machine: allow early use of machine_require_guest_memfd

Ask the ConfidentialGuestSupport object whether to use guest_memfd
for KVM-backend private memory.  This bool can be set in instance_init
(or user_complete) so that it is available when the machine is created.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/hw/core/machine.c b/hw/core/machine.c
index 17292b13e627bb4e3a8337e0f6e83dd3e28e3026..77a356f232f52f977d573d60a9799df201546033 100644 (file)
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -1216,7 +1216,7 @@ bool machine_mem_merge(MachineState *machine)
 
 bool machine_require_guest_memfd(MachineState *machine)
 {
-    return machine->require_guest_memfd;
+    return machine->cgs && machine->cgs->require_guest_memfd;
 }
 
 static char *cpu_slot_to_string(const CPUArchId *cpu)

diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h
index e5b188cffbfd52028a6d2d8bc6dabccb0b509c81..02dc4e518f06c450036344629efaa6684d9dedc8 100644 (file)
--- a/include/exec/confidential-guest-support.h
+++ b/include/exec/confidential-guest-support.h
@@ -31,6 +31,11 @@ OBJECT_DECLARE_TYPE(ConfidentialGuestSupport,
 struct ConfidentialGuestSupport {
     Object parent;
 
+    /*
+     * True if the machine should use guest_memfd for RAM.
+     */
+    bool require_guest_memfd;
+
     /*
      * ready: flag set by CGS initialization code once it's ready to
      *        start executing instructions in a potentially-secure

diff --git a/include/hw/boards.h b/include/hw/boards.h
index 2fa800f11ae4afc769312afd3edb717e64864f52..73ad319d7daa57c9e8a3d42367192d21b060e112 100644 (file)
--- a/include/hw/boards.h
+++ b/include/hw/boards.h
@@ -375,7 +375,6 @@ struct MachineState {
     char *dt_compatible;
     bool dump_guest_core;
     bool mem_merge;
-    bool require_guest_memfd;
     bool usb;
     bool usb_disabled;
     char *firmware;