vmm: memory_manager: Disable dirty page logging when running on TDX

It is not permitted to have this enabled in memory that is part of a TD.

Signed-off-by: Rob Bradford <robert.bradford@intel.com>

vmm/src/memory_manager.rs

@@ -137,6 +137,7 @@ pub struct MemoryManager {
     user_provided_zones: bool,
     snapshot_memory_regions: Vec<MemoryRegion>,
     memory_zones: MemoryZones,
+    log_dirty: bool, // Enable dirty logging for created RAM regions
 
     // Keep track of calls to create_userspace_mapping() for guest RAM.
     // This is useful for getting the dirty pages as we need to know the
@@ -503,6 +504,7 @@ impl MemoryManager {
         config: &MemoryConfig,
         prefault: bool,
         phys_bits: u8,
+        #[cfg(feature = "tdx")] tdx_enabled: bool,
     ) -> Result<Arc<Mutex<MemoryManager>>, Error> {
         let user_provided_zones = config.size == 0;
         let mut allow_mem_hotplug: bool = false;
@@ -741,6 +743,11 @@ impl MemoryManager {
             .allocate_mmio_addresses(None, MEMORY_MANAGER_ACPI_SIZE as u64, None)
             .ok_or(Error::AllocateMMIOAddress)?;
 
+        #[cfg(not(feature = "tdx"))]
+        let log_dirty = true;
+        #[cfg(feature = "tdx")]
+        let log_dirty = !tdx_enabled; // Cannot log dirty pages on a TD
+
         let memory_manager = Arc::new(Mutex::new(MemoryManager {
             boot_guest_memory,
             guest_memory: guest_memory.clone(),
@@ -768,6 +775,7 @@ impl MemoryManager {
             guest_ram_mappings: Vec::new(),
             #[cfg(feature = "acpi")]
             acpi_address,
+            log_dirty,
         }));
 
         guest_memory.memory().with_regions(|_, region| {
@@ -778,7 +786,7 @@ impl MemoryManager {
                 region.as_ptr() as u64,
                 config.mergeable,
                 false,
-                true,
+                log_dirty,
             )?;
             mm.guest_ram_mappings.push(GuestRamMapping {
                 gpa: region.start_addr().raw_value(),
@@ -797,7 +805,7 @@ impl MemoryManager {
                 region.as_ptr() as u64,
                 config.mergeable,
                 false,
-                true,
+                log_dirty,
             )?;
 
             mm.guest_ram_mappings.push(GuestRamMapping {
@@ -833,7 +841,14 @@ impl MemoryManager {
         prefault: bool,
         phys_bits: u8,
     ) -> Result<Arc<Mutex<MemoryManager>>, Error> {
-        let mm = MemoryManager::new(vm, config, prefault, phys_bits)?;
+        let mm = MemoryManager::new(
+            vm,
+            config,
+            prefault,
+            phys_bits,
+            #[cfg(feature = "tdx")]
+            false,
+        )?;
 
         if let Some(source_url) = source_url {
             let url = Url::parse(source_url).unwrap();
@@ -1118,7 +1133,7 @@ impl MemoryManager {
             region.as_ptr() as u64,
             self.mergeable,
             false,
-            true,
+            self.log_dirty,
         )?;
         self.guest_ram_mappings.push(GuestRamMapping {
             gpa: region.start_addr().raw_value(),

vmm/src/vm.rs

@@ -675,11 +675,15 @@ impl Vm {
         #[cfg(target_arch = "x86_64")]
         vm.enable_split_irq().unwrap();
         let phys_bits = physical_bits(config.lock().unwrap().cpus.max_phys_bits);
+        #[cfg(feature = "tdx")]
+        let tdx_enabled = config.lock().unwrap().tdx.is_some();
         let memory_manager = MemoryManager::new(
             vm.clone(),
             &config.lock().unwrap().memory.clone(),
             false,
             phys_bits,
+            #[cfg(feature = "tdx")]
+            tdx_enabled,
         )
         .map_err(Error::MemoryManager)?;
 
@@ -794,6 +798,8 @@ impl Vm {
             &config.lock().unwrap().memory.clone(),
             false,
             phys_bits,
+            #[cfg(feature = "tdx")]
+            false,
         )
         .map_err(Error::MemoryManager)?;