Linux Kernel to Include KVM Virtualization

It looks like the newest version of the Linux kernel (2.6.20) will include KVM, the relatively new virtualization environment. From the article: "Thanks to its approach KVM already runs in the current kernel, without any extensive bouts of patching and compiling being required, after the fairly simple compilation of a module. Virtual machines that run unmodified operating systems are meant to appear in the host as a simple process and work independently of the host kernel. In a fashion comparable to that of Xen a modified QEMU is used for the supportive emulation of typical PC components of the virtual machines."

Yes...

...but does this Linux run Linux?

Re:Yes...

Of course. But remember, it violates Microsoft's Valuable Intellectual Property each time it does so!

Microsoft's Valuable Intellectual Property is important! Respect Microsoft's Authoritah!

Re:Yes...

[coredog64]

No, the real question is whether or not it runs NetBSD...

Re:Yes...

[mr_mischief]

Of course it runs NetBSD!

Sorry, but that had to be done. Of course, I would be very surprised if someone didn't get NetBSD running on anything resembling a semi-modern x86-based system within a week. NetBSD is about portability and code correctness. A vanilla x86 with common peripherals, emulated or not, doesn't seem very exotic a place to which to port.

how many KVMs

[Gopal.V]

First there was KVM switches and then there was the Java KVM (kilobyte VM).

Now there's the linux KVM which has nothing to do with either those or the Kernel VM rewrites of the linux past.

Leave that acronym alone !

Re:how many KVMs

[OfficeSubmarine]

Thank you. I was wondering what this was, with the exact same chain of acronyms. I have to admit to some surprise that they'd use an abreviation as common as KVM. Especially when the end effect, if not the implementation, is similar to that of a kvm switch.

Re:how many KVMs

[should_be_linear]

All three-letter acronyms are recycled many times already but it will not stop future projects/organizations to recycle them once more.

Re:how many KVMs

[complete+loony]

Well someone here just update the KVM disambiguation page.

Re:how many KVMs

[bazorg]

yep, there just aren't enough TLA...

Re:how many KVMs

[oudzeeman]

there is also libkvm (for kvm_open, kvm_read, etc)

Re:how many KVMs

[the-stringbean]

Now all we need is somebody to connect a KVM (switch) to a KVM (virtualisation) machine that's running a KVM (Java KVM)!

I just know that someone is going to comment on KVM overlords soon...

Re:how many KVMs

[lintux]

And it's not even an KDE app! I used to think it was some KDE front-end to an existing virtualization program...

Re:how many KVMs

KVM overlords? - more like KVM tribbles.

Re:how many KVMs

[websaber]

How about LVM for linux virtual machine? Oh wait never mind.

Re:how many KVMs

[gitargr8]

Obviously KVM wasn't registered with the Federal Acronym Registration Team or F.A.R.T. (Jon Stewart is a funny man)

Re:how many KVMs

[freakmn]

Now all we need is somebody to connect a KVM (switch) to a KVM (virtualisation) machine that's running a KVM (Java KVM)!

If I get to pick who gets to hook all this up, my vote goes to K. V. Mahadevan, who is also under KVM in wikipedia. Or perhaps a member of the Belgian Football Team, while visiting the Kalamazoo Valley Museum. Actually, looking at a list of Acronyms for KVM, it appears that this usage of KVM ranks second to last of the 8 that it lists, only above the Belgian Football team, Koninklijke Voetbalclub Mechelen. Pretty pathetic, if you ask me.

Re:how many KVMs

You forgot KiloVolt Meter.

Re:how many KVMs

[Andrewkov]

First there was KVM [wikipedia.org] switches and then there was the Java KVM [sun.com] (kilobyte VM).

Now there's the linux KVM [sf.net] which has nothing to do with either those or the Kernel VM rewrites of the linux past.

Leave that acronym alone !

KVM? Personally, I'm waiting for the Gnome version.

Re:how many KVMs

[jd]

Shouldn't that be: TAE TLA?

Re:how many KVMs

[HeavyAl]

There can never be enough T&A!

Re:how many KVMs

I for one, welcome the new KVM warlords

Re:how many KVMs

[grammar+fascist]

Well you know, there are only 26 * 26 * 26 = 17576 combinations of TLAs to choose from. Of course, some are a priori more likely than others because of the relative frequencies of letters that start proper names.

And if you throw out the lame ones, you have, like, five left. That's the problem.

Re:how many KVMs

The solution is to invent more letters...

KVM switch?

