Thursday, July 27, 2017

KVM on z14 features

While the latest addition to the IBM Z family has been announced, here is a list of features in support of specific features of the new hardware generation in past releases of the Linux kernel, QEMU and libvirt, all activated by default in the z14 CPU model:
  • Instruction Execution Protection
    This feature provides KVM hypervisor support for the Instruction Execution Protection (IEP) facility in the z14. The IEP prevents code execution from memory regions marked as non-executable, improving the security model.
    Other than activating/deactivating this feature in the applicable the CPU models in QEMU (which holds true for most hardware-related features on IBM Z in general), there are no switches associated with this feature.
    Requires Linux kernel 4.11 in the KVM host and guests, as well as QEMU v2.10 (host only).
    In the z14 CPU model, the respective feature is:
      iep       Instruction-execution-protection facility
  • SIMD Extensions
    Following up to the SIMD instructions as introduced with the previous z13 model, the new z14 provides further vector instructions, which can again be used in KVM guests.
    These new vector instructions can be used to improve decimal calculations as well as for implementing high performance variants of certain cryptographic operations.
    Requires Linux kernel 4.11 as well as QEMU v2.10 in the KVM host, and binaries or a respective Java Runtime Environment in guests using the new vector instructions.
    In the z14 CPU model, the respective feature is:
      vxpd      Vector packed decimal facility
      vxeh
          Vector enhancements facility
  • Keyless Guest Support
    This feature supports the so-called Keyless Subset (KSS) facility, a new feature of the z14 hardware. With the KSS facility enabled, a host is not required to perform the (costly) storage key initialization and management for KVM guests, unless a guest issues a storage key instruction.
    Requires Linux kernel 4.12 in the KVM host. As for the guests, note that starting with SLES12SP1, RHEL7.2 and Ubuntu 16.04, Linux on IBM Z does not issue any storage key operations anymore.
    This feature does not have a separate entry in the z14 CPU model.
  • CPUMF Basic Sample Configuration Level Indication
    Basic mode samples as defined in "The Load-Program-Parameter and the CPU-Measurement Facilities" (SA23-2260) do not provide an indication whether the sample was taken in a KVM host or guest. Beginning with z14, the hardware provides an indication of the configuration level (level of SIE, e.g. LPAR or KVM). This item exploits this information to make the perf guest/host decision reliable.
    Requires Linux kernel 4.12 in the KVM host.
    There is no separate entry in the z14 CPU model, since this feature applies to the host only.
  • Semaphore assist
    Improves performance of semaphore locks.
    Requires Linux kernel 4.7 and QEMU v2.10 in the KVM host. Exploitation in Linux kernels in guests is still in progress here, scheduled for 4.14.
    In the z14 CPU model, the respective feature is:
      sema      Semaphore-assist facility
  • Guarded storage
    This feature is specifically aimed at Java Virtual Machines running in KVM guests to run with fewer and shorter pauses for garbage collection.
    Requires Linux kernel 4.12 and QEMU 2.10 in the KVM host, and a Java Runtime Environment with respective support in the guests.
    In the z14 CPU model, the respective feature is:
      gs        Guarded-storage facility
  • MSA Updates
    z14 introduces 3 new Message Security Assists (MSA) for the following functionalities:
        MSA6: SHA3 hashing
        MSA7: A True Random  Number Generator (TRNG)
        MSA8: The CIPHER MESSAGE WITH AUTHENTICATION instruction,
                    which provides support for the Galois-counter-mode (GCM)
    MSA6 and MSA 7 require Linux kernel 4.7, while MSA8 requires Linux kernel 4.12. All require QEMU v2.10 in the KVM host. These features can be exploited in KVM guests' kernels and userspace applications independently (i.e. a KVM guest's userspace applications can take advantage of these features irrespective of the guest's kernel version).
    In the z14 CPU model, the respective features are:
      msa6      Message-security-assist-extension 6 facility

      msa7      Message-security-assist-extension 7 facility
      msa8      Message-security-assist-extension 8 facility
  • Compression enhancements
    New instructions improve compression capabilities and performance.
    Requires Linux kernel 4.7 in the KVM host.
    In the z14 CPU model, the respective features are:
      opc       Order Preserving Compression facility
      eec       Entropy encoding compression facility
  • Miscellaneous instructions
    Details on these instructions are to be published in the forthcoming z14 Principles of Operation (PoP).
    Requires Linux kernel 4.7 and QEMU 2.10 in the KVM host, and binaries that were compiled for the z14 instruction set using binutils v2.28 and gcc v7.1 in the guests.
    In the z14 CPU model, the respective feature is:
      minste2   Miscellaneous-instruction-extensions facility 2
Note: All versions specified are minimum versions.

Further features will be announced in future blog posts as usual as they find their way into the respective Open Source projects.
Also, don't forget to check this blog entry with further details on z14 in general and Linux on z in particular.

Monday, July 17, 2017

z14 announced

Today, IBM announced the new IBM Z model named z14. See here for the full press release.

We will look at features in support of the new IBM Z model in a separate blog entry soon.

Thursday, July 6, 2017

Migrating from KVM for IBM z to Ubuntu

In case you are contemplating a migration from KVM for IBM z to Ubuntu 16.04 or later, you might find the instructions published on the Ubuntu Wiki here helpful.

Furthermore, Canonical published a nice article here that provides an overview of the many options how to deploy Ubuntu on IBM z Systems, including KVM.

Wednesday, July 5, 2017

libvirt v.3.5.0 released

libvirt v3.5.0 is now available for download at the libvirt project website.
A new z Systems-specific feature is the introduction of parameter loadparm for boot devices.
The loadparm parameter can be used to select a specific boot configuration from the zipl menu when IPL’ing/booting from a boot device, similar to what the chreipl command does in Linux on z.
Being able to select a configuration from multiple boot configurations provides more flexibility and allows to recover from error situations by booting a "last known good configuration".
To use, specify the loadparm attribute for a boot device in a guest's XML as follows:

   <disk>
      <boot order='1' loadparm='3'/>
      [...]
   </disk>


Note that this feature requires the forthcoming QEMU 2.10 release.