KVM virtualization on IBM Z
KVM virtualization is now supported on IBM Z. However, this feature is only available in the newly introduced user space based on kernel version 4.14, provided by the kernel-alt packages.
Also note that due to hardware differences, certain features and functionalities of KVM virtualization differ from what is supported on AMD64 and Intel 64 systems.
For details on installing and using KVM virtualization on IBM Z, see the Virtualization Deployment and Administration Guide. (BZ#1400070
, BZ#1379517, BZ#1479525, BZ#1479526, BZ#1471761)
KVM virtualization supported on IBM POWER9
With this update, KVM virtualization is supported on IBM POWER9 systems, which makes it possible to use KVM virtualization on IBM POWER9 machines. However, this feature is only available in the newly introduced user space based on kernel version 4.14, provided by the kernel-alt packages.
Also note that due to hardware differences, certain features and functionalities of KVM virtualization on IBM POWER9 differ from what is supported on AMD64 and Intel 64 systems.
For details on installing and using KVM virtualization on POWER9 systems, see the Virtualization Deployment and Administration Guide. (BZ#1465503
, BZ#1478482, BZ#1478478)
KVM virtualization supported on IBM POWER8
With this update, KVM virtualization is supported on IBM POWER8 systems, which makes it possible to use KVM virtualization on IBM POWER8 machines.
Note that due to hardware differences, certain features and functionalities of KVM virtualization on IBM POWER8 differ from what is supported on AMD64 and Intel 64 systems.
For details on installing and using KVM virtualization on POWER8 systems, see the Virtualization Deployment and Administration Guide. (BZ#1531672)
NVIDIA GPU devices can now be used by multiple guests simultaneously
The NVIDIA vGPU feature is now supported on Red Hat Enterprise Linux 7. This enables dividing a vGPU-compatible NVIDIA GPU into multiple virtual devices referred to as
mediated devices. By assigning mediated devices to guest virtual machines, these guests are able to share the performance of a single physical GPU.
To configure this feature, manually create a mediated device for the libvirt service to be able to use it as a vGPU. For details, see the Virtualization Deployment and Administration Guide. (BZ#1292451)
KASLR for KVM guests
Red Hat Enteprise Linux 7.5 introduces the Kernel Address Space Randomization (KASLR) feature for KVM guest virtual machines. KASLR enables randomizing the physical and virtual address at which the kernel image is decompressed, and thus prevents guest security exploits based on the location of kernel objects.
KASLR is activated by default, but can be deactivated on a specific guest by adding the
nokaslr string to the guest's kernel command line.
Note that kernel crash dumps of guests with KASLR activated cannot be analyzed using the
utility. To fix this, add the
element to the
section of the XML configuration files of your guests. However, KVM guests with
cannot be migrated to a host system that does not support this element. This includes hosts that use Red Hat Enterprise Linux 7.4 and earlier (BZ#1411490
Parallel decompression of
OVA files supported
With this release, the
pxz decompression utilities are supported by the
These utilities speed up extraction of
OVA files compressed with the
xz utilities on multi-processor machines. In addition, the command-line interfaces for
pxz are fully compatible with the command-line interfaces for
are installed, they are used by default. If
are not installed, there is no change to the extraction behavior. (BZ#1448739
SMAP now supported on Cannonlake guests
With this update, the Superior Mode Access Prevention (SMAP) feature is supported on guests that use the 7th Generation Intel Processors codenamed Cannonlake. This prevents malicious programs from forcing the kernel to use data from a user-space program, and thus increases the security of the guests.
To verify that your host CPU can provide SMAP for your guest, use the
virsh capabilities command and look for the
<feature name='smap'/> string. (BZ#1465223)
libvirt rebased to 3.9.0
The libvirt packages have been upgraded to version 3.9.0, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:
Sparse files are now preserved after moving them to or from another host.
Response limits for remote procedure calls (RPCs) have been increased.
Virtualized IBM POWER9 CPUs are now supported.
Attaching devices to running guest virtual machines, also known as device hot plug, now supports more device types, such as input devices.
The libvirt library has been secured against the CVE-2017-1000256 and CVE-2017-5715 security issues.
VFIO-mediated devices now function more reliably. (BZ#1472263
virt-manager rebased to 1.4.3
The virt-manager packages have been upgraded to version 1.4.3, which provides a number of bug fixes and enhancements over the previous version. Notable changes include:
The virt-manager interface now displays the correct CPU models when creating a guest virtual machine that does not use the AMD64 and Intel 64 architectures.
The default device selection has been optimized for guests using the IBM POWER, IBM Z, or the 64-bit ARM architectures.
If an installed network card on the host system is compatible with single root I/O virtualization (SR-IOV), it is now possible to create a virtual network that lists a pool of available virtual functions of the selected SR-IOV-capable card.
The selection of OS types and versions for a newly created guest has been expanded. (BZ#1472271
virt-what rebased to version 1.18
The virt-what packages have been updated to upstream version 1.18, which provides a number of bug fixes and enhancements over the previous version. Notably, the
virt-what utility can now detect the following guest virtual machine types:
Guests running on an 64-bit ARM host and booted using the Advanced Configuration and Power Interfaces.
Guests running on the oVirt or Red Hat Virtualization hypervisor.
Guests running on an IBM POWER7 host that uses logical partitioning (LPAR).
Guests running on the FreeBSD bhyve hypervisor.
Guests running on an IBM Z host that uses the KVM hypervisor.
Guests emulated using the QEMU Tiny Code Generator (TCG).
Guests running on the OpenBSD virtual machine monitor (VMM) service.
Guests running on the Amazon Web Services (AWS) platform.
Guests running on the Oracle VM Server for SPARC platform.
In addition, the following bugs have been fixed:
tboot rebased to version 1.96
The tboot packages have been upgraded to upstream version 1.96, which fixes several bugs and adds various enhancements. Notable changes include:
The OpenSSL library versions 1.1.0 and later are now supported for RSA key manipulation and ECDSA signature verification.
Support has been added for event logs of Trusted Computing Group (TCG) trusted platform modules (TPMs).
The x2APIC series of Advanced Programmable Interrupt Controller (APICs) is now supported.
Additional checks have been added to prevent kernel images from being overwritten unintentionally.
tboot utility can no longer overwrite modules while moving them.
A bug has been fixed that caused sealing and unsealing Amazon Simple Storage Service (S3) secrets to fail.
Several null pointer dereference bugs have been fixed. (BZ#1457529)
virt-v2v can convert VMware guests with snapshots
utility has been enhanced to convert VMware guest virtual machines that have snapshots. Note that after the conversion, the status of such a guest is set to the top-most snapshot and the other snapshots are removed. (BZ#1172425
This release of the
virt-rescue utility includes the following enhancements:
virt-v2v now converts Linux guests encrypted with LUKS
With this update, the
virt-v2v utility can convert Linux guests installed with full-disk LUKS encryption, that is when all the partitions other than the
/boot partition are encrypted.
CAT support added to
libvirt on specific CPU models
libvirt service now supports Cache Allocation Technology (CAT) on specific CPU models. This enables guest virtual machines to have part of their host's CPU cache allocated for their vCPU threads.
PTP device added to improve time synchronization of KVM guests
The PTP device has been added for KVM guest virtual machines. It enhances the
kvmclocks service by preventing clock divergence between the host and the guest due to NTP adjustment. As a result, the PTP device ensures more reliable time synchronization between the KVM host and its guests.
For details on setting up the PTP device, see the Virtualization Deployment and Administration Guide. (BZ#1379822