Known issues

Learn about known issues with Confidential VM. This topic discusses problems and errors whose resolutions require more steps than can be easily described in an error message. Additional workarounds and solutions may be found through a support channel.

Instances with more than 40 persistent disks

Confidential VM instances with more than 40 persistent disks (PDs) attached are not supported. If you need to attach more than 40 PDs, you can request an exception to this limitation through a support channel. Be cautious when you attach more than 40 PDs because instances with more than 40 PDs might boot and fail silently.

Boot latency

Customers may notice longer boot times for Confidential VM instances with large amounts of memory. Boot time is proportional to the amount of memory assigned to an instance.

Disk naming

Due to a current limitation of NVME drivers, it is not possible to apply a customer-supplied device name to disks attached to a Confidential VM instance. If you need custom disk names as identifiers—for example, for automation purposes—as an example, a potential workaround is the use of the Compute Engine metadata service.

Formatting to XFS on persistent disks

Confidential VM instances do not support formatting existing persistent disks (PDs) to the XFS file system format. You can create new PDs formatted as XFS.

SWIOTLB buffer is full

For disk and network input/output operations, Confidential VM uses a specific area in memory called the Software Input Output Translation Lookaside Buffer (SWIOTLB), which has a default size of 64 MB. If the Confidential VM encounters the SWIOTLB buffer is full error, you can try increasing the SWIOTLB size.

To check whether the Confidential VM encountered the swiotlb buffer is full error, connect to the instance and run the following command to query the dmesg logs:

dmesg| grep 'swiotlb buffer is full'

I/O operation time-out

Most operating systems specify a timeout for I/O operations submitted to NVMe devices. The default timeout is 30 seconds and can be changed using the nvme_core.io_timeout boot parameter. For most Linux kernels earlier than version 4.6, this parameter is nvme.io_timeout.

If I/O latency exceeds the value of this timeout parameter, the Linux NVMe driver fails the I/O and returns an error to the filesystem or application. Depending on the I/O operation, your filesystem or application can retry the error. In some cases, your filesystem might be remounted as read-only.

I/O intensive workloads: increasing the size of the SWIOTLB

SWIOTLB has a default size of 64 MB. If you anticipate high levels of input/output on VMs with more than 8 vCPUs, increase the size of the SWIOTLB. The SWIOTLB is part of the total available RAM on the guest. Before increasing the size, ensure that the guest has enough RAM for the SWIOTLB and the operating system.

For example, to increase the size of the SWIOTLB to 512 MB, append the following line to /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT=".... swiotlb=262144"

Then, regenerate grub.cfg by running the following commands:

Ubuntu

sudo update-grub

Other distros

grubcfg="/etc/grub2-efi.cfg"
cp $grubcfg $grubcfg.bak
grub2-mkconfig -o $grubcfg

For more information, see AMDSEV.