On Tuesday, January 3, 2023 9:40 AM, Chao Peng wrote:

quoted

Because guest memory defaults to private, and now this patch stores
the attributes with KVM_MEMORY_ATTRIBUTE_PRIVATE instead of

_SHARED,

quoted

it would bring more KVM_EXIT_MEMORY_FAULT exits at the beginning of
boot time. Maybe it can be optimized somehow in other places? e.g. set
mem attr in advance.

KVM defaults to 'shared' because this ioctl can also be potentially used by
normal VMs and 'shared' sounds a value meaningful for both normal VMs and
confidential VMs. 

Do you mean a normal VM could have pages marked private? What's the usage?
(If all the pages are just marked shared for normal VMs, then why do we need it)

As for more KVM_EXIT_MEMORY_FAULT exits during the
booting time, yes, setting all memory to 'private' for confidential VMs through
this ioctl in userspace before guest launch is an approach for KVM userspace to
'override' the KVM default and reduce the number of implicit conversions.

Most pages of a confidential VM are likely to be private pages. It seems more efficient
(and not difficult to check vm_type) to have KVM defaults to "private" for confidential VMs
and defaults to "shared" for normal VMs.