KVM Forum 2025

Patrick Roy


Sessions

09-04
13:45
30min
rust-vmm: updates, adoption, and future directions
Stefano Garzarella, Ruoqing He, Patrick Roy

It has been several years since the last rust-vmm update at KVM Forum, but the community has continued to grow. Our goal remains the same: to provide reusable Rust crates that make it easier and faster to build virtualization solutions.

This talk will present the main progress and achievements from the past few years. It reviews how rust-vmm crates integrate into projects such as Firecracker, Cloud Hypervisor, libkrun, and virtiofsd. We will cover recent work supporting new architectures like RISC-V and additional operating systems. The talk will also discuss plans to consolidate all crates into a single monorepo to simplify development and releases. Finally, we will review the support for virtio and vhost-user devices that can be used by any VMM.

Room 2
09-05
09:45
30min
guest_memfd for Non-Confidential VMs and Spectre Protection
Patrick Roy

guest_memfd, introduced in Linux 6.8, receives a lot of attention in the context of confidential computing, with KVM support for Intel TDX, AMD SNP, ARM CCA and pKVM being built on top of it, where guest_memfd manages the VM’s encrypted/private memory. However, its design as “guest-first” memory also makes it attractive to for traditional, non-confidential VMs that wish to enjoy additional hardening against Spectre-style transient execution issues.

In this talk, we cover how guest_memfd with support for shared memory 1 can be used to run non-confidential VMs solely backed by guest_memfd. We further explore how this mode can be extended by removing direct map entries for guest_memfd folios 2, protecting guest memory from ~60% of Spectre-like transient execution issues, and how we plan to utilize this functionality in the Firecracker VMM.

Room 2