[advocate_one]

I take it this has nothing to do with the other meaning for KVM, Keyboard, Video, Mouse switches... there I was thinking that my Belkin KVM switch was finally gonna work properly (I have two mice connected as the switch cannot switch the mice correctly)

Re:KVM switch?

> there I was thinking that my Belkin KVM switch was finally gonna work properly
> (I have two mice connected as the switch cannot switch the mice correctly)

Keyboard and mouse data comes in packets of about 3 or 4 bytes. If a KVM switch toggles mid-packet the PC and/or the peripheral may get badly confused. A well-designed KVM product will get this right, but many don't; it looks like your Belkin product falls into this category.

KVM swithces also vary enormously in their video quality. It is a mistake to think of a KVM switch as a "commodity" device. It is well worth spending a bit extra to get a well-designed product. You're unlikely to have any problems with Adder or Avocent kit.

Re:KVM switch?

[TheThiefMaster]

Don't get me started on belkin, I've had trouble with everything they've made. I've even got a usb bluetooth adapter here that isn't xp sp2 compatible. It's an F8T001_v1, I've had it since before SP2 was released, and I tried it again recently and they still haven't made SP2 drivers for it (last driver release was 2003).

But seriously, I read an article once about why kvms can't switch mice properly, apparently it's because the ps2 mouse protocol has no synchronisation in it. So when a cheap kvm switches the mouse to the other pc, switching in the middle of a data packet more often than not, the pc starts thinking the start of the packet is the middle. This results in things like "moving the mouse clicks the buttons" and other such fun. Most mouse drivers can identify this problem and correct for it, but it takes a few seconds of mouse movement. Even better, some laptops have a kind of ps2 merge circuit for their ps2 touchpad and external mouse, so if the external mouse gets out of sync there is no way to correct it, because the merge is too stupid and the drivers can't see the touchpad and mouse separately, so it can't independently change the synch of the external mouse.

In other words, either get a decent kvm, a kvm that can switch usb mice (which do have synch and so don't have this problem), or stick to two separate mice.

Oh, one more word of kvm warning, they often can't handle resolutions above 1024x768 on the monitor without blurring badly. Whether this is the fault of the cheap cables they always come with or the kvm itself, I don't know.

Re:KVM switch?

[gbjbaanb]

Those words of advice are for cheap KVMs.. however, I use a linksys one which handles 1600x1200@100Hz perfectly well, has never given me grief with mice (which admittedly is a USB one with a PS2 adapter) and was cheap at £20. (its the dual-port one with the integral cables).

On the other hand, we have a 8-port Lindy KVM which is a right PITA sometimes, often not switching video for our servers running at not-very-high-res.

Re:KVM switch?

[TheThiefMaster]

Yeah, I forgot the other video issues. Some cheap kvms (generally older ones with physical switch) cause the monitor to turn off when you switch them, and some (cheap/old) monitors then take some time to come back online. It sounds like the problem you're having is worse than that though.

The better kvm's don't pass the signal for the mouse through directly, instead they pretend to be a mouse to both pcs, routing the data from the real mouse to the appropriate one. This prevents the synch errors on switching by having the kvm only send complete packets to the pc. It does introduce a one-packet delay in the mouse though (imperceptible), and often makes the mouse show up as being a wheelmouse (for compatibility) even if it isn't.

Re:KVM switch?

"I've even got a usb bluetooth adapter here that isn't xp sp2 compatible."

Yeah, but does it runs on Linux?

Re:KVM switch?

[gbjbaanb]

ah yes, the old wheelmouse issue... they send 4 bytes instead of 3 to the PC, which can be one real issue for poor old Windows if you swap mice, or add a wheelmouse to a laptop. Raymond Chen had a good post about it on his blog a fair while back.

Re:KVM switch?

[HTH+NE1]

I take it this has nothing to do with the other meaning for KVM, Keyboard, Video, Mouse switches... there I was thinking that my Belkin KVM switch was finally gonna work properly (I have two mice connected as the switch cannot switch the mice correctly)

I have one of their 4-port USB SOHO KVM switches. I have no problems when I'm switching between Macs hooked up to it, but for the machine running Windows XP, it always takes several seconds for the OS to re-recognize the USB keyboard and USB mouse. I don't know if their PS/2-based switches have this problem.

The only big problem remaining is when it decides to start chirping incessantly for no apparent reason, requiring it to be completely powered down. And if it happened while displaying one of the machines, disconnect the USB connection from that machine. I think I've satisfied it by using a real USB keyboard and not a :CueCat plugged into the KVM's keyboard port.

