, EPHSup, GATS, GLX, PASmax]
+ */
+struct iommu_hw_info_amd {
+	__aligned_u64 efr;
+	__aligned_u64 efr2;
+};
+
 /**
  * enum iommu_hw_info_type - IOMMU Hardware Info Types
  * @IOMMU_HW_INFO_TYPE_NONE: Output by the drivers that do not report hard=
ware
@@ -632,6 +669,7 @@ struct iommu_hw_info_tegra241_cmdqv {
  * @IOMMU_HW_INFO_TYPE_ARM_SMMUV3: ARM SMMUv3 iommu info type
  * @IOMMU_HW_INFO_TYPE_TEGRA241_CMDQV: NVIDIA Tegra241 CMDQV (extension fo=
r ARM
  *                                     SMMUv3) info type
+ * @IOMMU_HW_INFO_TYPE_AMD: AMD IOMMU info type
  */
 enum iommu_hw_info_type {
 	IOMMU_HW_INFO_TYPE_NONE =3D 0,
@@ -639,6 +677,7 @@ enum iommu_hw_info_type {
 	IOMMU_HW_INFO_TYPE_INTEL_VTD =3D 1,
 	IOMMU_HW_INFO_TYPE_ARM_SMMUV3 =3D 2,
 	IOMMU_HW_INFO_TYPE_TEGRA241_CMDQV =3D 3,
+	IOMMU_HW_INFO_TYPE_AMD =3D 4,
 };
=20
 /**
@@ -656,11 +695,15 @@ enum iommu_hw_info_type {
  * @IOMMU_HW_CAP_PCI_PASID_PRIV: Privileged Mode Supported, user ignores it
  *                               when the struct
  *                               iommu_hw_info::out_max_pasid_log2 is zero.
+ * @IOMMU_HW_CAP_PCI_ATS_NOT_SUPPORTED: ATS is not supported or cannot be =
used
+ *                                      on this device (absence implies ATS
+ *                                      may be enabled)
  */
 enum iommufd_hw_capabilities {
 	IOMMU_HW_CAP_DIRTY_TRACKING =3D 1 << 0,
 	IOMMU_HW_CAP_PCI_PASID_EXEC =3D 1 << 1,
 	IOMMU_HW_CAP_PCI_PASID_PRIV =3D 1 << 2,
+	IOMMU_HW_CAP_PCI_ATS_NOT_SUPPORTED =3D 1 << 3,
 };
=20
 /**
@@ -1013,6 +1056,11 @@ struct iommu_fault_alloc {
 enum iommu_viommu_type {
 	IOMMU_VIOMMU_TYPE_DEFAULT =3D 0,
 	IOMMU_VIOMMU_TYPE_ARM_SMMUV3 =3D 1,
+	/*
+	 * TEGRA241_CMDQV requirements (otherwise, VCMDQs will not work)
+	 * - Kernel will allocate a VINTF (HYP_OWN=3D0) to back this VIOMMU. So,
+	 *   VMM must wire the HYP_OWN bit to 0 in guest VINTF_CONFIG register
+	 */
 	IOMMU_VIOMMU_TYPE_TEGRA241_CMDQV =3D 2,
 };
=20
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index a4ab42dcba..c1baca4302 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -11,9 +11,11 @@
 #include <linux/const.h>
 #include <linux/types.h>
=20
+#include <linux/stddef.h>
 #include <linux/ioctl.h>
 #include <asm/kvm.h>
=20
+
 #define KVM_API_VERSION 12
=20
 /*
@@ -135,6 +137,12 @@ struct kvm_xen_exit {
 	} u;
 };
=20
+struct kvm_exit_snp_req_certs {
+	__u64 gpa;
+	__u64 npages;
+	__u64 ret;
+};
+
 #define KVM_S390_GET_SKEYS_NONE   1
 #define KVM_S390_SKEYS_MAX        1048576
=20
@@ -180,6 +188,8 @@ struct kvm_xen_exit {
 #define KVM_EXIT_MEMORY_FAULT     39
 #define KVM_EXIT_TDX              40
 #define KVM_EXIT_ARM_SEA          41
+#define KVM_EXIT_ARM_LDST64B      42
+#define KVM_EXIT_SNP_REQ_CERTS    43
=20
 /* For KVM_EXIT_INTERNAL_ERROR */
 /* Emulate instruction failed. */
@@ -394,7 +404,7 @@ struct kvm_run {
 		} eoi;
 		/* KVM_EXIT_HYPERV */
 		struct kvm_hyperv_exit hyperv;
-		/* KVM_EXIT_ARM_NISV */
+		/* KVM_EXIT_ARM_NISV / KVM_EXIT_ARM_LDST64B */
 		struct {
 			__u64 esr_iss;
 			__u64 fault_ipa;
@@ -474,6 +484,8 @@ struct kvm_run {
 			__u64 gva;
 			__u64 gpa;
 		} arm_sea;
+		/* KVM_EXIT_SNP_REQ_CERTS */
+		struct kvm_exit_snp_req_certs snp_req_certs;
 		/* Fix the size of the union. */
 		char padding[256];
 	};
@@ -520,7 +532,7 @@ struct kvm_coalesced_mmio {
=20
 struct kvm_coalesced_mmio_ring {
 	__u32 first, last;
-	struct kvm_coalesced_mmio coalesced_mmio[];
+	__DECLARE_FLEX_ARRAY(struct kvm_coalesced_mmio, coalesced_mmio);
 };
=20
 #define KVM_COALESCED_MMIO_MAX \
@@ -570,7 +582,7 @@ struct kvm_clear_dirty_log {
 /* for KVM_SET_SIGNAL_MASK */
 struct kvm_signal_mask {
 	__u32 len;
-	__u8  sigset[];
+	__DECLARE_FLEX_ARRAY(__u8, sigset);
 };
=20
 /* for KVM_TPR_ACCESS_REPORTING */
@@ -681,6 +693,11 @@ struct kvm_enable_cap {
 #define KVM_VM_TYPE_ARM_IPA_SIZE_MASK	0xffULL
 #define KVM_VM_TYPE_ARM_IPA_SIZE(x)		\
 	((x) & KVM_VM_TYPE_ARM_IPA_SIZE_MASK)
+
+#define KVM_VM_TYPE_ARM_PROTECTED	(1UL << 31)
+#define KVM_VM_TYPE_ARM_MASK		(KVM_VM_TYPE_ARM_IPA_SIZE_MASK | \
+					 KVM_VM_TYPE_ARM_PROTECTED)
+
 /*
  * ioctls for /dev/kvm fds:
  */
@@ -966,6 +983,9 @@ struct kvm_enable_cap {
 #define KVM_CAP_GUEST_MEMFD_FLAGS 244
 #define KVM_CAP_ARM_SEA_TO_USER 245
 #define KVM_CAP_S390_USER_OPEREXEC 246
+#define KVM_CAP_S390_KEYOP 247
+#define KVM_CAP_S390_VSIE_ESAMODE 248
+#define KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES 249
=20
 struct kvm_irq_routing_irqchip {
 	__u32 irqchip;
@@ -1028,7 +1048,7 @@ struct kvm_irq_routing_entry {
 struct kvm_irq_routing {
 	__u32 nr;
 	__u32 flags;
-	struct kvm_irq_routing_entry entries[];
+	__DECLARE_FLEX_ARRAY(struct kvm_irq_routing_entry, entries);
 };
=20
 #define KVM_IRQFD_FLAG_DEASSIGN (1 << 0)
@@ -1119,7 +1139,7 @@ struct kvm_dirty_tlb {
=20
 struct kvm_reg_list {
 	__u64 n; /* number of regs */
-	__u64 reg[];
+	__DECLARE_FLEX_ARRAY(__u64, reg);
 };
=20
 struct kvm_one_reg {
@@ -1201,6 +1221,10 @@ enum kvm_device_type {
 #define KVM_DEV_TYPE_LOONGARCH_EIOINTC	KVM_DEV_TYPE_LOONGARCH_EIOINTC
 	KVM_DEV_TYPE_LOONGARCH_PCHPIC,
 #define KVM_DEV_TYPE_LOONGARCH_PCHPIC	KVM_DEV_TYPE_LOONGARCH_PCHPIC
+	KVM_DEV_TYPE_LOONGARCH_DMSINTC,
+#define KVM_DEV_TYPE_LOONGARCH_DMSINTC	KVM_DEV_TYPE_LOONGARCH_DMSINTC
+	KVM_DEV_TYPE_ARM_VGIC_V5,
+#define KVM_DEV_TYPE_ARM_VGIC_V5	KVM_DEV_TYPE_ARM_VGIC_V5
=20
 	KVM_DEV_TYPE_MAX,
=20
@@ -1211,6 +1235,16 @@ struct kvm_vfio_spapr_tce {
 	__s32	tablefd;
 };
=20
+#define KVM_S390_KEYOP_ISKE 0x01
+#define KVM_S390_KEYOP_RRBE 0x02
+#define KVM_S390_KEYOP_SSKE 0x03
+struct kvm_s390_keyop {
+	__u64 guest_addr;
+	__u8  key;
+	__u8  operation;
+	__u8  pad[6];
+};
+
 /*
  * KVM_CREATE_VCPU receives as a parameter the vcpu slot, and returns
  * a vcpu fd.
@@ -1230,6 +1264,7 @@ struct kvm_vfio_spapr_tce {
 #define KVM_S390_UCAS_MAP        _IOW(KVMIO, 0x50, struct kvm_s390_ucas_ma=
pping)
 #define KVM_S390_UCAS_UNMAP      _IOW(KVMIO, 0x51, struct kvm_s390_ucas_ma=
pping)
 #define KVM_S390_VCPU_FAULT	 _IOW(KVMIO, 0x52, unsigned long)
+#define KVM_S390_KEYOP           _IOWR(KVMIO, 0x53, struct kvm_s390_keyop)
=20
 /* Device model IOC */
 #define KVM_CREATE_IRQCHIP        _IO(KVMIO,   0x60)
@@ -1571,7 +1606,7 @@ struct kvm_stats_desc {
 	__u16 size;
 	__u32 offset;
 	__u32 bucket_size;
-	char name[];
+	__DECLARE_FLEX_ARRAY(char, name);
 };
=20
 #define KVM_GET_STATS_FD  _IO(KVMIO,  0xce)
@@ -1599,6 +1634,21 @@ struct kvm_memory_attributes {
 	__u64 flags;
 };
=20
+/* Available with KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTES */
+#define KVM_SET_MEMORY_ATTRIBUTES2              _IOWR(KVMIO,  0xd2, struct=
 kvm_memory_attributes2)
+
+struct kvm_memory_attributes2 {
+	union {
+		__u64 address;
+		__u64 offset;
+	};
+	__u64 size;
+	__u64 attributes;
+	__u64 flags;
+	__u64 error_offset;
+	__u64 reserved[11];
+};
+
 #define KVM_MEMORY_ATTRIBUTE_PRIVATE           (1ULL << 3)
=20
 #define KVM_CREATE_GUEST_MEMFD	_IOWR(KVMIO,  0xd4, struct kvm_create_guest=
_memfd)
diff --git a/linux-headers/linux/mshv.h b/linux-headers/linux/mshv.h
index acceeddc1c..6c7d3a9316 100644
--- a/linux-headers/linux/mshv.h
+++ b/linux-headers/linux/mshv.h
@@ -27,6 +27,8 @@ enum {
 	MSHV_PT_BIT_X2APIC,
 	MSHV_PT_BIT_GPA_SUPER_PAGES,
 	MSHV_PT_BIT_CPU_AND_XSAVE_FEATURES,
+	MSHV_PT_BIT_NESTED_VIRTUALIZATION,
+	MSHV_PT_BIT_SMT_ENABLED_GUEST,
 	MSHV_PT_BIT_COUNT,
 };
=20
@@ -355,7 +357,7 @@ struct mshv_vtl_sint_post_msg {
=20
 struct mshv_vtl_ram_disposition {
 	__u64 start_pfn;
-	__u64 last_pfn;
+	__u64 last_pfn; /* last_pfn is excluded from the range [start_pfn, last_p=
fn) */
 };
=20
 struct mshv_vtl_set_poll_file {
diff --git a/linux-headers/linux/psp-sev.h b/linux-headers/linux/psp-sev.h
index 9479928a4a..7df5002259 100644
--- a/linux-headers/linux/psp-sev.h
+++ b/linux-headers/linux/psp-sev.h
@@ -277,7 +277,7 @@ struct sev_user_data_snp_wrapped_vlek_hashstick {
  * struct sev_issue_cmd - SEV ioctl parameters
  *
  * @cmd: SEV commands to execute
- * @opaque: pointer to the command structure
+ * @data: pointer to the command structure
  * @error: SEV FW return code on failure
  */
 struct sev_issue_cmd {
diff --git a/linux-headers/linux/stddef.h b/linux-headers/linux/stddef.h
index 48ee4438e0..4574982594 100644
--- a/linux-headers/linux/stddef.h
+++ b/linux-headers/linux/stddef.h
@@ -69,6 +69,10 @@
 #define __counted_by_be(m)
 #endif
=20
+#ifndef __counted_by_ptr
+#define __counted_by_ptr(m)
+#endif
+
 #define __kernel_nonstring
=20
 #endif /* _LINUX_STDDEF_H */
diff --git a/linux-headers/linux/vduse.h b/linux-headers/linux/vduse.h
index da6ac89af1..e19b3c0f51 100644
--- a/linux-headers/linux/vduse.h
+++ b/linux-headers/linux/vduse.h
@@ -10,6 +10,10 @@
=20
 #define VDUSE_API_VERSION	0
=20
+/* VQ groups and ASID support */
+
+#define VDUSE_API_VERSION_1	1
+
 /*
  * Get the version of VDUSE API that kernel supported (VDUSE_API_VERSION).
  * This is used for future extension.
@@ -27,6 +31,8 @@
  * @features: virtio features
  * @vq_num: the number of virtqueues
  * @vq_align: the allocation alignment of virtqueue's metadata
+ * @ngroups: number of vq groups that VDUSE device declares
+ * @nas: number of address spaces that VDUSE device declares
  * @reserved: for future use, needs to be initialized to zero
  * @config_size: the size of the configuration space
  * @config: the buffer of the configuration space
@@ -41,7 +47,9 @@ struct vduse_dev_config {
 	__u64 features;
 	__u32 vq_num;
 	__u32 vq_align;
-	__u32 reserved[13];
+	__u32 ngroups; /* if VDUSE_API_VERSION >=3D 1 */
+	__u32 nas; /* if VDUSE_API_VERSION >=3D 1 */
+	__u32 reserved[11];
 	__u32 config_size;
 	__u8 config[];
 };
@@ -118,14 +126,18 @@ struct vduse_config_data {
  * struct vduse_vq_config - basic configuration of a virtqueue
  * @index: virtqueue index
  * @max_size: the max size of virtqueue
- * @reserved: for future use, needs to be initialized to zero
+ * @reserved1: for future use, needs to be initialized to zero
+ * @group: virtqueue group
+ * @reserved2: for future use, needs to be initialized to zero
  *
  * Structure used by VDUSE_VQ_SETUP ioctl to setup a virtqueue.
  */
 struct vduse_vq_config {
 	__u32 index;
 	__u16 max_size;
-	__u16 reserved[13];
+	__u16 reserved1;
+	__u32 group;
+	__u16 reserved2[10];
 };
=20
 /*
@@ -156,6 +168,16 @@ struct vduse_vq_state_packed {
 	__u16 last_used_idx;
 };
=20
+/**
+ * struct vduse_vq_group_asid - virtqueue group ASID
+ * @group: Index of the virtqueue group
+ * @asid: Address space ID of the group
+ */
+struct vduse_vq_group_asid {
+	__u32 group;
+	__u32 asid;
+};
+
 /**
  * struct vduse_vq_info - information of a virtqueue
  * @index: virtqueue index
@@ -215,6 +237,7 @@ struct vduse_vq_eventfd {
  * @uaddr: start address of userspace memory, it must be aligned to page s=
ize
  * @iova: start of the IOVA region
  * @size: size of the IOVA region
+ * @asid: Address space ID of the IOVA region
  * @reserved: for future use, needs to be initialized to zero
  *
  * Structure used by VDUSE_IOTLB_REG_UMEM and VDUSE_IOTLB_DEREG_UMEM
@@ -224,7 +247,8 @@ struct vduse_iova_umem {
 	__u64 uaddr;
 	__u64 iova;
 	__u64 size;
-	__u64 reserved[3];
+	__u32 asid;
+	__u32 reserved[5];
 };
=20
 /* Register userspace memory for IOVA regions */
@@ -238,6 +262,7 @@ struct vduse_iova_umem {
  * @start: start of the IOVA region
  * @last: last of the IOVA region
  * @capability: capability of the IOVA region
