Linux Kernel Changes Proposed So Intel TDX KVM Guests Avoid Crashing The Host

Written by Michael Larabel in Intel on 24 August 2021 at 08:53 AM EDT. 1 Comment
Shortly after Intel's TDX whitepaper was made public last year for better protecting virtual machines, Intel open-source engineers began posting support patches for bringing up Trust Domain Extensions under Linux. That work remains ongoing and now further Linux kernel infrastructure work is pending to better deal with the notion of guest private memory afforded by TDX.

Intel Trust Domain Extensions (TDX) allow for better hardware isolation between virtual machines and the VMM/hypervisor. TDX introduces a secure arbitration mode, multi-key total memory encryption, remote attestation, and other features. TDX is expected with next-gen Xeon Sapphire Rapids CPUs.

While Intel TDX is about improving security, with the current Linux kernel infrastructure around the Kernel-based Virtual Machine it could lead to a situation where guest VMs could crash the host with that memory encryption / guest private memory. In a new Linux kernel patch series Google engineer Sean Christopherson explained, "The TDX architectural effectively allows KVM guests to crash the host if guest private memory is accessible to host userspace, and thus does not play nice with KVM's existing approach of pulling the pfn and mapping level from the host page tables."

Sent out under a "request for comments" is a kernel patch to provide a file descriptor based approach for supporting KVM guest private memory. This is an alternative to prior Intel-posted patches around TDX guest private memory tracking at the struct page level. The kernel patch is still in its early stages, "This is by no means a complete patch; it's a rough sketch of the KVM changes that would be needed. The kernel side of things is completely omitted from the patch...There's also fair bit of hand waving on implementation details that shouldn't fundamentally change the overall ABI, e.g. how the backing store will ensure there are no mappings when "converting" to guest private."

This cover letter goes into all the technical details over the proposal for how Christopherson is proposing KVM and the kernel memory management code deal with guest private memory with Intel TDX to avoid the embarrassing possibility of guest VMs crashing the host.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week