* Tue Nov 25 2025 Jon Maloy <jmaloy@redhat.com> - 10.1.0-5

- kvm-ram-block-attributes-fix-interaction-with-hugetlb-me.patch [RHEL-126693]
- kvm-ram-block-attributes-Unify-the-retrieval-of-the-bloc.patch [RHEL-126693]
- Resolves: RHEL-126693
  ([RHEL 9]snp guest fail to boot with hugepage)

kvm-ram-block-attributes-Unify-the-retrieval-of-the-bloc.patch

@@ -0,0 +1,47 @@
+From 5ce2d7f8e90911ae6d7a9be295881c74f64706f2 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 19 Nov 2025 12:51:32 +0100
+Subject: [PATCH 2/2] ram-block-attributes: Unify the retrieval of the block
+ size
+
+RH-Author: Paolo Bonzini <pbonzini@redhat.com>
+RH-MergeRequest: 425: SNP fixes for RHEL 9.8
+RH-Jira: RHEL-126693
+RH-Acked-by: Bandan Das <bdas@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Commit: [2/2] 56381c838d3f1269f7129140f0fa19c40f9f09f0 (bonzini/qemu-kvm-centos)
+
+JIRA: https://issues.redhat.com/browse/RHEL-126693
+
+There's an existing helper function designed to obtain the block size.
+Modify ram_block_attribute_create() to use this function for
+consistency.
+
+Tested-by: Farrah Chen <farrah.chen@intel.com>
+Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
+Link: https://lore.kernel.org/r/20251023095526.48365-3-chenyi.qiang@intel.com
+[peterx: fix double spaces, per david]
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit b2ceb87b1a210d91a29d525590eb164d1121b8a1)
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ system/ram-block-attributes.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/system/ram-block-attributes.c b/system/ram-block-attributes.c
+index a7579de5b4..fb7c5c2746 100644
+--- a/system/ram-block-attributes.c
++++ b/system/ram-block-attributes.c
+@@ -390,7 +390,7 @@ int ram_block_attributes_state_change(RamBlockAttributes *attr,
+ 
+ RamBlockAttributes *ram_block_attributes_create(RAMBlock *ram_block)
+ {
+-    const int block_size  = qemu_real_host_page_size();
++    const int block_size = ram_block_attributes_get_block_size();
+     RamBlockAttributes *attr;
+     MemoryRegion *mr = ram_block->mr;
+ 
+-- 
+2.51.1
+