+ * @asid: Address space ID of the IOVA region, only if device API version =
>=3D 1
  * @reserved: for future use, needs to be initialized to zero
  *
  * Structure used by VDUSE_IOTLB_GET_INFO ioctl to get information of
@@ -248,7 +273,8 @@ struct vduse_iova_info {
 	__u64 last;
 #define VDUSE_IOVA_CAP_UMEM (1 << 0)
 	__u64 capability;
-	__u64 reserved[3];
+	__u32 asid; /* Only if device API version >=3D 1 */
+	__u32 reserved[5];
 };
=20
 /*
@@ -257,6 +283,32 @@ struct vduse_iova_info {
  */
 #define VDUSE_IOTLB_GET_INFO	_IOWR(VDUSE_BASE, 0x1a, struct vduse_iova_inf=
o)
=20
+/**
+ * struct vduse_iotlb_entry_v2 - entry of IOTLB to describe one IOVA region
+ *
+ * @v1: the original vduse_iotlb_entry
+ * @asid: address space ID of the IOVA region
+ * @reserved: for future use, needs to be initialized to zero
+ *
+ * Structure used by VDUSE_IOTLB_GET_FD2 ioctl to find an overlapped IOVA =
region.
+ */
+struct vduse_iotlb_entry_v2 {
+	__u64 offset;
+	__u64 start;
+	__u64 last;
+	__u8 perm;
+	__u8 padding[7];
+	__u32 asid;
+	__u32 reserved[11];
+};
+
+/*
+ * Same as VDUSE_IOTLB_GET_FD but with vduse_iotlb_entry_v2 argument that
+ * support extra fields.
+ */
+#define VDUSE_IOTLB_GET_FD2	_IOWR(VDUSE_BASE, 0x1b, struct vduse_iotlb_ent=
ry_v2)
+
+
 /* The control messages definition for read(2)/write(2) on /dev/vduse/$NAM=
E */
=20
 /**
@@ -265,11 +317,14 @@ struct vduse_iova_info {
  * @VDUSE_SET_STATUS: set the device status
  * @VDUSE_UPDATE_IOTLB: Notify userspace to update the memory mapping for
  *                      specified IOVA range via VDUSE_IOTLB_GET_FD ioctl
+ * @VDUSE_SET_VQ_GROUP_ASID: Notify userspace to update the address space =
of a
+ *                           virtqueue group.
  */
 enum vduse_req_type {
 	VDUSE_GET_VQ_STATE,
 	VDUSE_SET_STATUS,
 	VDUSE_UPDATE_IOTLB,
+	VDUSE_SET_VQ_GROUP_ASID,
 };
=20
 /**
@@ -304,6 +359,19 @@ struct vduse_iova_range {
 	__u64 last;
 };
=20
+/**
+ * struct vduse_iova_range_v2 - IOVA range [start, last] if API_VERSION >=
=3D 1
+ * @start: start of the IOVA range
+ * @last: last of the IOVA range
+ * @asid: address space ID of the IOVA range
+ */
+struct vduse_iova_range_v2 {
+	__u64 start;
+	__u64 last;
+	__u32 asid;
+	__u32 padding;
+};
+
 /**
  * struct vduse_dev_request - control request
  * @type: request type
@@ -312,6 +380,8 @@ struct vduse_iova_range {
  * @vq_state: virtqueue state, only index field is available
  * @s: device status
  * @iova: IOVA range for updating
+ * @iova_v2: IOVA range for updating if API_VERSION >=3D 1
+ * @vq_group_asid: ASID of a virtqueue group
  * @padding: padding
  *
  * Structure used by read(2) on /dev/vduse/$NAME.
@@ -324,6 +394,11 @@ struct vduse_dev_request {
 		struct vduse_vq_state vq_state;
 		struct vduse_dev_status s;
 		struct vduse_iova_range iova;
+		/* Following members but padding exist only if vduse api
+		 * version >=3D 1
+		 */
+		struct vduse_iova_range_v2 iova_v2;
+		struct vduse_vq_group_asid vq_group_asid;
 		__u32 padding[32];
 	};
 };
diff --git a/linux-headers/linux/vfio.h b/linux-headers/linux/vfio.h
index 720edfee7a..f3282b8e86 100644
--- a/linux-headers/linux/vfio.h
+++ b/linux-headers/linux/vfio.h
@@ -141,7 +141,7 @@ struct vfio_info_cap_header {
  *
  * Retrieve information about the group.  Fills in provided
  * struct vfio_group_info.  Caller sets argsz.
- * Return: 0 on succes, -errno on failure.
+ * Return: 0 on success, -errno on failure.
  * Availability: Always
  */
 struct vfio_group_status {
@@ -964,6 +964,10 @@ struct vfio_device_bind_iommufd {
  * hwpt corresponding to the given pt_id.
  *
  * Return: 0 on success, -errno on failure.
+ *
+ * When a device is resetting, -EBUSY will be returned to reject any concu=
rrent
+ * attachment to the resetting device itself or any sibling device in the =
IOMMU
+ * group having the resetting device.
  */
 struct vfio_device_attach_iommufd_pt {
 	__u32	argsz;
@@ -1262,6 +1266,19 @@ enum vfio_device_mig_state {
  * The initial_bytes field indicates the amount of initial precopy
  * data available from the device. This field should have a non-zero initi=
al
  * value and decrease as migration data is read from the device.
+ * The presence of the VFIO_PRECOPY_INFO_REINIT output flag indicates
+ * that new initial data is present on the stream.
+ * The new initial data may result, for example, from device reconfigurati=
on
+ * during migration that requires additional initialization data.
+ * In that case initial_bytes may report a non-zero value irrespective of
+ * any previously reported values, which progresses towards zero as precopy
+ * data is read from the data stream. dirty_bytes is also reset
+ * to zero and represents the state change of the device relative to the n=
ew
+ * initial_bytes.
+ * VFIO_PRECOPY_INFO_REINIT can be reported only after userspace opts in to
+ * VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2. Without this opt-in, the flags =
field
+ * of struct vfio_precopy_info is reserved for bug-compatibility reasons.
+ *
  * It is recommended to leave PRE_COPY for STOP_COPY only after this field
  * reaches zero. Leaving PRE_COPY earlier might make things slower.
  *
@@ -1297,6 +1314,7 @@ enum vfio_device_mig_state {
 struct vfio_precopy_info {
 	__u32 argsz;
 	__u32 flags;
+#define VFIO_PRECOPY_INFO_REINIT (1 << 0) /* output - new initial data is =
present */
 	__aligned_u64 initial_bytes;
 	__aligned_u64 dirty_bytes;
 };
@@ -1506,6 +1524,16 @@ struct vfio_device_feature_dma_buf {
 	struct vfio_region_dma_range dma_ranges[] __counted_by(nr_ranges);
 };
=20
+/*
+ * Enables the migration precopy_info_v2 behaviour.
+ *
+ * VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2.
+ *
+ * On SET, enables the v2 pre_copy_info behaviour, where the
+ * vfio_precopy_info.flags is a valid output field.
+ */
+#define VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2  12
+
 /* -------- API for Type1 VFIO IOMMU -------- */
=20
 /**
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926940; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=Ww0V2Pv2DwXaYYTDCGPv92ALCHo7Ax6A3foQXamOBf5Z90+U+wYvpigC3CStN59UnCv/xOeiFthkM5COaD2MM0rcKEylLxk8ut2ibH7+fY3q952+qcuQ/3wsIwxmfSe7tSPEUchbLVt73cI8Ae3GTM0cwiUlXHRWojQzawkwFgE=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926940;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=Reu/+jJj557tTnSjG7I7//btsTOl3ByKHW91XuCHiAU=;
	b=e1cT7zxP1rNSAvf8UjQ4lJr85QEPCms9VAF7WFHm/v3UJzxQui0ATHs/ordzBGP9yYSOYuQMxS/bP1TnaqZ8Tv/azMjJyzqmPiNMJlAKoChVf6ZrMZAOpRGjH0IHW6RHJu+WvRLtUj16fDU44VlpS0WryMeeE3L7YoSP46FWm0I=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926940876565.4668575393054;
 Wed, 27 May 2026 17:09:00 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOIy-0006ry-8e; Wed, 27 May 2026 20:08:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOIw-0006rp-GJ
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:08:54 -0400
Received: from mail-centralusazlp170100005.outbound.protection.outlook.com
 ([2a01:111:f403:c111::5] helo=DM1PR04CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOIu-0005AS-A7
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:08:54 -0400
Received: from PH8P222CA0023.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:2d7::17)
 by SJ5PPFB332093D3.namprd12.prod.outlook.com
 (2603:10b6:a0f:fc02::99f) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.12; Thu, 28 May
 2026 00:08:45 +0000
Received: from SN1PEPF000252A1.namprd05.prod.outlook.com
 (2603:10b6:510:2d7:cafe::9a) by PH8P222CA0023.outlook.office365.com
 (2603:10b6:510:2d7::17) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:08:45 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A1.mail.protection.outlook.com (10.167.242.8) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:08:44 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:07:41 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=ECdYfZ4Rv9ms5hJRUxlX738INxCTXpLDzq2SSn1MHRd8i9yuR2s9vZA99NzMN6Xd5tVK+T5/P3U5H+skawFvzQdJEslRWYlBADT0V3sQgYw0Ctlm5DR/ELTuwulYwLGKZAsdPyq/u9XuVAStvfQ0ZujN0f9Zv4DQNIlWzp5jeJVLLEwiYLbio5fQersfwlqLXw3fjVWjg/B566HxHzWrka78CGmXbVzvKdgH9l6qxezDFNfXJt7D6KEEPsRaZWE/2wGJnFU7W/ud46IehJtFRfUPBdSUN5fbThQF5vWaC5bAEKwJxxEUuH6aYLSUv5AInIzbEjqceysypygzWRZJoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Reu/+jJj557tTnSjG7I7//btsTOl3ByKHW91XuCHiAU=;
 b=HQxnnqQy5vpDBbpq+/JSg98zlgLQD1jxObTM/qMbwHFoDFM16N4T0ZjbvmnCWzaKaCPJNqHSjO0TBiNk17Bwypi3aHIxEs4kycGwNhE5EbZ1tGR9qIa/98Doh5heQ1G62lAZ8tw5RvXgiTRT9xQXmuR91VO5J9tIpM7pTZL2nui9Kl4ua9SRYz6XY+TfgGz7IJkRTF5rWC+ueQ3T3n8dGW98/NyYyHECNRnAeDW7TZR0eYb5ex5Hbj5oL9FW0Bd23Xq2iinmExGNGZnHblZHYj1TLoqnC0TV56nkLtQpEPIjz6fAEYsjLL6O5QWdu3n7L4Y7QZ8QxkuaUU/sPpRm+Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Reu/+jJj557tTnSjG7I7//btsTOl3ByKHW91XuCHiAU=;
 b=mMirw7pzeNbvAyu24j6mmKhLbpwoxJd0uCB79x1BdeLaqcdoVeQN2yXqZ/K00tdqI8q+0xUref6yNMzWQyfm1RMb8jJvDPUtIEbg3oksZiJPabs/6o4+N5BCiPkFzk5Y99dNQ1EmPur7sL9mjgQk7eSPaMvYQvu49l2pwoegX0o=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 04/12] accel/kvm: Add CGS option to control in-place
 conversion support
Date: Wed, 27 May 2026 19:03:29 -0500
Message-ID: <20260528000416.8161-5-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A1:EE_|SJ5PPFB332093D3:EE_
X-MS-Office365-Filtering-Correlation-Id: a164b1f3-c4bf-4bf4-5068-08debc4d48a1
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|36860700016|82310400026|7416014|376014|1800799024|11063799006|6133799003|56012099006|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
 6wg1Q875UAHcGi2lWk2m6OcaDhNWiYLsKygkhnp1/IA2U/yOvxHc3Ek/sSjHbgAwMbV/pJO2BeHHUsWPednH6lsjGEn8yAWbIgB9MksDk9+qnDIs3WvrkoC0yPoEnRHr+3iJiWHrxri+OBY/8FZRLWs01QaAY+8De3FSjvMCs9RltkbJ0P3rg2JE4wsG4tfvV4gPX8BuQUOreI5yX6pXm1zo3ao4ZysRm0D6kHxC6QviPgj5dXHRmevPCLAG0HqvuHeneytr0jAvMcgARs28k56GBzs1TaU8T8S83A8rESSFAZZ2ehJtUJzV+AYi73US1ow9NDvG/ehjc8LslmdLeKncYADZ8QK3GeWr+AM/vXh77Gs/7qub4zSNNoY8Ca8bllTFXBioAHaVVGI5k78G+WWcX8RQ16mXrSMPkeL1UgmjmqMDa0uVL+L2Qw2YiutC6Q9ck6mI7m2YWCBUZAxYQ+UtqyvmavbvQdyJrBTFHX8x2MMo1jVh47m2jXESS+yqSQCJpwEjmymsdN6U1+LluORbKB0HJKyqVUOyTyhAqVyf3jvZsLqgLBIvwCG9JJHlRfKTsVcBwaH2Ntse7x0lZHPlpAcajJeS2iGx0MRCuLZyXRasx7txp71JiwldZ1mcqrNsmloke9KZvrDNbD4GCtr+Lt5JuRFh2ofqQl3VV6u5ZVBvwQRyawjID6R4O9SCI6hCafT31r1rAMhdaukP0glbt8CDzIAt0XKWpoITb/8=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(36860700016)(82310400026)(7416014)(376014)(1800799024)(11063799006)(6133799003)(56012099006)(18002099003)(22082099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 +WjIvbZ9xsUc5HJvsVgIDZn+OkCzFflzrT5w+zwhMta9jypymiPlhRQbN3Q3ft4F2ywSjSu9kBFy0jRzp8weNvPYIWvQFO1AmOfxgIgTUR+2Q8gMC+ujImWO3/hiuG59f8COArIQpY2IzldJdcJLkyATOPWD+C1wg9pVpLz9VYQ5P5kvMRzvgPzWrAgvkkh+Vbs3tbwdrJAWFOOqKKenOsjEIOfzUFyEx4aMlOi67lls0meEQMEpZ4eqObXnqTw8xqwFJ+ojk+CeMckDqL536gg0O04C/EZMnnl59vQ+h4k9jts1cF5feWGOSvvRiHkySQqZZiv9O7FFBN2HWyPXp7L+x0vRcScolvV3IofNAfWLhld7SAtzfKX4TQ4Vcq8YuSI3EMAoX9gViECvyEWLJzlLqoPiUh9IlxJvdrLp7aruop25szUfJyYbvC99EEkA
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:08:44.9568 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 a164b1f3-c4bf-4bf4-5068-08debc4d48a1
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A1.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ5PPFB332093D3
Received-SPF: permerror client-ip=2a01:111:f403:c111::5;
 envelope-from=Michael.Roth@amd.com;
 helo=DM1PR04CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926941852158500
Content-Type: text/plain; charset="utf-8"

