punching holes between guest and host isn't a thing that should be done too easily as it is a perfect vector of attack/escape. But I know, sometimes the use-case outweights the risks. But then I'd not try to use 9pfs and instead recommend to have a look at ivshmem.
That isn't great and most used either, but at least meant to more or less do what you ask for.
People have been trying to use the example applications ivshmem-server/client for production (which shouldn't be encouraged), so they have been removed in qemu 5.2 and later in Debian and Ubuntu. But if you want to go via that, you can still build and use those example tools yourself (or Use Ubuntu Focal for your experiments which still has them).
If instead you want to directly code against the interface you might want to start at this example ivshmem tutorial.
This even works nicely and more expressive through libvirt XMLs.
This:
<shmem name='my_shmem0' role='peer'>
<model type='ivshmem-plain'/>
<size unit='M'>4</size>
</shmem>
Gave me automatically
-object '{"qom-type":"memory-backend-file","id":"shmmem-shmem0","mem-path":"/dev/shm/my_shmem0","size":4194304,"share":true}' \
-device '{"driver":"ivshmem-plain","id":"shmem0","memdev":"shmmem-shmem0","master":"off","bus":"pci.9","addr":"0x1"}' \
$ lspci
...
08:01.0 RAM memory: Red Hat, Inc. Inter-VM shared memory (rev 01)
You need to get permissions. For example the program/user writing in the host could become part of the kvm group (again, not recommended to grant too easily as it grants permissions not everyone should have).
But then you can, as the tutorial outlines (well, modify size and pci id accordingly), access that from guest and host.
