From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:57708)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QCYPI-0004Vu-TJ
	for qemu-devel@nongnu.org; Wed, 20 Apr 2011 10:29:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QCYPI-000827-2h
	for qemu-devel@nongnu.org; Wed, 20 Apr 2011 10:29:28 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51635)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1QCYPH-00081h-GH
	for qemu-devel@nongnu.org; Wed, 20 Apr 2011 10:29:27 -0400
Message-ID: <4DAEEDC0.50804@redhat.com>
Date: Wed, 20 Apr 2011 17:29:20 +0300
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <BANLkTi==x5GF+BC4q=fSVvYLE_XY=SvxTw@mail.gmail.com>
In-Reply-To: <BANLkTi==x5GF+BC4q=fSVvYLE_XY=SvxTw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <http://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: anton.kochkov@gmail.com
Cc: qemu-devel <qemu-devel@nongnu.org>, KVM list <kvm@vger.kernel.org>

On 04/17/2011 01:45 AM, =D0=90=D0=BD=D1=82=D0=BE=D0=BD =D0=9A=D0=BE=D1=87=
=D0=BA=D0=BE=D0=B2 wrote:
> Good day!
> I'm trying to make working qemu-kvm with hardened gentoo on hardened ke=
rnel.
> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu j=
ust start
> and go to infinite loop and take 100% of one of my CPU core. adn it
> even can't be killed.
> Also it is dont give answer for qemu monitor/remote gdb.
> When I'm changed these two values as disabled, qemu-kvm now start, and
> stop (i mean qemu monitor show that virtual machine is running, but no
> any activity/output). Also it's load about 0%.
> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=3D363713
>
> Hope this info help improve qemu-kvm.
>

As Blue says, the problem is likely in kvm, not qemu.

Please try:
- hardened guest on soft host (I expect this to work)
- soft guest on hardened host (I expect this to fail).

Are you using an Intel or AMD host?

Note virtualization hardware will play with segmentation and defeat all=20
those games the hardened kernel plays.

--=20
error compiling committee.c: too many arguments to function