For confidential guests, guest_memfd is currently used only for private
guest memory, and normal guest memory comes from the configured memory
backend just as it does for a non-confidential guest. It is now possible
to use the same physical memory to back a particular GPA regardless of
whether it is in a shared or private state. This avoids the need to
rely on discarding memory between shared/private conversions (to avoid
doubled memory usage), and is intended to be the primary mode of using
guest_memfd for confidential guests moving forward, and future features
like hugepage support will likely require it.

Add an option to enable this support. Since ConfidentialGuestSupport is
already used to track some guest_memfd-related functionality (e.g.
whether it is required for the configured machine), similarly introduce
this option as a property of ConfidentialGuestSupport.

Also add the KVM-specific checks to enable this support, but leave the
option disabled until other required changes are implemented for
CGS variants that intend to make use of KVM's in-place conversion
support.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c                         | 21 +++++++++++++++++
 backends/confidential-guest-support.c       | 25 +++++++++++++++++++++
 include/system/confidential-guest-support.h | 14 ++++++++++++
 qapi/qom.json                               | 16 +++++++++++++
 4 files changed, 76 insertions(+)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e6ae2e8ced..a1832712a4 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -52,6 +52,7 @@
 #include "kvm-cpus.h"
 #include "system/dirtylimit.h"
 #include "qemu/range.h"
+#include "system/confidential-guest-support.h"
=20
 #include "hw/core/boards.h"
 #include "system/stats.h"
@@ -2901,6 +2902,7 @@ static int kvm_reset_vmfd(MachineState *ms)
 static int kvm_init(AccelState *as, MachineState *ms)
 {
     MachineClass *mc =3D MACHINE_GET_CLASS(ms);
+    ConfidentialGuestSupport *cgs =3D ms->cgs;
     static const char upgrade_note[] =3D
         "Please upgrade to at least kernel 4.5.\n";
     const struct {
@@ -3076,6 +3078,25 @@ static int kvm_init(AccelState *as, MachineState *ms)
         kvm_vm_check_extension(s, KVM_CAP_USER_MEMORY2);
     kvm_pre_fault_memory_supported =3D kvm_vm_check_extension(s, KVM_CAP_P=
RE_FAULT_MEMORY);
=20
+    if (cgs && cgs->convert_in_place) {
+        uint64_t guest_memfd_supported_memory_attributes;
+
+        guest_memfd_supported_memory_attributes =3D
+            kvm_vm_check_extension(s, KVM_CAP_GUEST_MEMFD_MEMORY_ATTRIBUTE=
S);
+
+        if (!(guest_memfd_supported_memory_attributes & KVM_MEMORY_ATTRIBU=
TE_PRIVATE)) {
+            ret =3D -EINVAL;
+            error_report("In-place conversion is only supported if private=
 "
+                         "memory attributes can be set via guest_memfd. "
+                         "Please ensure the 'vm_memory_attributes' KVM mod=
ule "
+                         "parameter is set to 0.");
+            goto err;
+        }
+
+        assert(kvm_guest_memfd_supported);
+        kvm_supported_memory_attributes =3D guest_memfd_supported_memory_a=
ttributes;
+    }
+
     if (s->kernel_irqchip_split =3D=3D ON_OFF_AUTO_AUTO) {
         s->kernel_irqchip_split =3D mc->default_kernel_irqchip_split ? ON_=
OFF_AUTO_ON : ON_OFF_AUTO_OFF;
     }
diff --git a/backends/confidential-guest-support.c b/backends/confidential-=
guest-support.c
index 156dd15e66..c89bcf3cb3 100644
--- a/backends/confidential-guest-support.c
+++ b/backends/confidential-guest-support.c
@@ -21,6 +21,24 @@ OBJECT_DEFINE_ABSTRACT_TYPE(ConfidentialGuestSupport,
                             CONFIDENTIAL_GUEST_SUPPORT,
                             OBJECT)
=20
+static bool
+cgs_get_convert_in_place(Object *obj, Error **errp)
+{
+    return CONFIDENTIAL_GUEST_SUPPORT(obj)->convert_in_place;
+}
+
+static void
+cgs_set_convert_in_place(Object *obj, bool value, Error **errp)
+{
+    ConfidentialGuestSupport *cgs =3D CONFIDENTIAL_GUEST_SUPPORT(obj);
+
+    if (!cgs->allow_convert_in_place && value) {
+        error_setg(errp, "In-place conversion support is not supported for=
 this guest configuration.");
+    }
+
+    cgs->convert_in_place =3D value;
+}
+
 static bool check_support(ConfidentialGuestPlatformType platform,
                          uint16_t platform_version, uint8_t highest_vtl,
                          uint64_t shared_gpa_boundary)
@@ -70,6 +88,13 @@ static void confidential_guest_support_class_init(Object=
Class *oc,
=20
 static void confidential_guest_support_init(Object *obj)
 {
+    ConfidentialGuestSupport *cgs =3D CONFIDENTIAL_GUEST_SUPPORT(obj);
+
+    object_property_add_bool(obj, "convert-in-place", cgs_get_convert_in_p=
lace,
+                             cgs_set_convert_in_place);
+
+    cgs->convert_in_place =3D false;
+    cgs->allow_convert_in_place =3D false;
 }
=20
 static void confidential_guest_support_finalize(Object *obj)
diff --git a/include/system/confidential-guest-support.h b/include/system/c=
onfidential-guest-support.h
index 5dca717308..c1e9c41ad2 100644
--- a/include/system/confidential-guest-support.h
+++ b/include/system/confidential-guest-support.h
@@ -20,6 +20,7 @@
=20
 #include "qom/object.h"
 #include "exec/hwaddr.h"
+#include "qapi/qapi-visit-qom.h"
=20
 #define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support"
 OBJECT_DECLARE_TYPE(ConfidentialGuestSupport,
@@ -92,6 +93,19 @@ struct ConfidentialGuestSupport {
      * so 'ready' is not set, we'll abort.
      */
     bool ready;
+
+    /*
+     * True if the machine re-uses physical pages when converting
+     * between shared/private (as opposed to using different
+     * physical pages depending on the access type).
+     */
+    bool convert_in_place;
+
+    /*
+     * CGS implementations will use this to indicate whether or not
+     * in-place conversion can be enabled by users.
+     */
+    bool allow_convert_in_place;
 };
=20
 typedef struct ConfidentialGuestSupportClass {
diff --git a/qapi/qom.json b/qapi/qom.json
index 502fafeb15..037c078799 100644
--- a/qapi/qom.json
+++ b/qapi/qom.json
@@ -1014,6 +1014,21 @@
   'if': 'CONFIG_IGVM',
   'data': { 'file': 'str' } }
=20
+##
+# @ConfidentialGuestSupportProperties:
+#
+# Properties for ConfidentialGuestSupport base class.
+#
+# @convert-in-place: If true, the same physical pages are reused
+#     when memory is converted between shared and private states.
+#     If false (default), separate allocations are used depending
+#     on whether the page is private or shared.
+#
+# Since: 11.1
+##
+{ 'struct': 'ConfidentialGuestSupportProperties',
+  'data': { '*convert-in-place': 'bool' } }
+
 ##
 # @SevCommonProperties:
 #
@@ -1038,6 +1053,7 @@
 # Since: 9.1
 ##
 { 'struct': 'SevCommonProperties',
+  'base': 'ConfidentialGuestSupportProperties',
   'data': { '*sev-device': 'str',
             '*cbitpos': 'uint32',
             'reduced-phys-bits': 'uint32',
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926972; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=AT2kXwDth2/8S9ajtcVQwlF3OEWY1mEYCcM2fBEOL9KsE049LlChxRs5qUu/82mys94YtTqxbe6IFCb2D8zoSJZCx5ISlp1sulbNTN3Kcv25KG4TH8FTbBGyF4K6jPSDGhfdu+nuFZbxJDLr8qUH+zb+C+1xI7Lq5bBgoY98kPs=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926972;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=j2s1sfWoh+gRyhciK6eFmKOuTxzH3j/ciyeczMXeMrI=;
	b=m4VQF6PjAh7Qq02++LYB+OsClyOq83yAkSRgCUPCTWhfAwreZzvoruGYODY0aDk074Prq+Waeyh9Czc6P0V4uT59iPVh33OEgS4371C9DzQzBlu5tWs5ejEQgGAq68q6Yv0BDphF3ZklXwrrNmRvoKXCpAqVXiPQkA40Qw1wQVc=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177992697212239.175427302156436;
 Wed, 27 May 2026 17:09:32 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOJL-0007Da-2k; Wed, 27 May 2026 20:09:19 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJI-0007Al-UF
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:16 -0400
Received: from
 mail-northcentralusazlp170130007.outbound.protection.outlook.com
 ([2a01:111:f403:c105::7] helo=CH4PR04CU002.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJG-0005Ol-I1
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:16 -0400
Received: from SA0PR11CA0137.namprd11.prod.outlook.com (2603:10b6:806:131::22)
 by IA1PR12MB6530.namprd12.prod.outlook.com (2603:10b6:208:3a5::20)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.12; Thu, 28 May
 2026 00:09:05 +0000
Received: from SA2PEPF00003AE4.namprd02.prod.outlook.com
 (2603:10b6:806:131:cafe::a1) by SA0PR11CA0137.outlook.office365.com
 (2603:10b6:806:131::22) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:09:05 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SA2PEPF00003AE4.mail.protection.outlook.com (10.167.248.4) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:09:04 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:09:04 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=CWghb1fOVQVDIonYTPjtoRPRhThTx2Rkxa/xsc0h1ykANoiJe4ON42PfvEFClNPdt9UF0bZ28vg+VhPfjQOkp3Hu3+TFFZkltjOtX9+h0JXxFU4a89iDii1BAqQPkO6EWe64ciQbXZCJzOQzPxzTF08sDF936wYD8ht+crhNvCXUR2wif2an7MuLfnvRKLQ57PjcCXMAviFFh9An0psmQMuBSy4j6PSz5ggtZhURD2oWj1VDckw9ZxRCao2Flntaoj6C9hwEmYtnRgG1DXw8yjLiKbaFZ6tsKJEyrg0fru3npPUUQ/yfEADZbkTS+EFdowYYT5AEJ29exhRx/17Lkg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=j2s1sfWoh+gRyhciK6eFmKOuTxzH3j/ciyeczMXeMrI=;
 b=Ip23XWpqVnKfoa6QoqOzK4E47jUnYHnC41spsNrg7ee82+Vk4kKevGhOllUkjOcKmSW8iZMIU7D6dxn+GUcTea0GIL+iHoGrRDFV8+E98qpwBQcJ1ljL33oVh5+1nV0HltJonO/dJGA/1zYrewnXhEz7e4mMU93FiPaPsw8lwDEpUioPlUcoyZh82C2wHJ2V0gs2gXLFy85/10YmYvwdukTkbdBwJX42HdEW6nrGJaV0RvTea993sXPq5WdFmrF5yfnpNgMgIVNDowKjBqTTno7sV23YhEJiILJW4yihzleUoF3ib33ySbRlhY85xy+lQfUUSZ3tjNqdwQu0xynOzQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=j2s1sfWoh+gRyhciK6eFmKOuTxzH3j/ciyeczMXeMrI=;
 b=2EmPWE6nmx3MQvjHpTEnfg7lhlPsnEDEWQKCtH2fGFXVubgDxDtJIE9BazYrEDQ7eTMTI5iDJsQURVAKe1RUID6obUCIdy/wSZLpLjUciTAmgjzgg355LVi7ssljiqjnWqzqMnLqIAX820KoysQIMxVtq01uiFe7+wba5p4uNvI=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 05/12] system/memory: Re-use memory-backend-guest-memfd
 inode for private memory
Date: Wed, 27 May 2026 19:03:30 -0500
Message-ID: <20260528000416.8161-6-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE4:EE_|IA1PR12MB6530:EE_
X-MS-Office365-Filtering-Correlation-Id: 4139ca5e-ef8c-499d-dc95-08debc4d5428
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|7416014|36860700016|376014|82310400026|1800799024|11063799006|56012099006|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
 5TL8csQ2LmbTvGpJpv69Lf2NZAf8nEPMxAmdyKhCZR8gX+v93thLs/zNjh301B/5WYoBLazGsgwqpPNr//4d4bcpIHqN9gLVbWhDtGHUe0Ew+k1pzBhSBPAhpNRmBjEoYFWbzRFAqNIdLpYUD919UoHWAQtSwxHBvjalIKfcbyLwyOOze4KtpxpDjeqk5ysK9/tjByz0ktBUd47UYQTxi5G8Tz0bh2deQ6rXitDrayLiFVlIvHXAAMxQuoERtP6ZbjzHexEiYuyHCQKib9YM0W2SvL42HcrmoBbgIPp13Zo9tgYwk/vMkD3kfl+ye8z7zjUm8XOmsmiApGArVyyM+kmmkEnpFxllJgzkEVp2a7W/6VBKkxftNMtonD6gGILfV57e0PNKALC7ZWH2TV4O2VyMo/LsSsebryq4KPiC+yVh4VfbEEv8jkuui4/sqpbfhlvb02h/3fEojM7u0GBrgoIHw7Th2/FCTqbK8JOadysvUddVivw3hrAjAT1AkNR0ni+T3rX2b630MKiKv2sqKhIlf55rpVGILltMNUC4MyE9cFmQhRvfX8/Es6w2M+MGaLd/T7ifcOTV1mGS1Rar7r5JdmvAO+mfuSOvda7qolm9qTrf7seI+kzITGP5xEZSDPgoNG5MLqky1oSu4HiTWCUkUumLhJI15MpPNptLygT/ZFxrcN7rLvnOmAOp/yB/fA/xa0TshUD4cXuzRtNtOGnwuyF+c0beB1ghYKp8q9U=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(7416014)(36860700016)(376014)(82310400026)(1800799024)(11063799006)(56012099006)(18002099003)(22082099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 zw9pq8YpwNPdFcchw6EYcrmT0sDVZh8ZMAwWDY1HSBOBa1v2HMQkUZvs2pN6+kx/jyLYKcrpZRrJVkm2vAw2WKr61EeVQGTMHhNITL/WD+4GMM3fm6WJDt2aazoF0PWuga66JZJBZ+taLpCexprY/NXGb69CIFAaPGQHbHSHprRVIeYRAcD7PhA57Pg/vdlpIhRIZCmJfPsIv/718qdH8+CzwSGoEugi31+LOiVyGeydQ8Ur50t1gg+G/tc7OXCYjnKqicZ3ERIWR4mlvFO7vDKrsami1k5KpKjYAD+FSRh65aKY8P5uIjfTLBFQ5IU5Z0jtn2xV7+WWSDz706ZelNi9e1P3H4zwlHfU6y7pRYdow5MHw1jgEJo5tORq0XRonfPswbKvGN18EHx8KdNBEGccH4VAja57E5jW0e7Per/S2uIye8arw0W+nKcwaVjS
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:09:04.3043 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 4139ca5e-ef8c-499d-dc95-08debc4d5428
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SA2PEPF00003AE4.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6530
Received-SPF: permerror client-ip=2a01:111:f403:c105::7;
 envelope-from=Michael.Roth@amd.com;
 helo=CH4PR04CU002.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926973971158500
Content-Type: text/plain; charset="utf-8"

When convert-in-place=3Dtrue, the shared memory allocated/provided by the
guest-memfd memory backend should also be used internally for private
memory. Do this by dup()'ing the guest_memfd FD so separate cleanup
paths for shared vs. private FDs can be managed in the same way they are
currently for convert-in-place=3Dfalse (where shared memory comes from
some other backend like memory-backend-memfd).

