Linux's KVM With CET Virtualization Is Causing Some Hosts To Hang

Written by Michael Larabel in Virtualization on 14 May 2026 at 06:07 AM EDT. 3 Comments
VIRTUALIZATION
Introduced to the Linux kernel last year was Control-flow Enforcement Technology "CET" virtualization for modern AMD and Intel CPUs. This complements CET that has existed in Linux for quite some time but it's new now to the KVM virtualization world, but some yet to be diagnosed problems are causing some hosts to hang when making use of this virtualization security feature.

CET is a hardware-based security feature to prevent against common ROP and COP/JOP attacks. While Control-flow Enforcement Technology has been working out well for traditional usage outside of virtualized environments, it seems some bugs persist in the Linux KVM code with both Intel Xeon and AMD EPYC processors being impacted by hangs in select environments when using CET virtualization.

Intel CET


There was this bug report earlier in the week from a Proxmox engineer where host lock-ups and guest hangs were reported. With that issue and how to address it not yet being understood, merged to the mainline Linux kernel yesterday was a new option to allow easily disabling CET for KVM.
"There have been reports of host hangs caused by CET virtualization. Until these are analyzed further, introduce a module parameter that makes it possible to easily disable it."

With that patch merged to Git for Linux 7.1, there is now the kvm.enable_cet= module parameter to easily toggle whether to enable CET or not for KVM virtualization usage.
3 Comments
Related News
Cloud Hypervisor 52 Now Supports Launching AMD SEV-SNP Confidential VMs With KVM
IBM Updates Linux Patches For Introducing ARM64 KVM Virtualization On s390
QEMU 11.0 Released With CET Virtualization Support, Native Nitro Enclaves
Linux 7.1 KVM Adds "Very Experimental" Support For pKVM Protected Guests
Linux 7.1 To Expose AMD Zen 6's AVX-512 BMM For Guest VMs
IBM Lays Out Patches For ARM Virtualization Acceleration On IBM Z Servers
About The Author

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenZFS 2.4.2 Released With Linux 7.0 Kernel Support, Many Bug Fixes
Wine Wayland Driver Merges Pointer Warp Support
AMD & Intel Roll Out New Linux Updates For Today's Patch Tuesday
FreeBSD 15.2 Will Aim For The Nice KDE Desktop Installation Experience
DXVK-NVAPI 0.9.2 Further Improves NVIDIA Integration For Steam Play Linux Gaming
Linux Scheduler Work Helping Boost Gaming Performance On Old "Potato" Hardware
IBM s390 Is The Latest Architecture Seeing Rust Linux Kernel Support
Fwupd 2.1.3 Brings Firmware Updating To Modular Smartphones