qemu: tdx: Adapt command line

This commit is a mess, but I'm not exactly sure what's the best way to
make it less messy, as we're getting QEMU TDX to work while partially
reverting 1e34220c41.

With that said, let me cover the content of this commit.

Firstly, we're reverting all the changes related to
"memory-backend-memfd-private", as that's what was used with the
previous host stack, but it seems it
didn't fly upstream.

Secondly, in order to get QEMU to properly work with TDX, we need to
enforce the 'private=on' knob and use the "memory-backend-ram", and
we're doing so, and also making sure to test the `private=on` newly
added knob.

I'm sorry for the confusion, I understand this is not optimal, I just
don't see an easy path to do changes without leaving the code broken
during those changes.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>

src/runtime/pkg/govmm/qemu/qemu.go

@@ -141,16 +141,9 @@ const (
 func isDimmSupported(config *Config) bool {
 	switch runtime.GOARCH {
 	case "amd64", "386", "ppc64le", "arm64":
-		if config != nil {
+		if config != nil && config.Machine.Type == MachineTypeMicrovm {
-			if config.Machine.Type == MachineTypeMicrovm {
+			// microvm does not support NUMA
-				// microvm does not support NUMA
+			return false
-				return false
-			}
-			if config.Knobs.MemFDPrivate {
-				// TDX guests rely on MemFD Private, which
-				// does not have NUMA support yet
-				return false
-			}
 		}
 		return true
 	default:
@@ -2649,9 +2642,6 @@ type Knobs struct {
 	// MemPrealloc will allocate all the RAM upfront
 	MemPrealloc bool
 
-	// Private Memory FD meant for private memory map/unmap.
-	MemFDPrivate bool
-
 	// FileBackedMem requires Memory.Size and Memory.Path of the VM to
 	// be set.
 	FileBackedMem bool
@@ -3021,13 +3011,10 @@ func (config *Config) appendMemoryKnobs() {
 		return
 	}
 	var objMemParam, numaMemParam string
-
 	dimmName := "dimm1"
 	if config.Knobs.HugePages {
 		objMemParam = "memory-backend-file,id=" + dimmName + ",size=" + config.Memory.Size + ",mem-path=/dev/hugepages"
 		numaMemParam = "node,memdev=" + dimmName
-	} else if config.Knobs.MemFDPrivate {
-		objMemParam = "memory-backend-memfd-private,id=" + dimmName + ",size=" + config.Memory.Size
 	} else if config.Knobs.FileBackedMem && config.Memory.Path != "" {
 		objMemParam = "memory-backend-file,id=" + dimmName + ",size=" + config.Memory.Size + ",mem-path=" + config.Memory.Path
 		numaMemParam = "node,memdev=" + dimmName
@@ -3036,6 +3023,9 @@ func (config *Config) appendMemoryKnobs() {
 		numaMemParam = "node,memdev=" + dimmName
 	}
 
+	if config.Knobs.Private {
+		objMemParam += ",private=on"
+	}
 	if config.Knobs.MemShared {
 		objMemParam += ",share=on"
 	}

src/runtime/pkg/govmm/qemu/qemu_test.go

@@ -586,6 +586,7 @@ func TestAppendMemoryFileBackedMem(t *testing.T) {
 	knobs := Knobs{
 		FileBackedMem: true,
 		MemShared:     false,
+		Private:       false,
 	}
 	objMemString := "-object memory-backend-file,id=dimm1,size=1G,mem-path=foobar"
 	numaMemString := "-numa node,memdev=dimm1"
@@ -599,6 +600,36 @@ func TestAppendMemoryFileBackedMem(t *testing.T) {
 	}
 
 	testConfigAppend(conf, knobs, memString+" "+knobsString, t)
+
+	// Reset the conf and memString values
+	conf = &Config{
+		Memory: Memory{
+			Size:   "1G",
+			Slots:  8,
+			MaxMem: "3G",
+			Path:   "foobar",
+		},
+	}
+	memString = "-m 1G,slots=8,maxmem=3G"
+	testConfigAppend(conf, conf.Memory, memString, t)
+
+	knobs = Knobs{
+		FileBackedMem: true,
+		MemShared:     false,
+		Private:       true,
+	}
+	objMemString = "-object memory-backend-file,id=dimm1,size=1G,mem-path=foobar,private=on"
+	numaMemString = "-numa node,memdev=dimm1"
+	memBackendString = "-machine memory-backend=dimm1"
+
+	knobsString = objMemString + " "
+	if isDimmSupported(nil) {
+		knobsString += numaMemString
+	} else {
+		knobsString += memBackendString
+	}
+
+	testConfigAppend(conf, knobs, memString+" "+knobsString, t)
 }
 
 func TestAppendMemoryFileBackedMemPrealloc(t *testing.T) {
@@ -632,29 +663,6 @@ func TestAppendMemoryFileBackedMemPrealloc(t *testing.T) {
 	testConfigAppend(conf, knobs, memString+" "+knobsString, t)
 }
 
-func TestAppendMemoryBackedMemFdPrivate(t *testing.T) {
-	conf := &Config{
-		Memory: Memory{
-			Size:  "1G",
-			Slots: 8,
-		},
-	}
-	memString := "-m 1G,slots=8"
-	testConfigAppend(conf, conf.Memory, memString, t)
-
-	knobs := Knobs{
-		MemFDPrivate: true,
-		MemShared:    false,
-	}
-	objMemString := "-object memory-backend-memfd-private,id=dimm1,size=1G"
-	memBackendString := "-machine memory-backend=dimm1"
-
-	knobsString := objMemString + " "
-	knobsString += memBackendString
-
-	testConfigAppend(conf, knobs, memString+" "+knobsString, t)
-}
-
 func TestNoRebootKnob(t *testing.T) {
 	conf := &Config{}
 

src/runtime/virtcontainers/qemu.go

@@ -620,15 +620,9 @@ func (q *qemu) CreateVM(ctx context.Context, id string, network Network, hypervi
 		// on the hypervisor specific code, as availableGuestProtection()
 		// has been called earlier and we know we have the value stored.
 		if q.arch.getProtection() == tdxProtection {
-			knobs.MemFDPrivate = true
 
-			// In case Nydus or VirtioFS is used, which may become a reality
+			// TDX relies on ",private=on" passed to the memory object.
-			// in the future, whenever we get those hardened for TDX, those
+			knobs.Private = true
-			// knobs below would be automatically set.  Let's make sure we
-			// pre-emptively disable them, and with that we can avoid some
-			// headaches in the future.
-			knobs.FileBackedMem = false
-			knobs.MemShared = false
 		}
 	}