Oh, and you can't play games with the keyboard connected to its keyboard port. If you hold down a key too long, it stops forwarding the signal to the computer until you release it and press it again. Very annoying. Keyboards plugged into any other port on the KVM work fine, but the special port is the only one that allows keyboard control of the KVM itself.

Re:KVM switch?

Check out Synergy

Synergy lets you easily share a single mouse and keyboard between multiple computers with different operating systems, each with its own display, without special hardware. It's intended for users with multiple computers on their desk since each system uses its own monitor(s).

Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. Synergy also merges the clipboards of all the systems into one, allowing cut-and-paste between systems. Furthermore, it synchronizes screen savers so they all start and stop together and, if screen locking is enabled, only one screen requires a password to unlock them all.

Re:KVM switch?

(I have two mice connected as the switch cannot switch the mice correctly)

Well, you're not specific on what the problem is, but if the wheel's going dead, try passing "psmouse.proto=imps" to your kernel at boot to force it to identify as a wheelmouse despite what the flaky kvm's doing. (Add it to the "kernel" line in your /boot/grub/menu.lst or the "append" line in /etc/lilo.conf, depending on which bootloader your distro uses) If the mouse itself freaks, you could try "psmouse.resetafter=1" and that will force a reset of the ps2 interface after the specified number of bad packets. Sometimes when you're dealing with wonky hardware, it's good to remember that /usr/src/Documentation/kernel-parameters.txt is your friend.
  - mantar

Re:KVM switch?

[advocate_one]

(I have two mice connected as the switch cannot switch the mice correctly)

Well, you're not specific on what the problem is, but if the wheel's going dead, try passing "psmouse.proto=imps" to your kernel at boot to force it to identify as a wheelmouse despite what the flaky kvm's doing. (Add it to the "kernel" line in your /boot/grub/menu.lst or the "append" line in /etc/lilo.conf, depending on which bootloader your distro uses) If the mouse itself freaks, you could try "psmouse.resetafter=1" and that will force a reset of the ps2 interface after the specified number of bad packets. Sometimes when you're dealing with wonky hardware, it's good to remember that /usr/src/Documentation/kernel-parameters.txt is your friend.

The mouse goes completely bonkers with the pointer zipping about all over the place and various mouse buttons being "pressed" at random.

kernel-parameters.txt... in seven years of using Linux, I've never, ever had the need to compile it and thus have never had those docs on my systems. Ho hum... let's fire synaptic up and see what I've been missing all these years.

oh, I tell a lie, I have compiled a kernel once... Gentoo, mind you, all I did was follow the Gentoo instructions and everything automagically worked... without any input from me for any kernel modules etc. See, even Gentoo is basically foolproof (provided you actually follow the instructions)

Re:KVM switch?

Yeah, compiling kernels from source is generally unnecessary in this enlightened age, but /usr/src/$kernel/Documentation has lots of good info. It ought to be installed by default.

  The psmouse.resetafter=1 boot parameter is probably what you need.

- mantar

Re:KVM switch?

[TheThiefMaster]

No, and it doesn't run ON linux either. At least not because of Belkin, I wouldn't be surprised if there was a 3rd-party open source driver. It would make a change for Linux to be more compatible than windows.

http://www.belkin.com/support/download.asp?lang=1& download=F8T001_v1&mode=

Re:KVM switch?

[mr_mischief]

Why would compatibility under Linux be a surprise?

If I write a well-behaved program for Solaris, NetBSD, plan9 or OS X doe you think it's easier to get that running under Linux or Windows? If I put an OS on my machine with a 3Com, Linksys, or Intel network card and have to provide a driver disk, am I more likely installing a version of Linux or a version of Windows? If I write a program in Perl on Solaris, NetBSD, OS X, or plan9 am I going to have more or fewer issues getting it to behave as expected on Windows?

Seriously, people, just because some vendors put out hardware with drivers for one specific version of Windows included doesn't mean that Windows itself is anything special for compatibility purposes. That's the hardware vendor catering to the OS -- not all versions of Windows, but just the one the driver happens to be for. It's Microsoft catering to your needs. Ever try to throw a spare 10Mbit ISA NIC into a machine for a couple of hours under XP, only to find out that the newest driver for it under Windows for Workgroups 3.11 and that driver doesn't work with XP? Ever try to run any Token Ring networking under XP?

