KVM Forum 2025

guest_memfd for Non-Confidential VMs and Spectre Protection
2025-09-05 , Room 2

guest_memfd, introduced in Linux 6.8, receives a lot of attention in the context of confidential computing, with KVM support for Intel TDX, AMD SNP, ARM CCA and pKVM being built on top of it, where guest_memfd manages the VM’s encrypted/private memory. However, its design as “guest-first” memory also makes it attractive to for traditional, non-confidential VMs that wish to enjoy additional hardening against Spectre-style transient execution issues.

In this talk, we cover how guest_memfd with support for shared memory 1 can be used to run non-confidential VMs solely backed by guest_memfd. We further explore how this mode can be extended by removing direct map entries for guest_memfd folios 2, protecting guest memory from ~60% of Spectre-like transient execution issues, and how we plan to utilize this functionality in the Firecracker VMM.