Since it only currently makes sense to allow a
memory-backend-guest-memfd FD to be used for private memory, introduce a
new RAM_GUEST_MEMFD_SHARED flag that can be used to limit dup()'ing to
specific backend types like memory-backend-guest-memfd.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 backends/hostmem-guest-memfd.c |  1 +
 include/system/memory.h        |  3 +++
 system/physmem.c               | 46 +++++++++++++++++++++++++++++++---
 3 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/backends/hostmem-guest-memfd.c b/backends/hostmem-guest-memfd.c
index deb796a6bd..8ab8242892 100644
--- a/backends/hostmem-guest-memfd.c
+++ b/backends/hostmem-guest-memfd.c
@@ -56,6 +56,7 @@ have_fd:
     ram_flags =3D backend->share ? RAM_SHARED : RAM_PRIVATE;
     ram_flags |=3D backend->reserve ? 0 : RAM_NORESERVE;
     ram_flags |=3D backend->guest_memfd ? RAM_GUEST_MEMFD : 0;
+    ram_flags |=3D RAM_GUEST_MEMFD_SHARED;
     return memory_region_init_ram_from_fd(&backend->mr, OBJECT(backend), n=
ame,
                                           backend->size, ram_flags, fd, 0,=
 errp);
 }
diff --git a/include/system/memory.h b/include/system/memory.h
index 24c68720aa..0a371b686a 100644
--- a/include/system/memory.h
+++ b/include/system/memory.h
@@ -282,6 +282,9 @@ typedef struct IOMMUTLBEvent {
  */
 #define RAM_PRIVATE (1 << 13)
=20
+/* RAM can be shared that has kvm guest memfd backend */
+#define RAM_GUEST_MEMFD_SHARED   (1 << 14)
+
 static inline void iommu_notifier_init(IOMMUNotifier *n, IOMMUNotify fn,
                                        IOMMUNotifierFlag flags,
                                        hwaddr start, hwaddr end,
diff --git a/system/physmem.c b/system/physmem.c
index 04c7c38721..ebec7ae7a4 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -59,6 +59,7 @@
 #include "system/hostmem.h"
 #include "system/hw_accel.h"
 #include "system/xen-mapcache.h"
+#include "system/confidential-guest-support.h"
 #include "trace.h"
=20
 #ifdef CONFIG_FALLOCATE_PUNCH_HOLE
@@ -2187,11 +2188,14 @@ static void ram_block_add(RAMBlock *new_block, Erro=
r **errp)
     if (new_block->flags & RAM_GUEST_MEMFD) {
         int ret;
=20
+        assert(current_machine->cgs);
+
         if (!kvm_enabled()) {
             error_setg(errp, "cannot set up private guest memory for %s: K=
VM required",
                        object_get_typename(OBJECT(current_machine->cgs)));
             goto out_free;
         }
+
         assert(new_block->guest_memfd < 0);
=20
         ret =3D ram_block_coordinated_discard_require(true);
@@ -2202,8 +2206,38 @@ static void ram_block_add(RAMBlock *new_block, Error=
 **errp)
             goto out_free;
         }
=20
-        new_block->guest_memfd =3D kvm_create_guest_memfd_private(new_bloc=
k->max_length,
-                                                                errp);
+        /*
+         * If both shared/private memory are handled by guest_memfd, make =
sure to
+         * re-use the guest_memfd inode that should have already been crea=
ted for
+         * handling shared memory.
+         */
+        if (current_machine->cgs->convert_in_place) {
+            if (!(new_block->flags & RAM_GUEST_MEMFD_SHARED)) {
+                error_setg(errp, "configured memory backend is not compati=
ble with in-place conversion");
+                qemu_mutex_unlock_ramlist();
+                goto out_free;
+            }
+            assert(new_block->fd >=3D 0);
+
+            /*
+             * Current logic calculates guest_memfd_offset on the assumpti=
on that
+             * offset 0 corresponds to the first GPA that is backed by the=
 RAM
+             * block/backend. For cases where the guest_memfd is only used=
 for
+             * private memory and created internally as-needed this is alw=
ays the
+             * case, but when re-using a guest_memfd that's also usable fo=
r shared
+             * memory (e.g. via memory-backend-guest-memfd) it's possible =
that
+             * guest_memfd might be mmap()'d starting at some non-zero off=
set. For
+             * now, this isn't a reachable condition, but assert this in c=
ase this
+             * ever changes and the logic needs to be updated to account f=
or this.
+             */
+            assert(new_block->fd_offset =3D=3D 0);
+
+            new_block->guest_memfd =3D qemu_dup(new_block->fd);
+        } else {
+            new_block->guest_memfd =3D
+                kvm_create_guest_memfd_private(new_block->max_length, errp=
);
+        }
+
         if (new_block->guest_memfd < 0) {
             qemu_mutex_unlock_ramlist();
             goto out_free;
@@ -2315,7 +2349,7 @@ RAMBlock *qemu_ram_alloc_from_fd(ram_addr_t size, ram=
_addr_t max_size,
     assert((ram_flags & ~(RAM_SHARED | RAM_PMEM | RAM_NORESERVE |
                           RAM_PROTECTED | RAM_NAMED_FILE | RAM_READONLY |
                           RAM_READONLY_FD | RAM_GUEST_MEMFD |
-                          RAM_RESIZEABLE)) =3D=3D 0);
+                          RAM_RESIZEABLE | RAM_GUEST_MEMFD_SHARED)) =3D=3D=
 0);
     assert(max_size >=3D size);
=20
     if (xen_enabled()) {
@@ -2828,6 +2862,12 @@ int ram_block_rebind(Error **errp)
 {
     RAMBlock *block;
=20
+    if (current_machine->cgs && current_machine->cgs->convert_in_place) {
+        error_setg(errp,
+                   "reset support is not yet enabled for in-place conversi=
on");
+        return -1;
+    }
+
     qemu_mutex_lock_ramlist();
=20
     RAMBLOCK_FOREACH(block) {
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926986; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=PrGSQWteFHBlzRzOjyrg5oRZM258r+bGbNe+eVZ19ydsLThSHkE+pu5W0sf4TMznz6A9Z1mIB9jdSk//RTQKTrIr+eaMhfiu0OfTsRdm0M5OPrj38PEOFF5Uggr3xkKYgk/Hopz82gXFGCDMAyW+WKdq66MjoPWVjx0qzBrjAKc=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926986;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=nNkYtlCGhTViDiVbZJ2CWs/0V36hOC1BOYoMHbI6nqc=;
	b=kSII9dvIZdY4lFaFNLW9GGEMYSGQ2155a4VLAGbabhjapCLb1KVlW2m66rHOWkDpH/Nrh8cDsuasT/mGJYEfLZoRuunQEdzHRptq3T4rsRCtpKDxQZhkKP2IGY6YJW0ekkrOItyJauea2WCHpVDzoHaJdGnr/PYNX+e7BSEjS3E=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926986571107.80092279779831;
 Wed, 27 May 2026 17:09:46 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOJa-0007ZD-Mz; Wed, 27 May 2026 20:09:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJZ-0007XU-5O
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:33 -0400
Received: from mail-westus3azlp170110003.outbound.protection.outlook.com
 ([2a01:111:f403:c107::3] helo=PH0PR06CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJW-0005W0-Qz
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:32 -0400
Received: from SN6PR2101CA0006.namprd21.prod.outlook.com
 (2603:10b6:805:106::16) by IA0PR12MB8225.namprd12.prod.outlook.com
 (2603:10b6:208:408::6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.48.19; Thu, 28 May
 2026 00:09:25 +0000
Received: from SA2PEPF00003AE8.namprd02.prod.outlook.com
 (2603:10b6:805:106:cafe::a5) by SN6PR2101CA0006.outlook.office365.com
 (2603:10b6:805:106::16) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.92.5 via Frontend Transport; Thu, 28
 May 2026 00:09:24 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SA2PEPF00003AE8.mail.protection.outlook.com (10.167.248.8) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:09:24 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:09:24 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=eobWXZ0mkk5VwRn7BI0b24Q3LKCqNNPcklvwsZMos/dx6ttlLpS/TmDgpyqTMbGiuh1NdmFMMfOUgYsVLEkph4w869OGFuZFn4aGy1qpj/7E4NBKKRnQ7OaGwoSGsP/+3t72BGZ3Mt/MyHuHHWWcj4TkJxVpmTdCD1NxULsbXCR6Vj7Z6WiOJTK9f9yyP8x3N7dK/Gs4aLkGl9aMB5i9kNDqIzHll1dPFLI+Il1Y6yskYed6GOgfQExMBDx9oo2v+oqa2ujIgru1xzVx/M4IFFzl81icm/11vE7FohVY2yQ5GTizfibTA5vl4KgiYtfWM1QiQdIlCum8E0+56bUZXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=nNkYtlCGhTViDiVbZJ2CWs/0V36hOC1BOYoMHbI6nqc=;
 b=YTfqvVnju4WhS1ixT0JcGqWwBum7BFPHxceZFLtlqAHWp8dZik2DxciztdT8XB3azgVsBwetZj+jhXgAZ9O9+BN8F42hKPf4COR8tqPDnQEBiSlaH7zEafVfzZv6VRQVlJEnueJQngTzOx7J7h79XsE6SHlcp9vxbRVe1gW0lOk6dP0ryZ4qbrBYJUvlCStTGjtNKEps8maxJZWQxueVXNCTraSzIapIEsBRhkeyKepfhsSunYVGYy92T7n7aU+dxXlvnoYeDwganeu7ANMnARQk4ciam/IGqBu+FmmGBiglirsAuoY3cQqX5NHJcoluesbV3b6OLkAPO0BOWCGE/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=nNkYtlCGhTViDiVbZJ2CWs/0V36hOC1BOYoMHbI6nqc=;
 b=HR8Qt2aK+RVgR0MaZELnHObO6+ec3KL2NakLFYJMfIc2zy4pXYoIehKUgsUGjiwGN9zxEcS8AGDRW5HVlqTXPFws2kG7jnzqcG5te8VX2udQ8kMmiKJE6tDiwMFJ45t3ofWNigUG6/nflckBCv7UVkIrn9zFgQczunE1Eftkn3M=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 06/12] system/memory: Default to guest_memfd for RAM for
 in-place conversion
Date: Wed, 27 May 2026 19:03:31 -0500
Message-ID: <20260528000416.8161-7-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE8:EE_|IA0PR12MB8225:EE_
X-MS-Office365-Filtering-Correlation-Id: 8c217d39-2d9b-438e-60b1-08debc4d606d
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|82310400026|1800799024|36860700016|376014|7416014|11063799006|56012099006|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
 NJztGPN5udHna2pq6LPOL/f3be80N/KqMqfz/X/jO+swSJdp6gQr4DwKFbfIT6FRIbwWgb9qKaDASyNeHibHJpiBoFxi/ZSrHnwuMDmEetVo1mtC4quEjfNnNxOYEaRv9uEq2g1JXuOo5XOLmDClWKYLeg1AbXBpVh+mdBs6PoRL/pMyE00vVdEtI1pIOtWykvEEdHDGyiE8iLVIg8O2obqcrd7blGcIuagWggZIw7R1eRf2FrpucJvgTStQRQzO7SafZaN0GcOy9TQXBH2RAwYvdzB3RDjyolHnhJFzXal72SypQvkgbftUP80htjU8VAdHx9zH2Q4aMbkSpqG4MqiAWGW7NJdgKPeDNrMxQ2PZi+b3NN6IZ1WFfoE8XQZJT9zi8ef8/dVZyGxAGPh5NEbKCjRtnHJv2QGFug3op0wTT7PCe8r6nxBE4Mxnx51P7/u0+vMekgKdiLEHEsyHv0G0Qokv/TAk5hYo4jG9ShiyxlkyUC1qdpfBbMf4jZYGZ+6zukArvFjkeX1ResQXF5S1r80lLUWIxjqeIovHm2ot/9wnGptbgLloHAOkzNNIsaX7jCttq6VpriumtmlZPksSPAabL0tg8wH7WOX6YVX1jv4pGYEJg1LmB7FYz7iqcH3phAeUk6k4JBx8r/sRM0wfx8OlEHkjU3ACuH9YSKMv8GWdOoM2j2Tu1eJuBVHgjo+KM7SCWtlSnHMpb9eHipulCNJn8JL6zD1weOtiLpE=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(82310400026)(1800799024)(36860700016)(376014)(7416014)(11063799006)(56012099006)(18002099003)(22082099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 vlnJ002TZYHkCUT+lUY1iIKxmAML46LLUfFrOHbkV1E0c1CMHspP0/xpoDCmMj62+l61pcaQaw9oXBElpvzJ7N7ASJrAO7gNFxqxECykM9FCDkNY8VyBZN7OH5KMqAyWEMOtwVroJImXWVPzmgxzzMaXN4Kn0nL1kWoHhnLGctjsAiYLpuxtkDP1tKJjHy7P5dV/xgPDgCFOHCgpZ0M8jOHxwYKPAYa3dmfp87p7J/1c3zqoHNVyk8hNQVFbV12Dhl6YOtI3zW9pnJGn/t9AML9oE7N9GmBhWU3bY9iHC1vtq+zqoF6MQWOhL2fXnOSwom+dup0hB4/8trF830pk4Twx4J+X/O1eHD5XZziuGVGw4Rl4lnjDp/zB3xMiLqFC2dvVeEd2/uZv+uKngDfS66kXBCzumjhpl3v8euMCXWGHRLKZQVp7rR7sBoq0xHkp
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:09:24.9123 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8c217d39-2d9b-438e-60b1-08debc4d606d
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SA2PEPF00003AE8.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8225
Received-SPF: permerror client-ip=2a01:111:f403:c107::3;
 envelope-from=Michael.Roth@amd.com;
 helo=PH0PR06CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926988572154100
Content-Type: text/plain; charset="utf-8"

memory_region_init_ram_guest_memfd() is called in some cases (legacy
BIOS regions / IGVM regions) to allocate a new RAM region with a
guest_memfd FD under the covers to handle private memory since the GPA
range can be converted between shared/private guest RAM.

When in-place conversion is enabled, the conversions happen with the
guest_memfd inode itself, so the same inode must be used for both shared
and private memory. Handle this accordingly when convert-in-place=3Dtrue.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 system/memory.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/system/memory.c b/system/memory.c
index 739ba11da6..f6c695fd23 100644
--- a/system/memory.c
+++ b/system/memory.c
@@ -35,6 +35,7 @@
 #include "hw/core/boards.h"
 #include "migration/vmstate.h"
 #include "system/address-spaces.h"
+#include "system/confidential-guest-support.h"
=20
 #include "memory-internal.h"
=20
@@ -3674,10 +3675,25 @@ bool memory_region_init_ram_guest_memfd(MemoryRegio=
n *mr, Object *owner,
                                         const char *name, uint64_t size,
                                         Error **errp)
 {
-    if (!memory_region_init_ram_flags_nomigrate(mr, owner, name, size,
-                                                RAM_GUEST_MEMFD, errp)) {
-        return false;
+    if (current_machine->cgs && current_machine->cgs->convert_in_place) {
+        int fd =3D kvm_create_guest_memfd_shared(size, errp);
+        if (fd < 0) {
+            return false;
+        }
+
+        if (!memory_region_init_ram_from_fd(mr, owner, name, size,
+                                            RAM_SHARED | RAM_GUEST_MEMFD |
+                                            RAM_GUEST_MEMFD_SHARED,
+                                            fd, 0, errp)) {
+                return false;
+        }
+    } else {
+        if (!memory_region_init_ram_flags_nomigrate(mr, owner, name, size,
+                                                    RAM_GUEST_MEMFD, errp)=
) {
+            return false;
+        }
     }
+
     memory_region_register_ram(mr, owner);
     return true;
 }
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779927009; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=YtAxhMnLTqU+ANaz8IiEnuelZCF9jcYww9YXBIQ0Y5HpC3RL8TBsKqjlbn5z5Mq/gPJ4yKfI4HQnJDLnIF2iDQJpwv8kdk3teXE18ZgYPSZtjhfLx13K8uFRyoBi8tL7fAnhhyhRkD5E7dXYvSADtfN+Z8jUy2HKGPkkUeyysUo=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779927009;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=J68FecJVV8fCCDwnfwyI6YB+T5NYCyuPTmO4qh6UgAw=;
	b=DTngVUFJuPVnY6zCNepq2fv+MOaWT44QqFJWs96MIQnsMejAlPge5xnTICfxorxeWGPsFHTxxss8xPa2zyxuNLY2Gbu0W52qre07wThswliVLDf7xoMJv9cizb/Xjfev4FrLWUWDG8uNbw3S6tm8XhPOUlgTlyuPYAN6q0tcIlY=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779927009491119.10114952201798;
 Wed, 27 May 2026 17:10:09 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOJy-0007wo-5w; Wed, 27 May 2026 20:09:58 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJw-0007wD-1r
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:56 -0400
Received: from mail-westus3azlp170100009.outbound.protection.outlook.com
 ([2a01:111:f403:c107::9] helo=PH7PR06CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOJu-000607-1j
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:09:55 -0400
Received: from SA1P222CA0064.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:2c1::15)
 by MN0PR12MB6004.namprd12.prod.outlook.com (2603:10b6:208:380::17)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.12; Thu, 28 May
 2026 00:09:45 +0000
Received: from SA2PEPF00003AE9.namprd02.prod.outlook.com
 (2603:10b6:806:2c1:cafe::9b) by SA1P222CA0064.outlook.office365.com
 (2603:10b6:806:2c1::15) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.14 via Frontend Transport; Thu, 28
 May 2026 00:09:45 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SA2PEPF00003AE9.mail.protection.outlook.com (10.167.248.9) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:09:45 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:09:45 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=ivJl7HZylL+k1CGlgTQLvjsgkob9mlkPYYwIyDoBPvxQPiuQQnk8Ku2p7F+MJvBgFFjFG3AAH9AAEXu0YaVP9SMXeBlfegC1CWcpg3Xx6mwMnlNwX1yxH5/UuswlVCvowrqp0eHYTkEl5x++Pv+JOIqIKZTmyYPjPt4SO06KdKBYgzs/+VO4883/zkLhUX0DW2jkMuWad1rUOABnStm/Jx+zWoow+sBZE3xd1dLNARI5z9WC377vdebSNxDRVAljvFH4XTxnm+0c9eDLkWppfCnE04nhu6RCLIyv8gjLUYpK2fj5um1iFja3dxXtrJJSj30vlWX7SS5lmkiOStPSrQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=J68FecJVV8fCCDwnfwyI6YB+T5NYCyuPTmO4qh6UgAw=;
 b=fBYTq4sYtABEbPA6ROeDhiS246J5K5RavU0GyHlFrWfvqP1k29+CUKkVauJ3qrAEaj3PFb5zQyCgqziHFVEcewPV/+uu4PgKegjZ3jhAQHj4X+NYqonHVAnFB0JxqaNxeH5YPml4KfKTBg3LJ+zzSnxBEU25Badyc/8YbZACGeWYL4NEvnkvsEAqw+G8NUmvu/WA4APYG/VQWiuDO+C0eAFB42TS1Q2zUEFtoJ7tfuDGMVIvbm6vg27eVBFDvAalueJsjEmw0hB6eSNQAy9JfxYuGKvATGTFCUkW7/cJntsdWI5UiGY6tE9CWPeFwo5LMmTQo5lurj9o3/sgc0PA/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=J68FecJVV8fCCDwnfwyI6YB+T5NYCyuPTmO4qh6UgAw=;
 b=IWsU4HO7immpkqKmiS28GWunu8q8wmYEYmfu0Jo3D0XfrONP/GN+yFyzl01cLxPPBgQ91/BFs7uIucuxVaJlsIE3YgnDuYx8ZznKb8V/1oHWb34LLlfP28/27+T6DAEbjuE4h3jFAttQIv9cD6RqfpCI/ScSu/Fd+BDyDqBJWt4=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 07/12] accel/kvm: Move post-conversion updates to a
 separate helper
Date: Wed, 27 May 2026 19:03:32 -0500
Message-ID: <20260528000416.8161-8-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE9:EE_|MN0PR12MB6004:EE_
X-MS-Office365-Filtering-Correlation-Id: 0b509a89-3a75-4416-262f-08debc4d6cdb
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|36860700016|1800799024|376014|82310400026|7416014|22082099003|18002099003|56012099006|11063799006;
X-Microsoft-Antispam-Message-Info: 
 YspS30bY3ck8gUe8fOIr/drFcYCBbm/8KSN3M0nmyd6xQhGIf4MLOdwD9D28IgkBIfgA2FZwET9g4PUixXC11PcGZpYG0Sc+QcfnSYQqnhwSiVN5uSyKRa0BNGZqj6LfEzIYgqMkD5XN4vBoSKmboT8CFjHKKEqOwz/WgMW4vyluAe08fAZJB2BjXMSpzpXxu0MWi2MLS6G8vHV01jehlqxIQ6ia3Lv08XkrL1qb6zlSL4DprRvzVTrBgBoK7mCJsNzBjNAXrC5VsH9lapOPT6K9M/aMoyXQDjWas3PqaVZNHxom+I2Ctitdh5EieaSAgfXEEw/iTcXm02IweGsZRyUvXmzUu4GBKKUOZxhNWJGX+IfFOWxOkN9gRAz96s2OLuD+btzGUR+gtwzhcTC2lth3ud+kL9eKBlfWKkMjE11982g9DQkNVZsxUpLk0wHAaCgDKTddmGU502wPx1Aswe9298BmUip4SXhCYv8Dt5kfRm2NJ00PUj5KHfR0SdppQpSK5aVb8P8fnf3jh1sFbwEESflI4BtaWITKLe2WffP3TWlvTIbtoRa0oBdzry5ye8WkUKF1lprAnGzLn0pQQmHO0JDT2XxTbljIGtA+VGmK6DlwGa00N4w+t/o9dLvbczsjd9Ao9GznmwgB5q+Eo3xTEPXt6so0LtHD3h/EY8pAmQ4HwVyp3r366lIB9SE3F6Oqc5S9Qgk8cyS513VbdhCslGLYABXhDz2UBNJS0ZU=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(36860700016)(1800799024)(376014)(82310400026)(7416014)(22082099003)(18002099003)(56012099006)(11063799006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 5yWWTmBDbeFfA+x1+K3BEXgIeAV6gxO9hNZ/UP/gnH1IqBF0wlMRMkbjSgBDQ8F/i7bmGYUEhReDN0ktwkJb6yrrZE8/M4DoCMdTp0YrWefV+5ICsh09YAHu5JWKh5vN87POkLuJ1X/0htxD8e0RgvUI/p7oZ/Dxg6mXDUGFQRs7EkYXkVmxo9R61gxpVULowXMi3J/sw/ZQa076L13HLsAA+X8zLL6J70QvJ83ZBlm23Kp2V4Etam3AGhB/speRQLiE7fcZzm2CPQv7R7wtZjm6HdftG/44QcCYfiIohb/PCSdIiCPOcBsV+59Lv8pJGlaX7Z34VjECLTtuDuVYu5n1iINt4usRkjZ7n87ytt4FoHg6vOuWK4+OTtUUMceugFQfp5tJSd8fELO0qBuqQaFr/Lzjlypoc0qPfC9m9wLI9sLW1T8Lq3o8LnYa2Cyi
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:09:45.7390 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 0b509a89-3a75-4416-262f-08debc4d6cdb
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SA2PEPF00003AE9.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6004
Received-SPF: permerror client-ip=2a01:111:f403:c107::9;
 envelope-from=Michael.Roth@amd.com;
 helo=PH7PR06CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779927010051158500
Content-Type: text/plain; charset="utf-8"

