More KVM Changes Merged For Linux 6.16: AMD "ALLOWED_SEV_FEATURES" Merged
Following the Intel TDX host support for KVM being merged for the Linux 6.16 merge window, another batch of Kernel-based Virtual Machine (KVM) changes were merged for the ongoing Linux 6.16 merge window.
This second set of patches has cleaned up the locking of all vCPUs for a VM and brought various fixes. On the x86 side there is some additional changes around AMD Secure Encrypted Virtualization (SEV) functionality.
Among the AMD SEV changes is adding support for the "ALLOWED_SEV_FEATURES" VMCB field as a feature found with EPYC 9005 "Turin" processors. These newest AMD EPYC processors allow the hypervisor to control the SEV features that are set for or by a guest VM. ALLOWED_SEV_FEATURES provides the hypervisor with the ability to enforce that SEV-ES/SEV-SNP guests cannot enable features that the hypervisor doesn't want to allow for guests.
The KVM x86 code also adds support for advertising WRMSRNS and PREFETCHI CPU instruction support to user-space.
There is also a new KVM module parameter "enable_device_posted_irqs" to control and enumerate KVM support for device posted interrupts (IRQs). The emphasis there is to allow disabling device posted interrupts without having to sacrifice all of APICv/AVIC and can be useful for testing.
More details on these latest KVM changes for Linux 6.16 via this merge request that has since landed in Git.
This second set of patches has cleaned up the locking of all vCPUs for a VM and brought various fixes. On the x86 side there is some additional changes around AMD Secure Encrypted Virtualization (SEV) functionality.
Among the AMD SEV changes is adding support for the "ALLOWED_SEV_FEATURES" VMCB field as a feature found with EPYC 9005 "Turin" processors. These newest AMD EPYC processors allow the hypervisor to control the SEV features that are set for or by a guest VM. ALLOWED_SEV_FEATURES provides the hypervisor with the ability to enforce that SEV-ES/SEV-SNP guests cannot enable features that the hypervisor doesn't want to allow for guests.
The KVM x86 code also adds support for advertising WRMSRNS and PREFETCHI CPU instruction support to user-space.
There is also a new KVM module parameter "enable_device_posted_irqs" to control and enumerate KVM support for device posted interrupts (IRQs). The emphasis there is to allow disabling device posted interrupts without having to sacrifice all of APICv/AVIC and can be useful for testing.
More details on these latest KVM changes for Linux 6.16 via this merge request that has since landed in Git.