Skip to content

vmm: linux: Do not use guest_memfd outside of TEE builds (fixes #478) #479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 1, 2025
Merged

vmm: linux: Do not use guest_memfd outside of TEE builds (fixes #478) #479

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions src/vmm/src/linux/vstate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -669,7 +669,17 @@ impl Vm {
let start = region.start_addr().raw_value();
let end = start + region.len();

if !self.fd.check_extension(GuestMemfd) {
// GuestMemfd is generally intended for either of two purposes:
// * sharing the memory with out-of-process components, and conversely,
// * hiding the memory completely from the VMM process (Confidential Computing).
//
// We only use it for the second use case currently, so don't even try to use it
// outside of TEE builds. Software-protected VMs are only available on x86_64 and
// are marked with strongly-worded warnings about them being for development only,
// as of late 2025. Also, on other architectures like aarch64, guest_memfd in
// general is unstable for now, so don't try to use it without a reason.

if cfg!(not(feature = "tee")) {
let memory_region = kvm_userspace_memory_region {
slot: self.next_mem_slot,
guest_phys_addr: start,
Expand All @@ -686,6 +696,10 @@ impl Vm {
.map_err(Error::SetUserMemoryRegion)?;
};
} else {
if !self.fd.check_extension(GuestMemfd) {
Copy link
Member

@tylerfanelli tylerfanelli Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this be made an else if to avoid unnecessary nesting?

Copy link
Collaborator

@slp slp Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this was made into an else if, we would need another conditional branch to return Error::KvmCap(GuestMemfd). It's better as it is here.

return Err(Error::KvmCap(GuestMemfd));
}

// Create a guest_memfd and set the region.
let guest_memfd = self
.fd
Expand Down Expand Up @@ -716,15 +730,13 @@ impl Vm {
.map_err(Error::SetUserMemoryRegion)?;
};

#[cfg(not(target_arch = "riscv64"))]
let attr = kvm_memory_attributes {
address: start,
size: region.len(),
attributes: KVM_MEMORY_ATTRIBUTE_PRIVATE as u64,
flags: 0,
};

#[cfg(not(target_arch = "riscv64"))]
self.fd
.set_memory_attributes(attr)
.map_err(Error::SetMemoryAttributes)?;
Expand Down
Loading