Currently memory attribute conversions are followed up by other
bookkeeping tasks like discarding unused memory or issuing iommufd
notifications. Move these tasks to a separate post-conversions helper to
better compartmentalize and track these tasks, and in doing so lay the
groundwork for a pre-conversion helper which will be needed in the
future.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index a1832712a4..0e6ff2de4b 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3445,20 +3445,26 @@ static int kvm_convert_section(MemoryRegionSection =
*section, bool to_private)
 {
     hwaddr start =3D section->offset_within_address_space;
     hwaddr size =3D int128_get64(section->size);
-    MemoryRegion *mr =3D section->mr;
-    ram_addr_t offset;
-    RAMBlock *rb;
-    void *addr;
-    int ret =3D -EINVAL;
+    int ret;
=20
     if (to_private) {
         ret =3D kvm_set_memory_attributes_private(start, size);
     } else {
         ret =3D kvm_set_memory_attributes_shared(start, size);
     }
-    if (ret) {
-        return ret;
-    }
+
+    return ret;
+}
+
+static int kvm_post_convert_section(MemoryRegionSection *section, bool to_=
private)
+{
+    hwaddr start =3D section->offset_within_address_space;
+    hwaddr size =3D int128_get64(section->size);
+    MemoryRegion *mr =3D section->mr;
+    ram_addr_t offset;
+    RAMBlock *rb;
+    void *addr;
+    int ret;
=20
     addr =3D memory_region_get_ram_ptr(mr) + section->offset_within_region;
     rb =3D qemu_ram_block_from_host(addr, false, &offset);
@@ -3485,7 +3491,7 @@ static int kvm_convert_section(MemoryRegionSection *s=
ection, bool to_private)
         ret =3D ram_block_discard_guest_memfd_range(rb, offset, size);
     }
=20
-    return ret;
+    return 0;
 }
=20
 int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private)
@@ -3533,6 +3539,12 @@ int kvm_convert_memory(hwaddr start, hwaddr size, bo=
ol to_private)
         }
=20
         ret =3D kvm_convert_section(&section, to_private);
+        if (ret) {
+            memory_region_unref(section.mr);
+            break;
+        }
+
+        ret =3D kvm_post_convert_section(&section, to_private);
         memory_region_unref(section.mr);
=20
         if (ret) {
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779927019; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=lr+HDihWXeOcQFKmr5xyOdtOgPpZGoXq8lcHX3fycUVf+l+Fhi6e18n7yoUqs/A8Bo5E9tzAuFvjnUiHKr5MQB382vJyS9Nd8xcI8KME4AFkS/R3EaKzTO9Fc5/wbKixyOFpC/Jr39ggtxxC0IqnFcihINrgi4CZI6bt+OArXNo=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779927019;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=LceuBicuZGmcuyCPtb5jUIuhCH3B16BA1QZbo9M+MEQ=;
	b=OXmCSRQ4/7w4NtRf3/0qQqYcvTrBzZgQqZ+/79ND4MV73jsET2cIyQoy3cWsaa5L2WljuiQuUV4U2YJdt/PT010ltemdYraptaGD8ix9w77PLkTa7b0D3RvE7OUyYaOpzl0vpHFL8Omp1AiPnqDp1oDsn3ns215XGVb27ZHFPHc=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 17799270192701011.3874581492237;
 Wed, 27 May 2026 17:10:19 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOKF-00084j-JS; Wed, 27 May 2026 20:10:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOKE-00084V-Nk
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:10:14 -0400
Received: from
 mail-southcentralusazlp170130001.outbound.protection.outlook.com
 ([2a01:111:f403:c10c::1] helo=SA9PR02CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOKC-00066T-Da
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:10:14 -0400
Received: from SA1PR02CA0002.namprd02.prod.outlook.com (2603:10b6:806:2cf::6)
 by IA0PPF6483BC7EA.namprd12.prod.outlook.com
 (2603:10b6:20f:fc04::bcf) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.13; Thu, 28 May
 2026 00:10:06 +0000
Received: from SA2PEPF00003AE7.namprd02.prod.outlook.com
 (2603:10b6:806:2cf:cafe::58) by SA1PR02CA0002.outlook.office365.com
 (2603:10b6:806:2cf::6) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:10:06 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SA2PEPF00003AE7.mail.protection.outlook.com (10.167.248.7) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:10:06 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:10:05 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=CF+k6uHgww6e5U2Q8UnAChkZkBstySpwcSv0Zls8yoQ992isYfJIxMjnD4KhboJUmskJ50J1gmulrN1y7nzsVtYyHmhrXE6bQ6PXSkps22HDSAHIIDYghK3Ihbl9sMoiiWtr/aTlq8pzskyz153J/NjGkcCXdkokS8x9WY99yUvGF9hWdbjfunwgwV05c/My/ety10/bjnHq18WK4b/4R4Z+pQubuj4VED9yPDstwL8EU63/93ADmSS8OKe00So728jD7xqeKglEK/ii7Mh0z4HQIJ2YcxrcUpAIFaW9qoSyd4UBw/plfSdwQB8TTJp34+O7jaq8pkwAZU/te33w8g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=LceuBicuZGmcuyCPtb5jUIuhCH3B16BA1QZbo9M+MEQ=;
 b=nqRa1bMvu3Yh1smSkR8b5o0WMQ0cdWmmI9DV73b565OMAAOIGhT8CFcFx6zDDevwXCoxLqlKbUBYDgbwS+jVOACuZiVk6zK9YKoRnI+OqFxKLug+z7AY6Ml9OcFGqdvSwltvickIBHp4Mm777sNWp3INe+ssIj3ZSotyy69gMEK1YSFTwG2gqnHVBh4iheQbsCdrXZnVR6qO2UADOQJbTSxLfbNNdGeQ/X3bQr8CpRZGBrG7JzM858P3FcTe8rtUK9I/ucRhIzFVuEz8hdfE7zJo8jlfuI8lUjFFkurozldDpBj/UCPvGV2MWqGLbW1snfLp1Qmo9EPSPlMP4ohYqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=LceuBicuZGmcuyCPtb5jUIuhCH3B16BA1QZbo9M+MEQ=;
 b=ZiMkAAvGmDGKf2WFixX0hXWuT2EUJRPh7581CvSp7MYMSzVyq6sDoTVvMmLZqgqmEmRsYaf/fnuxrPq7nwH5t+kP3e68H0sVpB6mEjDkgBLS22aQIzkn+WeZyPh5iBAzzP7rdeDrSqq0We+oz8tthSlb/YCNZ0Tt1vEoTcswXY4=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 08/12] accel/kvm: Re-order attribute notifications for
 in-place conversion
Date: Wed, 27 May 2026 19:03:33 -0500
Message-ID: <20260528000416.8161-9-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SA2PEPF00003AE7:EE_|IA0PPF6483BC7EA:EE_
X-MS-Office365-Filtering-Correlation-Id: 8ca6247a-5b22-4f7b-e0e3-08debc4d78fa
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|36860700016|7416014|376014|82310400026|1800799024|11063799006|56012099006|6133799003|18002099003|22082099003;
X-Microsoft-Antispam-Message-Info: 
 Mi/mcoDeHKfw2jESjMO+CumVRpRmFStO/M8FOtfcGYebSmsB3u2P3qF2AhU+4/blS/pPYptvzzbRxQWEPrPm3DS9gQ555YVWnOn1uiDnq6YFzB35YIKRmiP7XAy+p91/BcNnTXPf3eCcS+jMPUjUbuvNt+Iq5UJvRDlt1foxn8sr1PR2UbjI3mLv/Pctq/R/xAgnuBkuPtWnYEdC8ASyFEbmLljwynIRk1VsMb/fyvkd7VwG8buUBdLIjwafrbOSbqtef5LHT6PGoLWHwxrpxWF+W4t/xfy04PsNYcpEf1CO/l2+z+56FxY1yjN2lCDId4l4ef7tqEbGMTS5MBaj7NeYIt1ku0bsQC5G5OTc+VR9Va9RRtsLw6t6pqnkVG4Y8be+25VL612bet0DI94expu4Eu5tonoHP+8RLGE8txthpVSXdD+F+rdIRF+GntPg7kfJ8gRLOUutQSw+WcscvJFUzgiMZegaC22CeqvKRqx9EKA370kQTyRjudDzqaiWT0sXB+ZbHqZTXbEzYtp8MbgfyEGlDhNzJvej3rH+lG0GEDeCDOGmVx/DCr7/33dJo+VAK2UBKl45Sb3Vl6fHCB8IUmAVqiT05uZoconHcXcrakjacONboPZxS2fGirft0GE0VxasyuqKDjdsLz+p4xbYfQ1+mOs/we2LVkxpxZU1q/gCs8NIs1FmceRPKNK0DYKjRt00iJM1Wq0H6Pa0VxM3RbhsbqBIpghFJIBDE+A=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(36860700016)(7416014)(376014)(82310400026)(1800799024)(11063799006)(56012099006)(6133799003)(18002099003)(22082099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 WGQmH2xLySiBEocOb5JBl0m8rDUb9mL66lLWRcHf6tuJrIq6HaEIjtA1/M98QvCdk1zLIWyU+iZvXo5bhXsaFXn6Es/UM4AaLPEteV2jvIY2LClZi92jrZFg4oEx1UJmAtSxrrB0ga2d4epdSzBh7GuH/M146MdLHHxg6bxNwX6E0ll71Y8sUlvkvicITlxPcx2WIoasmUl2tHS4NpHtCKvVCYRDSiqGXKbauhbInbyI8QcX+zbQZ3B205HcRlqhOfUXpzVFVVZi5iafmxpQL2xOEAqIkroVXhfvpmJu//F2kfr6vAa8fP9rvJ0/AIjFuxdL7EDRf2Vbv6RB45MajJ7O6Riu69DQ+iRnWl3Wwoqz3Vajn5O3+CI/WqK+aausrEP/HKU/jldyzQDxrdpMSqKSuqUdRYr+JQjcXbUOhYr9FmkMc3XHd3tFvfbr7dyZ
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:10:06.0791 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 8ca6247a-5b22-4f7b-e0e3-08debc4d78fa
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SA2PEPF00003AE7.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PPF6483BC7EA
Received-SPF: permerror client-ip=2a01:111:f403:c10c::1;
 envelope-from=Michael.Roth@amd.com;
 helo=SA9PR02CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779927020129158500
Content-Type: text/plain; charset="utf-8"

ram-block-attribute update notifications are currently sent after
conversions from/to private pages to trigger DMA maps/unmaps of shared
GPA ranges (respectively). However, with in-place conversion additional
requirements on the kernel side come into play which require this
behavior to be adjusted.

For shared->private conversions: the attributes need to be set to
private *after* the notification, since when using VFIO it may not be
possible to update the attribute while it remains pinned due to the
IOMMU mapping, so issue the notification first to ensure unmappings are
done in advance.

For private->shared conversions: the attributes need to be set to shared
*before* the notification, since it will possibly result in the page
being mapped into an IOMMU and trigger guest_memfd's fault handler,
which will expect the page to have its attributes set to shared or
otherwise SIGBUS.

