guest memfd fails on aarch64 / experimental private memory is used..

[valpackett]

Since commit 32e200bd6 ("KVM: arm64: Enable support for guest_memfd backed memory"), guest memfd is enabled on aarch64.. and muvm explodes with an EINVAL, because that commit introduces a check to enforce that guest_memfd is only used for mappable memory:

	/*
	 * Only support guest_memfd backed memslots with mappable memory, since
	 * there aren't any CoCo VMs that support only private memory on arm64.
	 */
	if (kvm_slot_has_gmem(new) && !kvm_memslot_is_gmem_only(new))
		return -EINVAL;

Even if I remove that check from the kernel, then setting KVM_MEMORY_ATTRIBUTE_PRIVATE fails as well.. because that's only allowed with KVM_GENERIC_MEMORY_ATTRIBUTES in the kernel config, which is only selected when some kind of protected VM system is available.. or KVM_SW_PROTECTED_VM (currently x86_64 only) is enabled, which says

Currently, software-protected VMs are purely a development and testing vehicle for KVM_CREATE_GUEST_MEMFD. Attempting to run a "real" VM workload as a software-protected VM will fail miserably.

But libkrun currently only cfg's this away for riscv64 and otherwise wants to set the private attribute — which I guess would be correct for the SEV case, but for a normal non-SEV build it seems to imply the aforementioned "software protection" which "will fail miserably". (Or, even kvm_create_guest_memfd without the mappable flag implies that I guess?)

(and on aarch64 if I remove the check and ignore the attribute, I get a 100% cpu busy loop.. welp 0.o UPD happens with QEMU -object memory-backend-memfd,id=mem,size=8G as well, firmware can be interacted with but kernel doesn't boot.. so at least let's disable guest_memfd on aarch64)

Rather than cfg'ing by arch, private memory should only be used with actual confidential computing platforms, from what I understand.