Windows compatibility is not what you seem to think it is. Just because you happen to buy all your junk peripherals around the same time as your OS doesn't mean your OS works with as wide a range of peripherals as the other options out there.

Sure, most versions of Linux may take a while to have a driver for your $3 modem or your $5 NIC. Enthusiast gaming video cards that only get used to their potential by the latest Windows games anyway might not have decent (if any) working drivers under Linux for a while after launch. Most versions of Linux, though, support a lot more devices than all versions of Windows combined do out of the box. Additional drivers from hardware manufacturers will make the one or two versions of Windows each device is targeted at work with that device while the Linux driver is developed as an afterthought or by a third party. That's not a virtue of Windows. It's a lackluster but quite understandable decision by the hardware manufacturer to choose the profits associated with higher margins rather than the pride and high regard among techies associated with broader development and support costs.

You can say that component and peripheral manufacturers should focus only on profit or that they should focus more on pride, customer loyalty, corporate image, or whatever. When it comes down to it, though, most companies are organized exclusively for purposes of turning a profit. No matter what you make of human values and corporate values, that's a whole societal issue that goes beyond the scope of just Linux, BSD, Solaris, plan9, or whatever drivers.

Re:KVM switch?

[TheThiefMaster]

I wasn't implying that it was a fault of linux or a virtue of windows that hardware tends not to work under linux, and does under windows. I was just saying that the manufacturer's windows drivers for any random hardware tend to be better / exist more than the linux drivers. You might also have noticed that I subtly praised linux's open-source-ness by saying that there's always the possibility of a 3rd-party driver that makes it work under linux, and that if there was it would make it one of the only recent devices to work under linux and NOT windows.

Also I love how you say it might take a while for cheap hardware to get linux drivers, and then go on to say how it might take a while for enthusiast hardware to get drivers under linux. You make it sound like linux only supports hardware more than 5 years old. I must say that Fedora 6 x64 works fine on my athlon64 / nforce 4 / x1900xtx system straight from install (or it did after I manually installed the bootloader that the automated setup silently failed to do).

I'd also like to point out that it's rare for hardware that can physically be inserted into an xp minimum spec machine to not have drivers. Your ISA network card example is poor, because an xp minimum spec machine shouldn't have an ISA socket in it (ignoring for now the fact that ISA hardware would likely be outside it's recommended operating life). On the other hand the 20-year-old epson lx-800 dot-matrix printer I have at home has drivers for even windows x64 shipped with the OS.

Finally, why the hell would anyone be trying to use token ring with xp? Or at all?

Re:KVM switch?

[mr_mischief]

Cheap hardware is less likely to get Linux drivers because the driver is often responsible for much of the basic functionality of the device that in a more expensive piece of hardware is in the firmware. Winmodems for example didn't have Linux drivers for a long time, and some I think still don't. Motherboard RAID solutions are often Windows-driver based as much as based on the motherboard. Linux's md software RAID is usually a better solution than even messing with drivers for those.

The latest enthusiast video cards sometimes take a little longer to get top-notch drivers for Linux than for Windows because NVidia and ATI have less resources dedicated to the drivers and it's a little more complicated to test against an OS with more branches and fewer overall users. They do a pretty good job of catching the Linux drivers up to the Windows drivers just a generation or two of enthusiast cards back, which means all their mainstream cards tend to have at least solid functionality if not good performance. A generation of enthusiast cards could mean two months or eight months, depending on the current market and any major changes by the two big players.

I actually happen to have Pentium III machines and Athlon XP machines with one or two ISA slots. The last time I checked, these machines run XP pretty comfortably. My Athlon XP 2400+ plays Battlefield 1942 without a stutter, and would probably play Battlefield 2142 pretty well if I updated the video card. It has two ISA slots (well, one ISA and one shared ISA/PCI). True, under most circumstances I'd use just the 10/100 on the board, and I happen to also have some spare PCI NICs around. At one point, though, that very 2400+ had every PCI slot full and I needed it to have a second NIC for about two hours. I had to pull a card out of a PCI slot and use a spare PCI NIC because I coul not find a driver anywhere for the ISA NIC in question. That NIC has been working at one point or another under Linux distros from Slackware 3 and RedHat 5.2 up to Mandriva 2006.0 with no problem.

I have several 16Mbit TR cards, two MAUs, and lots of really old systems with Linux and TR drivers installed. Because I can. Sometimes I hook my main Linux box up to the ring and route between the older systems and my everyday LAN. Because I can.