Implement this to enable passthrough support for CoCo guests with
in-place conversion support enabled. For non-inplace conversion, pages
mapped into the IOMMU are not the same physical pages as the one used
for private accesses by the guest, so neither order risks DMA accesses
to private memory and that path can be consolidated to use the same
handling as well.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c | 70 ++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 63 insertions(+), 7 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 0e6ff2de4b..62f2e8aa15 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3456,6 +3456,47 @@ static int kvm_convert_section(MemoryRegionSection *=
section, bool to_private)
     return ret;
 }
=20
+static int kvm_pre_convert_section(MemoryRegionSection *section, bool to_p=
rivate)
+{
+    hwaddr start =3D section->offset_within_address_space;
+    hwaddr size =3D int128_get64(section->size);
+    MemoryRegion *mr =3D section->mr;
+    ram_addr_t offset;
+    RAMBlock *rb;
+    void *addr;
+    int ret;
+
+    addr =3D memory_region_get_ram_ptr(mr) + section->offset_within_region;
+    rb =3D qemu_ram_block_from_host(addr, false, &offset);
+
+    /*
+     * The attributes need to be set to private *after* the notification
+     * of a shared->private conversion, since when using VFIO it may not
+     * be possible to update the attribute while it remains pinned due
+     * to the IOMMU mapping, so issue the notification first to ensure
+     * unmappings are done in advance.
+     *
+     * There is an asymmetry here in that if the subsequent memory
+     * attribute update fails, this notification is out of sync with the
+     * state as tracked by guest_memfd, which isn't ideal, but memory
+     * attribute failures are not expected to be recoverable any way so
+     * there it would be a waste of time to roll back the notification and
+     * re-trigger things like mapping the page via iommufd.
+     */
+    if (to_private) {
+        ret =3D ram_block_attributes_state_change(rb->attributes,
+                                                offset, size, to_private);
+        if (ret) {
+            error_report("Failed to notify the listener the state change o=
f "
+                         "(0x%"HWADDR_PRIx" + 0x%"HWADDR_PRIx") to %s, ret=
 %d",
+                         start, size, to_private ? "private" : "shared", r=
et);
+            return ret;
+        }
+    }
+
+    return 0;
+}
+
 static int kvm_post_convert_section(MemoryRegionSection *section, bool to_=
private)
 {
     hwaddr start =3D section->offset_within_address_space;
@@ -3469,13 +3510,22 @@ static int kvm_post_convert_section(MemoryRegionSec=
tion *section, bool to_privat
     addr =3D memory_region_get_ram_ptr(mr) + section->offset_within_region;
     rb =3D qemu_ram_block_from_host(addr, false, &offset);
=20
-    ret =3D ram_block_attributes_state_change(rb->attributes,
-                                            offset, size, to_private);
-    if (ret) {
-        error_report("Failed to notify the listener the state change of "
-                     "(0x%"HWADDR_PRIx" + 0x%"HWADDR_PRIx") to %s, ret %d",
-                     start, size, to_private ? "private" : "shared", ret);
-        return ret;
+    /*
+     * The attributes need to have been set to shared *before* the notific=
ation
+     * of a private->shared conversion, since it will possibly result in t=
he
+     * page being mapped into an IOMMU when using VFIO and trigger
+     * guest_memfd's fault handler, which will expect the page to have its
+     * attributes set to shared.
+     */
+    if (!to_private) {
+        ret =3D ram_block_attributes_state_change(rb->attributes,
+                                                offset, size, to_private);
+        if (ret) {
+            error_report("Failed to notify the listener the state change o=
f "
+                         "(0x%"HWADDR_PRIx" + 0x%"HWADDR_PRIx") to %s, ret=
 %d",
+                         start, size, to_private ? "private" : "shared", r=
et);
+            return ret;
+        }
     }
=20
     if (to_private) {
@@ -3538,6 +3588,12 @@ int kvm_convert_memory(hwaddr start, hwaddr size, bo=
ol to_private)
             continue;
         }
=20
+        ret =3D kvm_pre_convert_section(&section, to_private);
+        if (ret) {
+            memory_region_unref(section.mr);
+            break;
+        }
+
         ret =3D kvm_convert_section(&section, to_private);
         if (ret) {
             memory_region_unref(section.mr);
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926755; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=anqc/e/0a6U+p1mzJjKVRL7lt7m4TkFV5jzqHhzP6kmOrhxdwLKYky/1uWhEFSOb0iwQ1YmUe2AJinIjWphIeEhLsooQjACo+/71aRkrzZAm1vCwSbrn6icvtUXvbKtWFdg3z4N3GOTjOw9Ym+iwRHifYTZWXo5T41SxH7+UpfM=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926755;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=cUghxL4UuHiU2joTwH4t2dr+EvJ6Aq3A2Gclj5UCsSI=;
	b=Owe923H1eLdkcObGPgM+lgO7cfr3PA07OS8lJrzajvUtpekcv8URu3uoK1bqP+sxWYbZBZPqCl8YtwKR3sTeFxczYqvW7l+kciI78bNKVmbWy0qnCuGPOEkzY6JNkIxUho/odbXz1EdD/PtHvtEZZQetEMmNIBu11jJGXRrd+hw=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 177992675574169.02497627706055;
 Wed, 27 May 2026 17:05:55 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOFO-0003cz-Bu; Wed, 27 May 2026 20:05:14 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOFH-0003cH-SF
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:05:08 -0400
Received: from mail-westcentralusazlp170130007.outbound.protection.outlook.com
 ([2a01:111:f403:c112::7] helo=CY3PR05CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOFF-0003OB-0r
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:05:07 -0400
Received: from SA1P222CA0123.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c5::10)
 by DM4PR12MB6592.namprd12.prod.outlook.com (2603:10b6:8:8a::9) with
 Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.12; Thu, 28 May 2026 00:04:57 +0000
Received: from SN1PEPF000252A0.namprd05.prod.outlook.com
 (2603:10b6:806:3c5:cafe::52) by SA1P222CA0123.outlook.office365.com
 (2603:10b6:806:3c5::10) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:04:57 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A0.mail.protection.outlook.com (10.167.242.7) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:04:57 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:04:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=JmIi6g1GbUvj93I4NKg1FJ81sAT00rGQlhQD6Nqd18lfyQvFTyUulnnSUcau6TjI0ZeHa6Hthez0czGVrL5TMfjaPQDqW/k00nHt8FHD/V4ap9bsxYpg2dyE+DnKPrmlxkYlwZOpZie8/PMrsQAq+1muvRXACVzi57Ebh6rNahlGwuEfUYFo+AjQNuJDPRcgq9N7iOFfSFOfcL4l+32IyG0yRac07erMJmYJ0EoALT2FU+bp9aKm0rxRaqDfx3RdQdzoA4GoYT8Jxi69eCxxZW6OYQTRyBmJAL8xZB8ymdtTAVfbntu+JCM+771XC3o7LNk1z2MxTr5i7Hfwiimx4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=cUghxL4UuHiU2joTwH4t2dr+EvJ6Aq3A2Gclj5UCsSI=;
 b=kdG7GEVkaAInrwnyQRhDfUSdN610otw1oW3SchiSOn+VXVHvVSL5ioS26RvlUc7mJ/2jr6m6piFFsOOkxJg63ru7hQ6IIt2EG6cDrOEwS5pNcQNl07i+X6/mMRbe8AUAnmXA7UZZx+IR+Z1ffh2aa0hVAUE0mVOxRTrFV0vxllNBQXhFvCWG/9tTdbtaFuGfJrGkD0VmonBl9IuVFqlA8FzNMCKf8Kun3XJM2YAmEk7gebCKOX17TVuthKtgpepGJtsQwsPOk5IFPHQ9WPP5ymi+Doe8Ae31RDih+WTasf183W+NhsoQ/IlEBblTJiI8SQzBBsrwC5KOEzDP1T9bSg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=cUghxL4UuHiU2joTwH4t2dr+EvJ6Aq3A2Gclj5UCsSI=;
 b=O6hUV5T+LIYvJKL0t17hqFTFC7xm06fqSX62r7R9jrnqQoFYgr4FCY5F6MQxNTRhvga/CGZimuKnHKGFlAddb9DTirEccMWrBpRt0ls6RPWQ6vXogGclX/5eBDAK8WboXe6pcZJ9BiOL+MrJ1SkJsRXGAa9swhMb2VrlreKysRU=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 09/12] accel/kvm: Support shared/private conversions via
 guest_memfd ioctls
Date: Wed, 27 May 2026 19:03:34 -0500
Message-ID: <20260528000416.8161-10-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A0:EE_|DM4PR12MB6592:EE_
X-MS-Office365-Filtering-Correlation-Id: 1ecd3c37-fcda-4f30-c3b4-08debc4cc0e4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|82310400026|376014|7416014|1800799024|36860700016|18002099003|22082099003|6133799003|56012099006|11063799006;
X-Microsoft-Antispam-Message-Info: 
 ru6T1Zzz/NX52sXzXAtNH2DB1GnwpZy8+i0/+u2bX5is0snizzDaMR3YifRSBYlKPSPJ9El9yFrve9pJqrrRa6brUL7zx8JxmFs16euX03Uef0NMvm3Y+5fepdLwXFBTK6O+clWKMD9E0DL1JcchCH9gU/cEB+x6cmL0eCY9xjgStjBfpYnV50hlkMdlZ94ONbjEa4nFQk0jr1ee3/XnPl95NLEDO9NoBkvfYXyeWWvOZ8prlERczFnveNwVPryXpbVm7Bz0zf1gSlKorPgXn4ncW1591IlnaCAYTTC02PGpTZmtLGhluqa53vnOIGOFwAZyT1K0G1IJuuYTOYnQkjl53radfXzXg3Q2NK3+r12049aW+R49BlNQEG0gV1ng4NnWg+JbveCbS4rJpoTyPgWU7r9hKQqY8L/ZSAEcxj4fl1KalRDGbUFl2HtqdlEgf3xg+qeKNpt+O7G1JRvfen9MXEBoBH/JFZYWKLeGMe7G94EAQgJaA2+K6ljRyfHuiKdHtBfJ09GnWqvg6LKkuEFLfAhzm8USbX6MyfESFCIvzwOPR3v5B1EuZ/v/D/sXN31FTgPGLIEGKMbUb323f/P1h7+zOm3QMaafZoiySJVKR5bsifNVvIe1uRlCYemHANBjB28dhP3+pl95XRnrptKicbG8CS59Lehjfx2b9beYWfJWQyD4dd4lUTiZjdAWTn1M6NSZCv192OyEcw3BTvwCsukoAFsiJPLcvTQMgpY=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(82310400026)(376014)(7416014)(1800799024)(36860700016)(18002099003)(22082099003)(6133799003)(56012099006)(11063799006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 z6rn3MTXvrX0kxESyPtKNylAcWERImkjsQmIUblPPGrFY3HBq/AYNdwRUT45wR6krWqCK79k56xs+hgRhYen1knkSFbWlC1Ff3X9kHM7xXVPWMa/s8/nSBk/fd19QjEWjjxTsVVMNctl1yoGn3k7IRdvjjxK2CBKoiQCbviaDYKTg/B5hjQXFmw4ebZsCvdsVgTjg1qsH5OlktH4OV4RQZM7oqjBspss/Sd2KCxMQr0HY4Hln12xgnAjIhI0RJe0txr6ihwEb7JOYMil/UHgeDb8SgB6ejNA8Og/HXgbX8GJu4BvyVwnstxRaiWG2MVDxnESlJugzjwh5klSH45rKn2rkHCDbyvVlRcK44pgpUPvbUygPHPNzHmyhZkSHpQuNNaSHgRUAuXzVV2gs8/TjTTJza+4i5UXZmDDUKIWKYv+NJ2WfXN1UdXzC6l5eJY5
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:04:57.2323 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1ecd3c37-fcda-4f30-c3b4-08debc4cc0e4
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A0.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6592
Received-SPF: permerror client-ip=2a01:111:f403:c112::7;
 envelope-from=Michael.Roth@amd.com;
 helo=CY3PR05CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926757202154100
Content-Type: text/plain; charset="utf-8"

When using guest_memfd with support for shared memory / in-place
conversion, it is necessary to use the guest_memfd ioctls to handle
conversions instead of KVM ioctls. Implement support for this by looping
through all the sections within a converison range. Implement everything
in terms of the kvm_convert_memory() loop, which already deals with some
special considerations regarding various holes / region types that might
be encountered.

