From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel Date: Wed, 20 Apr 2011 17:29:20 +0300 Message-ID: <4DAEEDC0.50804@redhat.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: qemu-devel , KVM list To: anton.kochkov@gmail.com Return-path: Received: from mx1.redhat.com ([209.132.183.28]:22570 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752156Ab1DTO32 (ORCPT ); Wed, 20 Apr 2011 10:29:28 -0400 In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On 04/17/2011 01:45 AM, =D0=90=D0=BD=D1=82=D0=BE=D0=BD =D0=9A=D0=BE=D1=87= =D0=BA=D0=BE=D0=B2 wrote: > Good day! > I'm trying to make working qemu-kvm with hardened gentoo on hardened = kernel. > When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu= just start > and go to infinite loop and take 100% of one of my CPU core. adn it > even can't be killed. > Also it is dont give answer for qemu monitor/remote gdb. > When I'm changed these two values as disabled, qemu-kvm now start, an= d > stop (i mean qemu monitor show that virtual machine is running, but n= o > any activity/output). Also it's load about 0%. > See details in bug http://bugs.gentoo.org/show_bug.cgi?id=3D363713 > > Hope this info help improve qemu-kvm. > As Blue says, the problem is likely in kvm, not qemu. Please try: - hardened guest on soft host (I expect this to work) - soft guest on hardened host (I expect this to fail). Are you using an Intel or AMD host? Note virtualization hardware will play with segmentation and defeat all= =20 those games the hardened kernel plays. --=20 error compiling committee.c: too many arguments to function