The Linux 7.1 kernel merge window closed with KVM changes that push virtualization boundaries. Kernel-based Virtual Machine, the workhorse of open-source hypervisors, now carries experimental support for pKVM protected guests on Arm. Pages unmap from the host as guests fault them in. Guests share them back via pKVM hypercalls. This setup aims for full host isolation. It’s highly experimental. Expect kernel taint on launch. Build with CONFIG_ARM_PVKM_GUEST. Launch via kvm-arm.mode=protected. Phoronix detailed these moves just hours ago.
And on x86? KVM advertises AVX-512 BMM to guests. Bit Matrix Multiply instructions arrive with AMD Zen 6 processors. Bit reversal joins in. KVM exposes them through CPUID leaf 0x80000021_EAX[23]. No deep emulation needed. Guests detect and use them directly. This opens doors for AI, cryptography workloads in VMs. Phoronix flagged the patch series early.
Sean Christopherson of Google led the KVM pull. His request pulled dozens of patches. x86 saw dirty logging fixes for TDP MMUs. Private memory faults sped up. Memslot lock contention dropped. NUMA mempolicy now backs guest-memfd. ARM gained memslot dirty logging. s390 added ESA 31-bit guests in nested setups. PowerPC fixed guest exit races. RISC-V tweaked hypercalls. Miscellaneous bug fixes dotted the landscape.
Take the x86 private memory acceleration. It shaves cycles off faults. Developers like Kai Huang contributed. Their work targets Intel TDX, AMD SEV guests. Dirty logging on Arm? Alex Bennée’s patches enable it for memslots. No more full GPA scans. Efficiency gains follow for live migration, checkpoints.
NUMA support for guest-memfd matters in huge deployments. Shivank Gupta at AMD drove those commits. Guests pin memory smarter across nodes. Latency dips. Throughput climbs. In cloud scale, that’s real money saved.
But pKVM steals the show. Protected KVM builds on Linux KVM. It restricts host kernel, user-space access to guest memory. Android’s AVF uses it for payloads. Now upstream experiments land. Taint warns production admins. Still, security teams watch closely. Isolation like this counters side-channels, malicious hosts.
AVX-512 BMM? Matrix ops at bit level. Zen 6 promises hardware acceleration. KVM passthrough means VMs tap it without penalty. HPC sims, machine learning models accelerate. Guests run native-speed on compatible iron.
Broader Linux 7.1 context amplifies KVM wins. MM subtree cut swap metadata 30%. Block layer added zero-copy for ublk. Graphics drivers from Intel, AMD poured in. FRED default on Panther Lake boosts I/O. All this underpins denser VM hosting.
Industry impact? Proxmox, OpenStack admins gear up. Cloud providers test merges. Valve’s low-vRAM gaming tweaks hint at desktop spillover. Phoronix on X buzzed the pKVM news yesterday. Discussions lit up forums.
Challenges remain. pKVM taints kernels. BMM needs Zen 6 hardware. Nested s390? Niche but enterprise gold. Developers iterate fast. Pull requests on lore.kernel.org chronicle the grind.
So KVM in 7.1 delivers. Isolation tightens. Instructions expose. Performance edges accumulate. Data centers notice. VM sprawl gets tamed. And it’s just the merge window. Expect polish through rc cycles.
Operators: Backport risks high. Stick to distro kernels first. Benchmarks pending. Phoronix will test. Watch for numbers on fault latency, migration speed. Zen 6 owners: Guest VMs just got faster.
This cycle proves KVM’s maturity. From Arm edge to x86 core, it scales. Contributors like Christopherson keep it humming. Linux virtualization? Stronger than ever.
Linux 7.1 Unlocks pKVM Isolation and AVX-512 BMM for KVM: Virtualization’s Next Leap Forward first appeared on Web and IT News.