Also update kvm_set_memory_attributes_*() to use the same common path
when convert-in-place=3Dfalse. This potentially results in a small change
in behavior due to the additional MMIO checks/skips now being applied in
that case (generally qemu-triggered during setup) rather than only for
kvm_convert_memory() (generally guest-triggered), but this is arguably
safer, and it provides similar behavior between convert-in-place=3Dfalse
vs. convert-in-place=3Dtrue, the latter of which *must* skip MMIO holes
because the regions (and associated guest_memfds) themselves track
shared/private state internally and passing the whole conversion range
through to KVM is not an option in that case.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c | 131 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 114 insertions(+), 17 deletions(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 62f2e8aa15..fd01435a0f 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1626,14 +1626,78 @@ static int kvm_set_memory_attributes(hwaddr start, =
uint64_t size, uint64_t attr)
     return r;
 }
=20
-int kvm_set_memory_attributes_private(hwaddr start, uint64_t size)
+static int kvm_gmem_ioctl(int guest_memfd, unsigned long type, ...)
 {
-    return kvm_set_memory_attributes(start, size, KVM_MEMORY_ATTRIBUTE_PRI=
VATE);
+    int ret;
+    void *arg;
+    va_list ap;
+
+    va_start(ap, type);
+    arg =3D va_arg(ap, void *);
+    va_end(ap);
+
+    ret =3D ioctl(guest_memfd, type, arg);
+    if (ret =3D=3D -1) {
+        ret =3D -errno;
+    }
+    return ret;
 }
=20
-int kvm_set_memory_attributes_shared(hwaddr start, uint64_t size)
+static int guest_memfd_set_memory_attributes_fd(int guest_memfd, hwaddr of=
fset,
+                                                uint64_t size, uint64_t at=
tr)
 {
-    return kvm_set_memory_attributes(start, size, 0);
+    struct kvm_memory_attributes2 attrs;
+    int r;
+
+    assert((attr & kvm_supported_memory_attributes) =3D=3D attr);
+    attrs.attributes =3D attr;
+    attrs.offset =3D offset;
+    attrs.size =3D size;
+    attrs.flags =3D 0;
+
+    /*
+     * guest_memfd may need to delay conversion requests due to
+     * the memory being in-use by the kernel. In most cases these
+     * will be transient uses. In some cases, userspace itself may
+     * be the cause of the memory being considered in-use, though
+     * QEMU currently takes steps to avoid this (e.g. via
+     * RamBlockAttributes). On that basis, this code loops
+     * indefinitely with the assumption that only transient cases
+     * will block, and that those will be for relatively short
+     * periods vs. the overall conversion path.
+     * If those assumptions at some point prove false, most likely
+     * this will manifest as guest-side lockups on their conversion
+     * path, which seems like the appropriate way to surface this
+     * situation to the guest owner rather than some hard timeout.
+     */
+    do {
+        r =3D kvm_gmem_ioctl(guest_memfd, KVM_SET_MEMORY_ATTRIBUTES2, &att=
rs);
+    } while (r =3D=3D -EAGAIN);
+
+    if (r) {
+        error_report("failed to set memory (0x%" HWADDR_PRIx "+0x%" PRIx64=
 ") "
+                     "with attr 0x%" PRIx64 " error '%s'",
+                     offset, size, attr, strerror(-r));
+    }
+    return r;
+}
+
+static int guest_memfd_set_memory_section_attributes(MemoryRegionSection *=
section, uint64_t attr)
+{
+    hwaddr convert_offset, convert_size;
+    MemoryRegion *mr =3D section->mr;
+    RAMBlock *rb;
+
+    assert(mr);
+    rb =3D mr->ram_block;
+    assert(rb->guest_memfd);
+    convert_offset =3D section->offset_within_region;
+    convert_size =3D int128_get64(section->size);
+
+    return guest_memfd_set_memory_attributes_fd(rb->guest_memfd,
+                                                convert_offset,
+                                                convert_size,
+                                                attr);
 }
=20
 /* Called with KVMMemoryListener.slots_lock held */
@@ -3447,10 +3511,18 @@ static int kvm_convert_section(MemoryRegionSection =
*section, bool to_private)
     hwaddr size =3D int128_get64(section->size);
     int ret;
=20
-    if (to_private) {
-        ret =3D kvm_set_memory_attributes_private(start, size);
+    if (current_machine->cgs && current_machine->cgs->convert_in_place) {
+        ret =3D guest_memfd_set_memory_section_attributes(section,
+                                                        to_private ? KVM_M=
EMORY_ATTRIBUTE_PRIVATE
+                                                                   : 0);
     } else {
-        ret =3D kvm_set_memory_attributes_shared(start, size);
+        /*
+         * Without in-place conversion, attribute-tracking is handled by K=
VM
+         * across all guest memory rather than on a per-section/slot basis.
+         */
+        ret =3D kvm_set_memory_attributes(start, size,
+                                        to_private ? KVM_MEMORY_ATTRIBUTE_=
PRIVATE
+                                                   : 0);
     }
=20
     return ret;
@@ -3544,7 +3616,8 @@ static int kvm_post_convert_section(MemoryRegionSecti=
on *section, bool to_privat
     return 0;
 }
=20
-int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private)
+static int kvm_convert_memory_full(hwaddr start, hwaddr size, bool to_priv=
ate,
+                                   bool pre_hooks, bool post_hooks)
 {
     int ret =3D -EINVAL;
=20
@@ -3588,10 +3661,12 @@ int kvm_convert_memory(hwaddr start, hwaddr size, b=
ool to_private)
             continue;
         }
=20
-        ret =3D kvm_pre_convert_section(&section, to_private);
-        if (ret) {
-            memory_region_unref(section.mr);
-            break;
+        if (pre_hooks) {
+            ret =3D kvm_pre_convert_section(&section, to_private);
+            if (ret) {
+                memory_region_unref(section.mr);
+                break;
+            }
         }
=20
         ret =3D kvm_convert_section(&section, to_private);
@@ -3600,13 +3675,15 @@ int kvm_convert_memory(hwaddr start, hwaddr size, b=
ool to_private)
             break;
         }
=20
-        ret =3D kvm_post_convert_section(&section, to_private);
-        memory_region_unref(section.mr);
-
-        if (ret) {
-            break;
+        if (post_hooks) {
+            ret =3D kvm_post_convert_section(&section, to_private);
+            if (ret) {
+                memory_region_unref(section.mr);
+                break;
+            }
         }
=20
+        memory_region_unref(section.mr);
         size -=3D section_end - start;
         start =3D section_end;
     }
@@ -3614,6 +3691,26 @@ int kvm_convert_memory(hwaddr start, hwaddr size, bo=
ol to_private)
     return ret;
 }
=20
+int kvm_convert_memory(hwaddr start, hwaddr size, bool to_private)
+{
+    return kvm_convert_memory_full(start, size, to_private, true, true);
+}
+
+static int kvm_convert_memory_attributes(hwaddr start, hwaddr size, bool t=
o_private)
+{
+    return kvm_convert_memory_full(start, size, to_private, false, false);
+}
+
+int kvm_set_memory_attributes_private(hwaddr start, uint64_t size)
+{
+    return kvm_convert_memory_attributes(start, size, KVM_MEMORY_ATTRIBUTE=
_PRIVATE);
+}
+
+int kvm_set_memory_attributes_shared(hwaddr start, uint64_t size)
+{
+    return kvm_convert_memory_attributes(start, size, 0);
+}
+
 int kvm_cpu_exec(CPUState *cpu)
 {
     struct kvm_run *run =3D cpu->kvm_run;
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926756; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=ciCr4A8OPmovmw6+Gn2VY9KsSlKN84fTMGu/aphFhCtBSKPFaIuDCuWibECZXEWuEEUUEFLb6bNzMgthe8kWPk9j2VMu8DqJq4TrUrtDNgE/q+YFoCHLiA/W0vu5KxQZenT02YXLNNPToklaOWnLWldcwIz0gcImNEeViGsHh0A=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926756;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=fC0p+R1CbzUzT1FhfqvAhSJCW/bI+iU8sN1ntAUpP9s=;
	b=VpVjP+OI4JnPm6YvgVIimDjyChoZmu9xA3CtODTyuBQPHy/x7H+cZEwtaub49zzlRVoz8g6hFejdPtbt5KAmC+REwPWcs/F9O4uxfV3o5SSvRSFewS14Io219CijI25thBhCZa9Qh7fSBnouV3Yv9VlnKMhuD09wGAa4ovbVig8=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926756872570.8947666943994;
 Wed, 27 May 2026 17:05:56 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOFg-0003fF-Gn; Wed, 27 May 2026 20:05:32 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOFe-0003eg-9u
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:05:30 -0400
Received: from
 mail-southcentralusazlp170120001.outbound.protection.outlook.com
 ([2a01:111:f403:c10d::1] helo=SN4PR2101CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOFb-0003eM-JR
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:05:30 -0400
Received: from SA1P222CA0124.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c5::12)
 by DM6PR12MB4186.namprd12.prod.outlook.com (2603:10b6:5:21b::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.13; Thu, 28 May
 2026 00:05:18 +0000
Received: from SN1PEPF000252A0.namprd05.prod.outlook.com
 (2603:10b6:806:3c5:cafe::9b) by SA1P222CA0124.outlook.office365.com
 (2603:10b6:806:3c5::12) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.14 via Frontend Transport; Thu, 28
 May 2026 00:05:18 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A0.mail.protection.outlook.com (10.167.242.7) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:05:17 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:05:17 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=hPf+v9MX91iwOUwMcQ3edPKuynOdkxCRLF7nPJMue3S19XSPUXNxobLPdyanDKz1+DMAeiPr00aBpeH6yIKluSX78hmAJgy2053G+bQYQHbBEcHle9KYSW7IIXzieJuFmKoQZGuT1/G6mCdI1+Yax6HnAXjW7EhTFYcm1pVqe3bMKzGI3pmqX4RFTcHPK/6/ikQdMIZvWXb3PlQ1dSitMcV6LkR+alkFhkYbhTcISfStajBXPYLfGE/UbzZ4Uh9bSwMcVQcwjf6a33aZiGoZ/4lWGZhXd7dDmBPQq3DzswAIJcZ4eFAoJial2eCBls5GyGLlOJ5Gcu+4wNAs3hcA6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=fC0p+R1CbzUzT1FhfqvAhSJCW/bI+iU8sN1ntAUpP9s=;
 b=zMFCsDj5zyuAkW23qbqc5i7+lMqpzi6TFojIPREUbwweGCfoOhSeskI4sqLAJB8Iqz6qATbAW3OHBNUv8bHsxw0K+TjmEniIPo8T5rnCHgrVCZqRwfFDFW5TmXsOIxoa+wuPp+vdzIoQpm4cB0HVKsFQJ6iFZifOXxJ7aEOdFrBWHZZRWiJx/flrA/Ine1RaxKmXEpnzg38abxjmLPI+XeCjpHT3PnijbaiopdkEqRF4xnESwE/cv+Np0UwM2T953qlHyoEK4dkfG06Xl/Ql3a2d7P14sDlSl3rZCMHIDTq7zuwcL6ZW/wtmgRHPfc/Hhg2xM73/goycm6bRgFQSQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=fC0p+R1CbzUzT1FhfqvAhSJCW/bI+iU8sN1ntAUpP9s=;
 b=GzAUeyna0b/zPyB98tB89+kvPYKONtSY2SzvZTlHE6W+Tl8e2wYDDscsMlLK9mI6SLLOlhKnD1meaOOaKdAezhJfKdKhpgmjkF/87Bw+bHnhUGJtVHMJ8A7QtUiX/y9UBAEHNfYYNidsPBkF0vDHyY8uT8zc5B1zudEyOSFxAOs=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 10/12] accel/kvm: Don't default to private attributes for
 in-place conversion
Date: Wed, 27 May 2026 19:03:35 -0500
Message-ID: <20260528000416.8161-11-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A0:EE_|DM6PR12MB4186:EE_
X-MS-Office365-Filtering-Correlation-Id: 1f7bc3ae-3596-405b-cd31-08debc4ccd1e
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|7416014|376014|82310400026|1800799024|36860700016|22082099003|18002099003|56012099006|11063799006;
X-Microsoft-Antispam-Message-Info: 
 Umcn0uxaSTCGHnOagPAfqbKRJjSlCM4PEXrzqyLOH9FD3U1ZymaD4rms2r1qp4C2ldgoFV/F4x4+sNB/lZQgv8Z7zchLZgHVioXLric5ZT+HJdLcshlGUOuRMY9iziVjoWRxM0PZIj0kOimRxupkcyBPwefAxCzd3xy1MjshU7kglqESDZYi4yTNYl7oPwJgXVpaH9CcIZpnmT4VnI245HZ5jZzGW0t3DYAIJocJYhLDEZ36ImdtR8MrqCHv4BNINV7vgHEDiAEgcALxpmVfwZWkGXXhrhjw8Vqc/CMLz4nWw2YxcDmGTok8byFH/zx/My99fPAlNWJNHVRwQOgG7GUf9iXOy/mlVsxFco+CMQI8O/VMfU6I7ayuf52jgfwidNteuuXf9/qjfGf+4sgXIwwCWvWcvirV6DVNfbJGIrAScOcVqiZzIiOzJXQy593/3PXDfWM7NOy80qIWy4KKQd1E4T+GbFVJ/mryDms9ivNYYR3MskAPDHJ4RXnPz0G/waOLwGlqbNjWzc2qax4m/oIMrcN4ZgV8Id1LMI0Ab6c7vlhhgH/+wBVqNEbOqRtrTkfznwSwZmobOgas6uWgCb4bOVl9Ej/FAyUwGpevn8UCyzGyJC1GMQJpo0993yrizfU2dNNE53cnP+OkgIunl/ZBDvn0KRqjGSdDmSqjORRbImNh36U1DvewnbNuNmjZ1Oygp7x7qiQEro9ZjPu6ZwI0FQxSPestJnXjGsZH3BI=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(7416014)(376014)(82310400026)(1800799024)(36860700016)(22082099003)(18002099003)(56012099006)(11063799006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 gNnuTQVNtM+tDM2zsHgNzVSKGybThEIP1IQV4PR6A6xXQPFbVVPl6vyGCE++fPKJ8wCseeMerTJRLqExQIvsOlxW4RpOppuj35vqkCcG/d2ZPYyUV6PDY5CgiGWzbERyGAn+55DhVFiNp5a6REB98g+jYY5fJSB1jzI4qoSRQ/u4h3MonwGIyG0wVSXmY77lDb4TMOHl8Ihm5UXa4Lv03zutPWlRMzCrpZKUaYZIqRX5VphGvBVInc5mZhl+4k3QFoDzVMw3XHXBkfQiUM0DeqqFS0eCSqAAoWGzOVY3bRLsNJKOjNAo2wWjdLrM/1S8upJzI+lTPGJSoLlEFu6AS5uF7C99Zk1/Za/cdybCG/Tdnw5ic2vxnIZ5F6bSrmglFwNI7iM6rwrABNUHFDhLK1C/mioVmlKPUpxydrEpTJZScr99AEeIemBhG2GK4cyx
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:05:17.7438 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1f7bc3ae-3596-405b-cd31-08debc4ccd1e
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A0.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4186
Received-SPF: permerror client-ip=2a01:111:f403:c10d::1;
 envelope-from=Michael.Roth@amd.com;
 helo=SN4PR2101CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926759287154100
Content-Type: text/plain; charset="utf-8"

Without in-place conversion, QEMU can still access shared memory to load
initial state into guest memory prior to launch even if the GPA's memory
attributes default to private, since userspace is accessing a completely
separate pool of memory. With in-place conversion, all these accesses
would need to first be converted to shared, then back to private, since
the memory all comes from guest_memfd and only shared memory can be
accessed by userspace.

To avoid sprinkling these differences in behavior throughout QEMU when
in-place conversion is enabled, just default to shared. This does not
compromise guest security, since Confidential VMs will necessarily
enforce this via trusted entities, and simply generate implicit page
state changes if their default expectations don't match KVM's. However,
in most cases a guest will explicitly convert memory to a particular
state before actually using it, so even these implicit conversion
requests should be rare.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 accel/kvm/kvm-all.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index fd01435a0f..c3d399517d 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -1808,7 +1808,26 @@ static void kvm_set_phys_mem(KVMMemoryListener *kml,
             abort();
         }
=20
-        if (memory_region_has_guest_memfd(mr)) {
+        /*
+         * Without in-place conversion, QEMU can still access shared memory
+         * to load initial state into guest memory prior to launch even if
+         * the GPA's memory attributes default to private, since userspace
+         * is accessing a completely separate pool of memory. With in-place
+         * conversion, all these accesses would need to first be converted
+         * to shared, then back to private, since the memory all comes from
+         * guest_memfd and only shared memory can be accessed by userspace.
+         *
+         * To avoid sprinkling these differences in behavior throughout QE=
MU
+         * when in-place conversion is enabled, just default to shared. Th=
is
+         * does not compromise guest security, since Confidential VMs will
+         * necessarily enforce this via trusted entities, and simply gener=
ate
+         * implicit page state changes if their default expectations don't
+         * match KVM's. However, in most cases a guest will explicitly
+         * convert memory to a particular state before actually using it, =
so
+         * even these implicit conversion requests should be rare.
+         */
+        if (memory_region_has_guest_memfd(mr) &&
+            !(current_machine->cgs && current_machine->cgs->convert_in_pla=
ce)) {
             err =3D kvm_set_memory_attributes_private(start_addr, slot_siz=
e);
             if (err) {
                 error_report("%s: failed to set memory attribute private: =
%s",
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926782; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=BO8enyB0Zci/hJJumssDr07w/NP5o6MAzcQrGoyAgNcLM3FFAgSOPvNQVRXdfAyM2FKlbby2PDLmP1us14ErfKW2S15LZD8hHTQia0iJ9Nx9gsa1yG2MbQMZncG4BI58S6TWpbIsFY/I2qTqhcJtNCvtZq7Ckt/LOBSCifykq14=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926782;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=iMwnal8j5WgNoN4ojSlokNd0nCMsv+Lp3ndNxBs+tM4=;
	b=aewFc5dcl7w7jNM37ok3EjR4oPkV+UHpJqmJZNMzDnnElnxo85+jw2A934yGZ0sCyaDMDhNz3ci61eO6KxoIn47RC6nDaPyuEPTVVC2YKsKIR4hb9Q9dndzz75su3SnFCVjne5jh98xwVkZmhjdZXoH/iWD5VCL4/sRqegZ75qg=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926782830454.11127987555426;
 Wed, 27 May 2026 17:06:22 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOGJ-00040A-Pu; Wed, 27 May 2026 20:06:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOGH-0003xr-7e
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:09 -0400
Received: from mail-westus3azlp170110003.outbound.protection.outlook.com
 ([2a01:111:f403:c107::3] helo=PH0PR06CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOGF-00044b-BP
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:08 -0400
Received: from SA1P222CA0116.NAMP222.PROD.OUTLOOK.COM (2603:10b6:806:3c5::20)
 by CH3PR12MB9456.namprd12.prod.outlook.com (2603:10b6:610:1c2::11)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.13; Thu, 28 May
 2026 00:05:59 +0000
Received: from SN1PEPF000252A0.namprd05.prod.outlook.com
 (2603:10b6:806:3c5:cafe::e) by SA1P222CA0116.outlook.office365.com
 (2603:10b6:806:3c5::20) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:05:59 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF000252A0.mail.protection.outlook.com (10.167.242.7) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:05:58 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:05:58 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=yFC/h5GdcwoznXBJGPvxk4MQ+L7vdVgOYYqd1zubaekusjE3nmg6sDmEGhB2OSleiJQN+6jJBPA3vAe9qfiBF2y2Rph1vHod4wcZTAsuEfKrN3s262dcLixJUAfh//jcmqwNDI/Qm/WxH9MA29CdRHAlOWC1YwTR9287sP5aVpVoblSqHiO7hNIz08n+GZye8I8QgRaMW3rTHt9xgzo4AChlmqIqGkWTL5pdhDJqRPeLwETH3+25OIPQiaVzRNoVM4foc5bw88/dIJJCNgR773wdR4YY9j4kpJoU6IKh7hiyWAwPKh5VQR1bRzNy52xvL6dA7vYcLodUnlQIoT/i9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=iMwnal8j5WgNoN4ojSlokNd0nCMsv+Lp3ndNxBs+tM4=;
 b=As5+myzM5muHC5DKLv6yMFfnyyIQO3obmEzaeBT16uQiO626Tl/FyhP023OtXfkIKTWMdaIygd7P85QB7ZaOy3QwhDBQ9E7WcocQpxAR3uTGb+sQUIGxrCirY7e4Y+fTEEmLlTZRUo7edj/ji2OSS0rfMbtYNpI6+NvzVwW/MlWPZ4KZbwNfnrAJG32HRjxBgoJo806mBDjExZcwTATGAJrOgbuiQ2kM3a7YmhIH/9Nd0jtkImDFnzFMt6t5EPUfnUv/K+ZZw/5KFXkwLFWzkC4oLIRpJJ01T19vAM9G+Js9xXlpu072h9U3h4QozBhIoT665AQL1RE3FFXHJJpBrA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=iMwnal8j5WgNoN4ojSlokNd0nCMsv+Lp3ndNxBs+tM4=;
 b=CtOnltYtRs5dLqptBGSGptCTbnQ79Vw9bxHWmf4VwEcctvhFxNaRMtl2oFPzTc5X3fXqlps82QxmZL6HBJhCCGG3O7Xvadvsfkhli0pK/8QjQ+zNuqdE/y8e41VYWpJ2UTyBrfxtus9CGiXTD7HpNb1IgvRvJ9gcJ2FKCHswhQI=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 11/12] i386/sev: Update SNP_LAUNCH_UPDATE for in-place
 conversion
Date: Wed, 27 May 2026 19:03:36 -0500
Message-ID: <20260528000416.8161-12-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF000252A0:EE_|CH3PR12MB9456:EE_
X-MS-Office365-Filtering-Correlation-Id: ce5555ba-98b9-40a7-9fa4-08debc4ce5a4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|376014|7416014|82310400026|36860700016|1800799024|22082099003|18002099003|11063799006|56012099006;
X-Microsoft-Antispam-Message-Info: 
 jutXno2WDDOSkeXC7AadzNL80MDLMausmj0/W+BEYt7byAiS4S2xWjiLR6y81pbYHTMekV1iJNfpbrgopzZUqrxz8NrxzPZ5W6Ln/MwLRRS87DKZiOiO1in6QkuqmeKB7lx14o4s39uXsDToIeiYOr/wweR8LYH+1Tt0NEN2FlgRsNxA4QGJEyo1OEC6yjqk2dAp0ouBT/DmjOo30s/LlUpfx7LqS62bpkskZOugINOuSQ/Xaw0CWFQimIADXHjuZO83v5i53cHejcTrZWxxe3nQyycN0KAkx9WUma17u1TEpoyNKOUL6VwPEPuhAueA6owCnTsl9cOpiLi5iRSwAXUqTxKFwRX6o6XEqJWUFfxjs/9WmGDyrcTdXFZrwdcaeq+7CeFPHvun7hMyUT+6HwoutHzQDqcVFyWyeWw7dul6OIWtMWzPC2rkz8GzDER6EBxxpzdlEzNC/djoY3Qij2xBS5dx/Ql1iLc7wWt1Bn3rlddaOfIyJNomSK3t5buGF6l5X7OQNn6ipVwsmkw3uJsAO1CfuD08AaNWnQF5hL/pYJACxM5ao1BS6MmCTStgnnAAA10X1riR6FMnMgdtB2tnQacmlw5LB+tXS1l7pVQTEJS/p9aMRcdhaY2nzAksEhOSiSgWaMHNWez1C2OAYb8/Z9KsuXQndhtA7lnkhB9raM+SI/27vkbiBQR+KGLsJIIF83Y/BBRxdf6CDBIsVyMoB1S6elYG51OgLpm2vlg=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(376014)(7416014)(82310400026)(36860700016)(1800799024)(22082099003)(18002099003)(11063799006)(56012099006);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 5NIHjffMl5VvP7WZzwPOGbAelRuVC8eIgn4hMrmMYaNjPnyCwfEb8QX92N62r8Ixl4CB4I03gMefffdw9bumc1ToYU3ZlipgpWacB6X2NyJKzOrNQDhf34xWhSjy5UkMpkIlRN6vTSc7ZGiCJuZgBnB7qg+thUixYKPwWYAjiH5iiY7GIam2MzezmQRtoS6GQHkrDSud6rJ00pIO3jHLCusr6VJWKAQ+cvQTArLpSjegkfX0PV2Z5DZ7ptCBC2XBEidnPOM9qSOUrk+Jj/lTzXdn54UrI/ZD4buLHjAHIpdz/HSTL4U15F2v/WLw4qD81xV1QFORAFeLHP/rad84hUqd/0GDW/t8jD0RsJK3gYv9Ok4JBBerDv1Ga9ib01yYaJd5V01NPhXtAZQMRS7/4shlEnviu4yKvSIyghT47rLBEp75vqaicmP6lq56rHCU
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:05:58.8867 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ce5555ba-98b9-40a7-9fa4-08debc4ce5a4
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF000252A0.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9456
Received-SPF: permerror client-ip=2a01:111:f403:c107::3;
 envelope-from=Michael.Roth@amd.com;
 helo=PH0PR06CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926783248158500
Content-Type: text/plain; charset="utf-8"

