Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

guest_memfd for Non-Confidential VMs and Spectre Protection

KVM Forum via YouTube

Start learning Write review
Coursera Ad

40% Off All Coursera Courses

Learn More → Scrimba Ad

Free courses from frontend to fullstack and AI

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how guest_memfd, introduced in Linux 6.8, can enhance security for traditional non-confidential virtual machines beyond its primary use in confidential computing environments. Explore the implementation of guest_memfd with shared memory support to run non-confidential VMs entirely backed by guest_memfd, and discover how removing direct map entries for guest_memfd folios provides protection against approximately 60% of Spectre-like transient execution vulnerabilities. Examine the practical application of this technology in the Firecracker VMM and understand how guest_memfd's "guest-first" memory design offers additional hardening benefits for traditional virtualization scenarios while maintaining compatibility with existing KVM infrastructure.

Syllabus

guest_memfd for Non-Confidential VMs and Spectre Protection by Patrick Roy

Taught by

KVM Forum

Reviews

Start your review of guest_memfd for Non-Confidential VMs and Spectre Protection

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.