Linux Kernel Changes Proposed So Intel TDX KVM Guests Avoid Crashing The Host

Written by Michael Larabel in Intel on 24 August 2021 at 08:53 AM EDT. 1 Comment
INTEL
Shortly after Intel's TDX whitepaper was made public last year for better protecting virtual machines, Intel open-source engineers began posting support patches for bringing up Trust Domain Extensions under Linux. That work remains ongoing and now further Linux kernel infrastructure work is pending to better deal with the notion of guest private memory afforded by TDX.

Intel Trust Domain Extensions (TDX) allow for better hardware isolation between virtual machines and the VMM/hypervisor. TDX introduces a secure arbitration mode, multi-key total memory encryption, remote attestation, and other features. TDX is expected with next-gen Xeon Sapphire Rapids CPUs.


While Intel TDX is about improving security, with the current Linux kernel infrastructure around the Kernel-based Virtual Machine it could lead to a situation where guest VMs could crash the host with that memory encryption / guest private memory. In a new Linux kernel patch series Google engineer Sean Christopherson explained, "The TDX architectural effectively allows KVM guests to crash the host if guest private memory is accessible to host userspace, and thus does not play nice with KVM's existing approach of pulling the pfn and mapping level from the host page tables."

Sent out under a "request for comments" is a kernel patch to provide a file descriptor based approach for supporting KVM guest private memory. This is an alternative to prior Intel-posted patches around TDX guest private memory tracking at the struct page level. The kernel patch is still in its early stages, "This is by no means a complete patch; it's a rough sketch of the KVM changes that would be needed. The kernel side of things is completely omitted from the patch...There's also fair bit of hand waving on implementation details that shouldn't fundamentally change the overall ABI, e.g. how the backing store will ensure there are no mappings when "converting" to guest private."

This cover letter goes into all the technical details over the proposal for how Christopherson is proposing KVM and the kernel memory management code deal with guest private memory with Intel TDX to avoid the embarrassing possibility of guest VMs crashing the host.
1 Comment
Related News
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
Intel Linux Display Driver Being Adapted For DRM Panic "Blue Screen of Death" Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features