Yes, I'm a retro hobbyist. No, that's not a huge market for Windows XP. It's still great to know that Linux lets me have a modern OS that will still support my old-ass hardware if I want it to do so.

What benefits does this give?

I'm at work now, and believe or not slashdot is not blocked (almost anything else is), so I can't read the article.
What are the benefits of this vs regular (as in qemu, vmware) virtualization?

Re:What benefits does this give?

[larytet]

Currently, KVM is stable (at least with the guests we test :), and is fast enough for desktop use on recent processors. For server workloads, an optimized version of the MMU virtualization is needed. This is currently in progress. KVM is available as a patch to recent Linux kernel versions and as an external module that can be used with your favorite distro- provided kernel. We are working to merge KVM into Linux so that the functionality is available with no hassle. Working: * Intel-based hosts (requires VT capable processors) * AMD-based hosts (requires SVM capable processors) * Linux guests (32-bit and 64-bit) * Windows guests (32-bit) * SMP hosts In progress: * Optimized MMU virtualization Planned: * SMP guests What do I need to use kvm? You will need an x86 machine running a recent Linux kernel on an Intel processor with VT (virtualization technology) extensions, or an AMD processor with SVM extensions (also called AMD-V). What is Intel VT / AMD-V? Intel VT and AMD's AMD-V are instruction set extensions that provide hardware assistance to virtual machine monitors. They enable running fully isolated virtual machines at native hardware speeds, for some workloads. How can I tell if I have Intel VT or AMD-V? With a recent enough Linux kernel, run the command: egrep '^flags.*(vmx|svm)' /proc/cpuinfo If something shows up, you have VT. You can also check the processor model name (in /proc/cpuinfo) in the vendor's web site. Note that some manufacturers disable VT in the machine's BIOS, in such a way that it cannot be re-enabled. What user space tools does kvm use? kvm uses a slightly modified qemu program to instantiate the virtual machine. Once running, a virtual machine is just a regular process. You can use top(1), kill(1), taskset(1) and similar tools to manage virtual machines. What virtual disk formats can kvm use? kvm inherits a wealth of disk formats support from qemu; it supports raw images, the native qemu format (qcow), VMware format, and many more. What is the difference between kvm and Xen? Xen is an external hypervisor; it assumes control of the machine and divides resources among guests. On the other hand, kvm is part of Linux and uses the regular Linux scheduler and memory management. This means that kvm is much smaller and simpler to use. On the other hand, Xen supports both full virtualization and a technique called paravirtualization, which allows better performance for modified guests. kvm does not at present support paravirtualization. What is the difference between kvm and VMWare? VMware is a proprietary product. kvm is Free Software released under the GPL. What is the difference between kvm and QEMU? Qemu uses emulation; kvm uses processor extensions for virtualization. Do you have a port of kvm for Windows? Not in this release. What kernel version does it work with? kvm should work with any recent kernel (2.6.16 and above, likely even earlier) How much RAM do I need? You will need enough memory to let the guest run comfortably while keeping enough for the host. 1GB is probably a minimum configuration for the host OS. What OSs can I run inside kvm VM? We have tested Linux (32/64 bit) and Windows (32 bit). Others may or may not work. What happens if I kill -9 a VM process? From the guest's perspective, it is as if you yanked the power cord out. From the host's perspective, the process is killed and all resources it uses are reclaimed. Does kvm support SMP hosts? Yes. What is the procedure to install a Windows guest? Currently Windows guest installation is broken. The problem arises from the APIC implementation. At the moment the APIC is emulated by qemu, which is not as tightly integrated to the kvm virtual cpu as it should be. There is work in progress to implement the APIC within kvm to fix the problem. Until then, start qemu with the -noapic option. If you have a guest that uses the APIC HAL, the following workaround is suggested: 1. Run the guest without kvm (-no-kvm)

Re:What benefits does this give?

Hey hey, well done, you've provided our audience with excellent motivation for using the preview button like the form suggests!

Re:What benefits does this give?

[BokLM]

Why is this comment rated informative ?
For thoses who are interested, look at this page :
http://kvm.sourceforge.net/faq.html

It is the same thing, but it is actually readable.

Re:What benefits does this give?

[turbidostato]

"Why is this comment rated informative ?"

Because it gave *gasp* _information_ to the one who asked for it?

Not frist psot!

[Aladrin]

Not first post, but at least I can be the first not to kvetch about them not integrating a physical object with a piece of software. -sigh-

The article talks about a news article mistakenly stating it was for Intel processors only. I imagine it said that because the official site says it's for Intel only. http://kvm.sourceforge.net/howto.html

It does also say elsewhere on the site http://kvm.sourceforge.net/faq.html that it's for certain AMDs also.

