Re: KVM & VMX root mode

[Avi Kivity <avi-atKUWr5tajBWk0Htik3J/w@public.gmane.org>]

Sander van Leeuwen wrote:
> Avi,
>
> I'd like to make clear that we are talking about the situation where 
> kvm is *not* being used by any application.
>
> It's my understanding that in some (many?) distributions kvm is 
> actually active on a permanent basis. I can't say whether this was done
> by default or explicitly by the user. There is however no need to 
> activate vmx root mode when there is no client program that is using
> the kvm extension.
>
> From your comments I understand that you enable vmx root mode when the 
> kvm module is loaded. Regardless of whether an application
> actually wishes to use the kvm extension.

Yes.  The assumption is that if kvm is loaded, then there is an intent 
to use it.  This is similar to an ethernet device being claimed by the 
driver that supports it, even if no application actually uses that 
network interface.

We could change kvm to only claim vmx on first use, but that would 
reduce reliability.

My position is that:
- if you with to run something that conflicts with kvm enabling vmx, you 
should unload kvm, or not load it in the first place.  This is not a 
difficult operation.
- if you have an issue with distributions enabling kvm by default, then 
talk to these distributions.  kvm itself does not enable vmx by default.

>
>
>
>
> Avi Kivity wrote:
>> Sander van Leeuwen wrote:
>>> Hi Avi,
>>>
>>> Our non-vmx mode fails, because the cpu is in vmx root mode.
>>>
>>> Two products that use vt-x for virtualization could perfectly 
>>> co-exist if both comply with the way Intel recommends people to use 
>>> vt-x.
>>> See figure 19.1 in chapter 19.4 of the 'Intel 64 and IA-32 
>>> Architectures Software Developer's Manual'. VirtualBox is programmed to
>>> follow these rules and therefor allows any other virtualizer to run 
>>> side-by-side.
>>
>> As far as I understand, kvm follows these rules.  It enables vmx when 
>> loaded and disables then when unloaded.
>>
>>>
>>> Currently KVM prevents us from using our generic virtualization 
>>> engine and does not allow anybody else to use the vt-x extensions 
>>> (without
>>> explicitely leaving vmx root mode).
>>
>> Well, obviously kvm can't operate if you disable cr4.vmxe and/or 
>> switch paging off.  The two solutions are not run-time compatible.  I 
>> don't see why this is a problem as you should simply not run the 
>> product you aren't using, and everything should just work.
>>
>>>
>>> As your product is included in the mainline Linux kernel and enabled 
>>> by default, it would be nice if you could follow Intel's 
>>> recommendations.
>>
>> kvm isn't enabled by default.  It requires explicit user action to 
>> enter vmx mode ('modprobe kvm-intel').
>>
>>
>
>


-- 
Any sufficiently difficult bug is indistinguishable from a feature.


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/