KVM Virtualization Sees Several Improvements for AMD and Intel in Linux 6.18

2 hours ago 2

VIRTUALIZATION

In recent days there have been two rounds of Kernel-based Virtual Machine "KVM" feature updates to be merged for Linux 6.18 in enhancing the open-source virtualization stack.

KVM feature highlights for Linux 6.18 are particularly notable for AMD and Intel CPU users. The Linux 6.18 KVM feature additions include:

- Support for virtualizing Control-flow Enforcement Technology on x86/x86_64 KVM. This allows leveraging Shadow Stacks and Indirect Branch Tracking on Intel CPUs and just Shadow Stacks for AMD CPUs. This KVM CET virtualization was previously covered on Phoronix.

- KVM on AMD CPUs now enables AVIC by default for Zen 4 and newer where x2AVIC is supported. The Advanced Virtual Interrupt Controller (AVIC) can help with better VM performance.

- AMD Secure AVIC is also now being enabled on the mainline kernel for better security and performance.

Secure AVIC

- Also on the AMD KVM side is SEV-SNP CipherText Hiding. This is an opt-in SEV-SNP feature to prevent unauthorized CPU accesses from reading the cipher text of SNP guest private memory. This can help prevent offline attacks against AMD VMs using SEV-SNP on EPYC processors.

- AMD Secure TSC for SEV-SNP guests to prevent the untrusted host from tampering with the guest's Timestamp Calibration (TSC) frequency.

- The Intel KVM code is preparing for Flexible Return and Event Delivery (FRED) support. KVM FRED didn't cross the line for Linux 6.18 but should be coming in an upcoming cycle.

- KVM on x86 now allows Centaur CPU leaves for Zhaoxin CPUs.

- Support for host user-space mapping of guest_memfd-backed memory for VM types not supporting KVM_MEMORY_ATTRIBUTE_PRIVATE. This is working toward removing guest memory from the kernel direct maps and for allowing mmap() support for guest_memfd-backed memory.

- A variety of ARM improvements from supporting FF-A 1.2 as the secure memory conduit for pKVM, migration improvements, infrastructure to allow disabling EL2 features, and more.

- LoongArch with KVM now supports the detect page table walk feature on new hardware, improving in-kernel IPI and PCH-PIC emulation, and other improvements.

- KVM on RISC-V now supports the SBI FWFT extension, Zicbop and bfloat16 extensions for guests/VMs, and other improvements.

More details on all of these KVM changes for Linux 6.18 via the first pull and second pull.

Read Entire Article
  1. Homepage
  2. Technology
  3. KVM Virtualization Sees Several Improvements for AMD and Intel in Linux 6.18

Related

The Email They Shouldn't Have Read

The Email They Shouldn't Have Read

16 minutes ago 1
Legal Contracts Built for AI Agents

Legal Contracts Built for AI Agents

18 minutes ago 1
Introducing Arcjet's local AI security model

Introducing Arcjet's local AI security model

20 minutes ago 1
Hostinger Web Hosting