For in-place conversion, the source pointer is expected to be NULL since
the data has already been written directly to guest memory and doesn't
need to be copied in prior to encrypting it in-place for initial guest
memory payload.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 target/i386/sev.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index b44b5a1c2b..32a5e605bf 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -1186,6 +1186,8 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_guest,
     int ret, fw_error;
     SnpCpuidInfo snp_cpuid_info;
     struct kvm_sev_snp_launch_update update =3D {0};
+    ConfidentialGuestSupport *cgs =3D
+        CONFIDENTIAL_GUEST_SUPPORT(OBJECT(sev_snp_guest));
=20
     if (!data->hva || !data->len) {
         error_report("SNP_LAUNCH_UPDATE called with invalid address"
@@ -1199,7 +1201,14 @@ sev_snp_launch_update(SevSnpGuestState *sev_snp_gues=
t,
         memcpy(&snp_cpuid_info, data->hva, sizeof(snp_cpuid_info));
     }
=20
-    update.uaddr =3D (__u64)(unsigned long)data->hva;
+    /*
+     * For in-place conversion, the source pointer is expected to be NULL
+     * since the data has already been written directly to guest memory
+     * and only needs to be encrypted in-place for secure access.
+     */
+    if (!cgs->convert_in_place) {
+        update.uaddr =3D (__u64)(unsigned long)data->hva;
+    }
     update.gfn_start =3D data->gpa >> TARGET_PAGE_BITS;
     update.len =3D data->len;
     update.type =3D data->type;
--=20
2.43.0
From nobody Sat May 30 17:31:33 2026
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass(p=quarantine dis=none)  header.from=amd.com
ARC-Seal: i=2; a=rsa-sha256; t=1779926817; cv=pass;
	d=zohomail.com; s=zohoarc;
	b=k5dRyGua27Io8GkKOJo/fHrkJaWmNemjBDaWT9zkJAbmY/YswnoFvZkQ3PgglOitShrc6hqr7wfUSDYWfiZaBe0l65AITfff469XWuK+QE5NJAPsNpcXDKtV1/52L2anwKnq0f4Cg+7tUXNLEDh6JzeNZCtubRxpyQWMhw/ARLo=
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1779926817;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=cG3Q7+qHT52hwX2Ng4cfBIUV6VEH5tQo/77caN3Jw84=;
	b=V0MoPqXejMZfj9ik/SM02BIrdoR+3c07llUQDl+XwME7JfA81u1sdSbobQ3xEVOQs8ml2ygU17hhB4DPk6pOe6WmAQNFiUqv9F3zZgR2QhCS0ewJlAunc/xNIO6OQu0J6gSdQomTZUAyAk7gjguDEhYRfrnlIDTTz2DTZwtagSY=
ARC-Authentication-Results: i=2; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	arc=pass (i=1 dmarc=pass fromdomain=amd.com);
	dmarc=pass header.from=<michael.roth@amd.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1779926817306464.80960050979274;
 Wed, 27 May 2026 17:06:57 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists1p.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1wSOGm-0004hh-In; Wed, 27 May 2026 20:06:40 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOGb-0004WT-0G
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:30 -0400
Received: from mail-westus3azlp170120001.outbound.protection.outlook.com
 ([2a01:111:f403:c107::1] helo=PH8PR06CU001.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Michael.Roth@amd.com>)
 id 1wSOGY-0004B5-58
 for qemu-devel@nongnu.org; Wed, 27 May 2026 20:06:27 -0400
Received: from PH8P222CA0003.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:2d7::18)
 by LV3PR12MB9120.namprd12.prod.outlook.com (2603:10b6:408:1a3::5)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.11; Thu, 28 May
 2026 00:06:20 +0000
Received: from SN1PEPF0002529F.namprd05.prod.outlook.com
 (2603:10b6:510:2d7:cafe::78) by PH8P222CA0003.outlook.office365.com
 (2603:10b6:510:2d7::18) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.21.71.13 via Frontend Transport; Thu, 28
 May 2026 00:06:20 +0000
Received: from satlexmb07.amd.com (165.204.84.17) by
 SN1PEPF0002529F.mail.protection.outlook.com (10.167.242.6) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.21.71.7 via Frontend Transport; Thu, 28 May 2026 00:06:19 +0000
Received: from localhost (10.180.168.240) by satlexmb07.amd.com
 (10.181.42.216) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.41; Wed, 27 May
 2026 19:06:19 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=qubWJtcLa9WTJIVwZvUf3rkcIYx08BuMpJTcZQbFQ8hJXyiIev9FL/9h+LDOb3xvLeZlpYGeAjw9xuUX+aaEe7ENNQPE4SqLC35fTHOD5BezlTNGIsx/HwC8iuQpSx911OyVl6ID8nvg8Ym8kjW8HefdwLVIj0DEAyFK4o2DAuktQukbIYdsTIDQyVFzUI21n6FJ9qED4rSFGfX/lVnegZ9EZdRwjmLrLsRjG1Qn7yqTFgkela/4wYWjBuAGs/GCe+REyJasPWG80SByCfAWyGYrDBbeZ+5TX0lSQyLHBaw70l9PyP4oxs4c18AEb5aBITa4DVenAQSjb+h0COYCvw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=cG3Q7+qHT52hwX2Ng4cfBIUV6VEH5tQo/77caN3Jw84=;
 b=VDWuJI6e8ZTevkJ7+ABVsMqxK9b+rg6+Lx0k34ravj+g43C59J8ULffQN6X9UoMZV4syyHwMhDrZ1bOHIraRQJ209gUVVhDbf6O5drF+N3AinXpVfmuVWax32HUpQCd3sn6p5yR6FVfXdfOuHJXRXlpvw0eI1NSvED4TTIcfL7muCN395XLEXaDwR8wGJd5cQSeU5zWfOJApPhdRbyiW6ViAQTUVXVfXqqr3q5nt0VfDpN8idnmm8D026SOM4OqnMjEGEUViPelwl9+6Eqz9yIbLeOQAKaPNbS70/fcWzlx10aeQUOfw0/xIpxEkIaACDY6EspqiU8G0nfaQ8IaqRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 165.204.84.17) smtp.rcpttodomain=nongnu.org smtp.mailfrom=amd.com; dmarc=pass
 (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com;
 dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=cG3Q7+qHT52hwX2Ng4cfBIUV6VEH5tQo/77caN3Jw84=;
 b=eqQvw9IwEFZETtGwzoBxObHC8BjsKzuoQzh5m77+TZm+kGF8QW4vQABpsxEjdPTXYaCeQv01DzK3rnxk/cvpPE/bkeUEf/F98cQbEncD+ek5BAPkBIT3Ht3blgS8EsHx/png+EshHcTgAaYNP/uWGbjTz8p6wyz9xNT+pTTm8TA=
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17)
 smtp.mailfrom=amd.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=amd.com;
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists1p.gnu.org;
Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=satlexmb07.amd.com; pr=C
From: Michael Roth <michael.roth@amd.com>
To: <qemu-devel@nongnu.org>
CC: <kvm@vger.kernel.org>, <pbonzini@redhat.com>, <berrange@redhat.com>,
 <armbru@redhat.com>, <pankaj.gupta@amd.com>, <isaku.yamahata@intel.com>,
 <xiaoyao.li@intel.com>, <chao.p.peng@linux.intel.com>, <david@kernel.org>,
 <ashish.kalra@amd.com>, <ackerleytng@google.com>
Subject: [PATCH RFC 12/12] i386/sev: Allow in-place conversion for SEV-SNP
 guests
Date: Wed, 27 May 2026 19:03:37 -0500
Message-ID: <20260528000416.8161-13-michael.roth@amd.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260528000416.8161-1-michael.roth@amd.com>
References: <20260528000416.8161-1-michael.roth@amd.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.180.168.240]
X-ClientProxiedBy: satlexmb07.amd.com (10.181.42.216) To satlexmb07.amd.com
 (10.181.42.216)
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: SN1PEPF0002529F:EE_|LV3PR12MB9120:EE_
X-MS-Office365-Filtering-Correlation-Id: 5b664089-72b2-4b03-720d-08debc4cf1eb
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|36860700016|1800799024|376014|7416014|82310400026|11063799006|56012099006|22082099003|18002099003;
X-Microsoft-Antispam-Message-Info: 
 i97pEEyQRK0UrM6bHhS3Vi2wWNi55FCwFz8hQkTx49OYxOg1fh2YpeexEXZfmVIHouq26tqRQRkNaabuWZRyksLBoYjXmzBGYc304o9UD57Y7IEPxPcgbCuenYZzFD6VkhguuBkIOx9bQqSWvu5z0q9ShoGTFe8TGHWGG1u8MXvb3I/pyGWlQEYCv7lcoIQuMVhPnGs8V0PXjmiIMaANjBnmLsmo6rgRBPvbsORvP0sMDc3tXKh7AqkDL67Gg8VbFeQ8w290U1OHQv3oUT1AAvYJGbpWQB6t0hVZzumEE5mx9Eiq9wcE0OWPXRvkcIvrti7XYmqXjsAUIfczJLykNg8zceNZhIMuH3ki3EYg+SB2BaoBpTDAQnFeXMjY8d2n/2WfWzRIO2pQaP3U5LYDwT3iRXlyp9wfp9eKfnQb/DTWUPHEOrzHGqp7FwLczeaY5Q7gzh5LRwQ+jH+ywaJcdshiXoRLWosx8OLqieW5ADUy/XU87x6vQlIdx2pVGNs+J+rXSLVxsrS3bt+W+20Hisc1ZjdQDD8HORF+a05GllvbLkjegH4ZEKmNanBF9bhFaqwR6N+MuH9SknJrIIiU3nHvX4/uqLcsNYdc8LH6li26kOxF43IJIaeL3nI2RtK4e3nreEFUJI4Q4QmoUkE2jQnijgCx5qaKnFv2in2m7P7vad8ISAL9N7NOlUqYlfLET2//P/6TiQ6XcHUMOYikPVxHbE4PhJWJINbLHQZmkmk=
X-Forefront-Antispam-Report: CIP:165.204.84.17; CTRY:US; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:satlexmb07.amd.com; PTR:InfoDomainNonexistent; CAT:NONE;
 SFS:(13230040)(36860700016)(1800799024)(376014)(7416014)(82310400026)(11063799006)(56012099006)(22082099003)(18002099003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 bbdkIzd1TWXPRDIN9wxSYyT+LCXnLfbuJCuIoi8M6RGurYpUrzZdznRTppQCLZjdYMgnRK2NhrFlzr9ZxqTcUk7N0cYZqb8UIwXnwPlQj74i7kDU9uCUmQXa9jx4y9oiPa4c1VKrPS2xQcrhBAF1gLGRmteTojWwb6iZFnfAXQxtMTeSQc5JJAXHurk9fgTaAkLUhuOEm/WHrK1ROjDnfEkDxuU5+lPB2srAHpuyZe8zRGRw5d3OFmqM/oiLx83NRqzDISAaOTQnMFzplFGoLB72J7sW4jvLbkQ0Ls4hyGT6kTcgKtjvVQlpyE30CPWiE2cF/kxuPveWlIu2kK/w9PKfyKxTPxpDiDxCRF13w08BTbp6EmoOvMZnADychUrLfGsQGy0lXbMA9xvb6569D4FNjmaMJzcGXr8qpSzG05Mtu9p8dsFFcL18IP7VliH9
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 May 2026 00:06:19.4862 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 5b664089-72b2-4b03-720d-08debc4cf1eb
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d; Ip=[165.204.84.17];
 Helo=[satlexmb07.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 SN1PEPF0002529F.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9120
Received-SPF: permerror client-ip=2a01:111:f403:c107::1;
 envelope-from=Michael.Roth@amd.com;
 helo=PH8PR06CU001.outbound.protection.outlook.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: qemu development <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @amd.com)
X-ZM-MESSAGEID: 1779926819478158500
Content-Type: text/plain; charset="utf-8"

All the necessary changes are now in place for an SNP guest to be able
to leverage in-place conversion support. Allow it to be switched on by
users. KVM-specific checks will still gate whether or not the option is
ultimately allowed, this just allows the option to be set via
command-line.

Signed-off-by: Michael Roth <michael.roth@amd.com>
---
 target/i386/sev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/target/i386/sev.c b/target/i386/sev.c
index 32a5e605bf..a56367aa5e 100644
--- a/target/i386/sev.c
+++ b/target/i386/sev.c
@@ -3198,6 +3198,7 @@ sev_snp_guest_instance_init(Object *obj)
     SevSnpGuestState *sev_snp_guest =3D SEV_SNP_GUEST(obj);
=20
     cgs->require_guest_memfd =3D true;
+    cgs->allow_convert_in_place =3D true;
=20
     /* default init/start/finish params for kvm */
     sev_snp_guest->kvm_start_conf.policy =3D DEFAULT_SEV_SNP_POLICY;
--=20
2.43.0