kvm-ram-block-attributes-fix-interaction-with-hugetlb-me.patch

@@ -0,0 +1,125 @@
+From 3a4219fadaaeeb64be2803d390fdf5f4d16bcd04 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Wed, 19 Nov 2025 12:51:32 +0100
+Subject: [PATCH 1/2] ram-block-attributes: fix interaction with hugetlb memory
+ backends
+
+RH-Author: Paolo Bonzini <pbonzini@redhat.com>
+RH-MergeRequest: 425: SNP fixes for RHEL 9.8
+RH-Jira: RHEL-126693
+RH-Acked-by: Bandan Das <bdas@redhat.com>
+RH-Acked-by: Eric Blake <eblake@redhat.com>
+RH-Acked-by: Peter Xu <peterx@redhat.com>
+RH-Commit: [1/2] 690e7c2e120145725d5e4485cfc7c8a7e7a053cf (bonzini/qemu-kvm-centos)
+
+JIRA: https://issues.redhat.com/browse/RHEL-126693
+
+Currently, CoCo VMs can perform conversion at the base page granularity,
+which is the granularity that has to be tracked. In relevant setups, the
+target page size is assumed to be equal to the host page size, thus
+fixing the block size to the host page size.
+
+However, since private memory and shared memory have different backend
+at present, users can specify shared memory with a hugetlbfs backend
+while private memory with guest_memfd backend only supports 4K page
+size. In this scenario, ram_block->page_size is different from the host
+page size which will trigger an assertion when retrieving the block
+size.
+
+To address this, return the host page size directly to relax the
+restriction. This changes fixes a regression of using hugetlbfs backend
+for shared memory within CoCo VMs, with or without VFIO devices' presence.
+
+Acked-by: David Hildenbrand <david@redhat.com>
+Tested-by: Farrah Chen <farrah.chen@intel.com>
+Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
+Link: https://lore.kernel.org/r/20251023095526.48365-2-chenyi.qiang@intel.com
+[peterx: fix subject, per david]
+Cc: qemu-stable <qemu-stable@nongnu.org>
+Signed-off-by: Peter Xu <peterx@redhat.com>
+(cherry picked from commit 8922a758b29251d9009ec509e7f580b76509ab3d)
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ system/ram-block-attributes.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/system/ram-block-attributes.c b/system/ram-block-attributes.c
+index 68e8a02703..a7579de5b4 100644
+--- a/system/ram-block-attributes.c
++++ b/system/ram-block-attributes.c
+@@ -22,16 +22,14 @@ OBJECT_DEFINE_SIMPLE_TYPE_WITH_INTERFACES(RamBlockAttributes,
+                                           { })
+ 
+ static size_t
+-ram_block_attributes_get_block_size(const RamBlockAttributes *attr)
++ram_block_attributes_get_block_size(void)
+ {
+     /*
+      * Because page conversion could be manipulated in the size of at least 4K
+      * or 4K aligned, Use the host page size as the granularity to track the
+      * memory attribute.
+      */
+-    g_assert(attr && attr->ram_block);
+-    g_assert(attr->ram_block->page_size == qemu_real_host_page_size());
+-    return attr->ram_block->page_size;
++    return qemu_real_host_page_size();
+ }
+ 
+ 
+@@ -40,7 +38,7 @@ ram_block_attributes_rdm_is_populated(const RamDiscardManager *rdm,
+                                       const MemoryRegionSection *section)
+ {
+     const RamBlockAttributes *attr = RAM_BLOCK_ATTRIBUTES(rdm);
+-    const size_t block_size = ram_block_attributes_get_block_size(attr);
++    const size_t block_size = ram_block_attributes_get_block_size();
+     const uint64_t first_bit = section->offset_within_region / block_size;
+     const uint64_t last_bit =
+         first_bit + int128_get64(section->size) / block_size - 1;
+@@ -81,7 +79,7 @@ ram_block_attributes_for_each_populated_section(const RamBlockAttributes *attr,
+ {
+     unsigned long first_bit, last_bit;
+     uint64_t offset, size;
+-    const size_t block_size = ram_block_attributes_get_block_size(attr);
++    const size_t block_size = ram_block_attributes_get_block_size();
+     int ret = 0;
+ 
+     first_bit = section->offset_within_region / block_size;
+@@ -122,7 +120,7 @@ ram_block_attributes_for_each_discarded_section(const RamBlockAttributes *attr,
+ {
+     unsigned long first_bit, last_bit;
+     uint64_t offset, size;
+-    const size_t block_size = ram_block_attributes_get_block_size(attr);
++    const size_t block_size = ram_block_attributes_get_block_size();
+     int ret = 0;
+ 
+     first_bit = section->offset_within_region / block_size;
+@@ -163,7 +161,7 @@ ram_block_attributes_rdm_get_min_granularity(const RamDiscardManager *rdm,
+     const RamBlockAttributes *attr = RAM_BLOCK_ATTRIBUTES(rdm);
+ 
+     g_assert(mr == attr->ram_block->mr);
+-    return ram_block_attributes_get_block_size(attr);
++    return ram_block_attributes_get_block_size();
+ }
+ 
+ static void
+@@ -265,7 +263,7 @@ ram_block_attributes_is_valid_range(RamBlockAttributes *attr, uint64_t offset,
+     g_assert(mr);
+ 
+     uint64_t region_size = memory_region_size(mr);
+-    const size_t block_size = ram_block_attributes_get_block_size(attr);
++    const size_t block_size = ram_block_attributes_get_block_size();
+ 
+     if (!QEMU_IS_ALIGNED(offset, block_size) ||
+         !QEMU_IS_ALIGNED(size, block_size)) {
+@@ -322,7 +320,7 @@ int ram_block_attributes_state_change(RamBlockAttributes *attr,
+                                       uint64_t offset, uint64_t size,
+                                       bool to_discard)
+ {
+-    const size_t block_size = ram_block_attributes_get_block_size(attr);
++    const size_t block_size = ram_block_attributes_get_block_size();
+     const unsigned long first_bit = offset / block_size;
+     const unsigned long nbits = size / block_size;
+     const unsigned long last_bit = first_bit + nbits - 1;
+-- 
+2.51.1
+

qemu-kvm.spec

@@ -149,7 +149,7 @@ Obsoletes: %{name}-block-ssh <= %{epoch}:%{version}                    \
 Summary: QEMU is a machine emulator and virtualizer
 Name: qemu-kvm
 Version: 10.1.0
-Release: 4%{?rcrel}%{?dist}%{?cc_suffix}
+Release: 5%{?rcrel}%{?dist}%{?cc_suffix}
 # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
 # Epoch 15 used for RHEL 8
 # Epoch 17 used for RHEL 9 (due to release versioning offset in RHEL 8.5)
@@ -220,6 +220,10 @@ Patch37: kvm-io-move-websock-resource-release-to-close-method.patch
 Patch38: kvm-io-fix-use-after-free-in-websocket-handshake-code.patch
 # For RHEL-126593 - [RHEL 9.8] VFIO migration using multifd should be disabled by default
 Patch39: kvm-vfio-Disable-VFIO-migration-with-MultiFD-support.patch
+# For RHEL-126693 - [RHEL 9]snp guest fail to boot with hugepage
+Patch40: kvm-ram-block-attributes-fix-interaction-with-hugetlb-me.patch
+# For RHEL-126693 - [RHEL 9]snp guest fail to boot with hugepage
+Patch41: kvm-ram-block-attributes-Unify-the-retrieval-of-the-bloc.patch
 
 
 # For RHEL-11424 - [IBM 9.6 FEAT] KVM: Full boot order support - qemu part
@@ -1934,6 +1938,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Tue Nov 25 2025 Jon Maloy <jmaloy@redhat.com> - 10.1.0-5
+- kvm-ram-block-attributes-fix-interaction-with-hugetlb-me.patch [RHEL-126693]
+- kvm-ram-block-attributes-Unify-the-retrieval-of-the-bloc.patch [RHEL-126693]
+- Resolves: RHEL-126693
+  ([RHEL 9]snp guest fail to boot with hugepage)
+
 * Tue Nov 18 2025 Jon Maloy <jmaloy@redhat.com> - 10.1.0-4
 - kvm-io-move-websock-resource-release-to-close-method.patch [RHEL-120127]
 - kvm-io-fix-use-after-free-in-websocket-handshake-code.patch [RHEL-120127]