On 6/19/2026 8:31 AM, Ackerley Tng via B4 Relay wrote:
From: Ackerley Tng <[email protected]>

Make CONFIG_KVM_VM_MEMORY_ATTRIBUTES selectable, only for (CoCo) VM types
that might use vm_memory_attributes.

Also document CONFIG_KVM_VM_MEMORY_ATTRIBUTES to specifically be about the
private/shared attribute.

I think this patch needs to be moved later after per-gmem shared/private attribute is implemented. Because so far, TDX/SEV indeed depend on CONFIG_KVM_VM_MEMORY_ATTRIBUTES.

Not to discuss if it makes sense to report TDX as supported VM TYPE when CONFIG_KVM_VM_MEMORY_ATTRIBUTES is not enabled, this patch just fails the compilation when

  CONFIG_KVM_VM_MEMORY_ATTRIBUTES = n

and KVM_INTEL_TDX/KVM_AMD_SEV is enabled:

arch/x86/kvm/../../../virt/kvm/guest_memfd.c: In function ‘__kvm_gmem_populate’: arch/x86/kvm/../../../virt/kvm/guest_memfd.c:918:14: error: implicit declaration of function ‘kvm_range_has_memory_attributes’ [-Werror=implicit-function-declaration]
  918 |         if (!kvm_range_has_memory_attributes(kvm, gfn, gfn + 1,
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Sean Christopherson <[email protected]>
---
  arch/x86/kvm/Kconfig | 9 +++++----
  1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig
index 24f96396cfa1c..c28393dc664eb 100644
--- a/arch/x86/kvm/Kconfig
+++ b/arch/x86/kvm/Kconfig
@@ -81,13 +81,16 @@ config KVM_WERROR
          If in doubt, say "N".
config KVM_VM_MEMORY_ATTRIBUTES
-       bool
+       depends on KVM_SW_PROTECTED_VM || KVM_INTEL_TDX || KVM_AMD_SEV
+       bool "Enable per-VM PRIVATE vs. SHARED attributes (for CoCo VMs)"
+       help
+         Enable support for tracking PRIVATE vs. SHARED memory using per-VM
+         memory attributes.
config KVM_SW_PROTECTED_VM
        bool "Enable support for KVM software-protected VMs"
        depends on EXPERT
        depends on KVM_X86 && X86_64
-       select KVM_VM_MEMORY_ATTRIBUTES
        help
          Enable support for KVM software-protected VMs.  Currently, software-
          protected VMs are purely a development and testing vehicle for
@@ -138,7 +141,6 @@ config KVM_INTEL_TDX
        bool "Intel Trust Domain Extensions (TDX) support"
        default y
        depends on INTEL_TDX_HOST
-       select KVM_VM_MEMORY_ATTRIBUTES
        select HAVE_KVM_ARCH_GMEM_POPULATE
        help
          Provides support for launching Intel Trust Domain Extensions (TDX)
@@ -162,7 +164,6 @@ config KVM_AMD_SEV
        depends on KVM_AMD && X86_64
        depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
        select ARCH_HAS_CC_PLATFORM
-       select KVM_VM_MEMORY_ATTRIBUTES
        select HAVE_KVM_ARCH_GMEM_PREPARE
        select HAVE_KVM_ARCH_GMEM_INVALIDATE
        select HAVE_KVM_ARCH_GMEM_POPULATE



Reply via email to