guest_memfd: Unmapped Potential
guest_memfd: Unmapped Potential
The guest_memfd interface was introduced to support hardware-based confidential computing by creating guest memory that is entirely not mappable by the host nor accessible by the host userspace, offering protection against a compromised or buggy host. While effective for its initial purpose, this strict isolation prevents its use for a broader set of virtualization use cases. The current implementation limits utilization by non-confidential computing guests. Also, it lacks the ability to convert memory between private and shared states in-place, which introduces unnecessary work when used to provide memory for software-based confidential computing solutions like pKVM [1]. Furthermore, this design makes adding huge page support difficult without incurring significant memory overhead [2].
This presentation will cover new developments, expected to be merged upstream before the conference [3], that extend the capabilities of guest_memfd and move it from a specialized feature toward a universal API for KVM guest memory. The core of this effort involves carefully allowing guest_memfd-backed memory to be mapped in the host under specific, controlled conditions, which unlocks several new capabilities. We will present the mechanism that enables guest_memfd to back standard, non-confidential VMs, which allows additional hardening against potential host-side transient execution attacks.
Building on this foundation, we will give an overview of the ongoing development to support in-place conversion between private and shared pages within a single guest_memfd region [4]. This is a key requirement for software-based confidential computing solutions and also serves as the enabling technology for efficient huge page support. The talk will explain how these extensions work together to make guest_memfd a more flexible and powerful tool for managing guest memory, paving the way for it to become the primary memory backing interface for all guests in KVM.
[1] https://lpc.events/event/18/contributions/1758/
[2] https://lpc.events/event/18/contributions/1764/
[3] https://lore.kernel.org/all/20250605153800.557144-1-tabba@google.com/
[4] https://lore.kernel.org/all/cover.1747264138.git.ackerleytng@google.com/