New KVM features in RHEL 9.2 and 8.8 on IBM Z
A couple of weeks ago, Red Hat Enterprise Linux 9.2 and Red Hat Enterprise Linux 8.8 have been release – time to look at the new features here with regards to KVM virtualization on IBM Z systems.
Rebased versions in RHEL 9.2
The KVM code in the 5.14-based kernel of RHEL 9.2 has been refreshed to the state of the upstream 6.0 kernel.
Additionally, many packages from the virtualization stack have been rebased in RHEL 9.2. The following versions are now available:
- QEMU 7.2.0 (updated from 7.0.0 in RHEL 9.1)
- libvirt 9.0.0 (updated from 8.5.0 in RHEL 9.1)
- virt-install 4.1.0 (updated from 4.0.0 in RHEL 9.1)
- libguestfs 1.48.4
- libslirp 4.4.0
Speaking of libslirp, a new alternative to the “slirp” user mode networking called passt has been added in RHEL 9.2 for the first time and can be used by installing the “passt” package and adjusting the XML definition of your guest accordingly. “passt” should provide more performance than “slirp” and was designed with security in mind.
New IBM Z-related features in RHEL 9.2 and 8.8
Beside the generic new features that are available thanks to the rebased packages in RHEL 9.2, there are also some cool new IBM Z-specific features which have been explicitly backported to the RHEL 9.2 and 8.8 code base:
Secure execution guest dump encryption with customer keys
When running secure guests
it is of course normally not possible to dump the guest’s memory from the
host (e.g. with virsh dump --memory-only
) since the memory pages of the
guest are not available to the host system anymore.
However, in some cases (e.g. when debugging a misbehaving or crashing kernel in the guest), the owner of the guest VM still might want to get a dump of the guest memory – just without providing it in clear text to the administrator of the host system. With RHEL 9.2 and 8.8, this is now possible on the new z16 mainframe. Please see the related documentation from IBM to learn how to set up such a dump.
Crypto passthrough hotplug
vfio-ap crypto adapters can now be hotplugged to guests during runtime, too, which brings you more flexibility, without the need to shutdown your guests to change their configurations.
Enhanced interpretation for PCI functions
The kernel code in RHEL 9.2 and 8.8 can now enable a new firmware/hardware feature of the recent IBM Z machines that can speed up the performance of passthrough PCI devices (more events can be handled within the guest, without intervention of the KVM hypervisor). Additionally, this now also allows to pass ISM PCI devices through to KVM guests (which was not possible before).