It claims it can run 32-bit windows inside the virtualization. Does this mean Windows can directly access the hardware, and provide true 3D support and such? Or is it simply another hardware emulator with all the associated problems? Too bad 'windows guest' installation is broken at the moment.

Re:Not frist psot!

[WheresMyDingo]

at least I can be the first not to kvetch

Don't you mean kvmetch? Sorry, couldn't resist.

Re:Not frist psot!

[Aladrin]

I (and Google) have absolutely no idea what you are talking about.

Excellent

[October_30th]

But is this going to let me run 32-bit Windows under 64-bit Linux? Apparently Xen can't do it and that really bugs me.

Re:Excellent

That's supported with VMware.

Re:Excellent

Actually I can run 32-bit Windows under 64-bit Linux using Xen in HVM mode using my Intel CPU's VT instructions.

Re:Excellent

[repvik]

Yes:

"The driver supports i386 and x86_64 hosts and guests. All combinations are allowed except x86_64 guest on i386 host. For i386 guests and hosts, both pae and non-pae paging modes are supported." (From LKML)

Re:Excellent

I use 32 bit window on my 64 bit (xen hypervisor/linux dom0) on a daily basis

Only up to date processors? How up to date?

[Viol8]

It mentions some code names but I'm not au fait with Intel or AMD code names. How long have these functions been in CPUs? Will my P4 support it or is it only the latest core duos and so forth?

Re:Only up to date processors? How up to date?

very.. I believe only the core's / some 'p4' based xeons ..
look for 'intel VT' and 'amd virutalization (pacifica)'
in your chip specs..

if you didn't buy it in the last year or so, most likeley not.

Re:Only up to date processors? How up to date?

[d34d.10n]

From Wikipedia:

"Intel VT was officially launched at the Intel Developer Forum Spring 2005. It is available on most Pentium 4 6x2, Pentium D 9x0, Xeon 3xxx/5xxx/7xxx, Core Duo and Core 2 Duo processors. On some implementations, IVT support may be switched off in the BIOS/EFI."

"AMD processors using Socket AM2, Socket S1, and Socket F include AMD Virtualization support. In May 2006, AMD introduced such versions of the Athlon 64 and Turion 64 processors. AMD Virtualization is also supported by release two (x2xx series) of the Opteron processors."

Re:Only up to date processors? How up to date?

[julesh]

Basically you need a 900-series Pentium 4 or more recent chip, or similarly recent AMD chips. This is new, but not quite as new as core 2.

Re:Only up to date processors? How up to date?

[Anthony+Liguori]

The best resource I know of is http://wiki.xensource.com/xenwiki/HVM_Compatible_P rocessors

Instant kernel switching?

Is this related to that new experimental Linux system call in the kernel that will allow instantaneous switching to another operating system/kernel?

Re:Instant kernel switching?

No, what you mean is the kexec() syscall that has already been in the kernel for some time.

Re:Instant kernel switching?

[SirTalon42]

The 'instant kernel switching' is quite different, think of it as rebooting but skipping the bios. (you can't have an app open through the kernel switch)

I hope Windows can't access the hardware.

[Viol8]

If you it gives another OS *full* access to everything then you'd be just as vulnerable to viruses , worms etc as if you were running that OS natively and you could well find your linux filesystem hosed. Hopefully guest OSes will be in a sandbox or at the very least only allowed to directly access specific user defined hardware resources. If not then I certainly won't be taking advantage of this system anytime soon.

Re:I hope Windows can't access the hardware.

[Aladrin]

You managed to get modded insightful on that, and I totally fail to see how.

How in the WORLD does access to the video, sound, or any other daughterboard grant access for a virus?

And how in the WORLD does a virtual machine work without access to a storage device? (I'm assuming you're going to say a virtual storage device.) And even WITH that, how in the world does a Windows virus infect a Linux executable? (It'd have to written specifically for that purpose with the assumption that you are running KVM un-secure. That's got to be even more obscure than Linux itself, which doesn't have many viruses due to obscurity and relative knowledge-level of its users. (They are less likely to click things without thinking.)

So I grant you that write-access to a storage device COULD theoretically be a problem. But access to anything else? No way. Direct access to hardware is the only way to get the performance needed to justify running a virtual machine on a desktop PC. And if that's not what this is for, it's simply another virtualization product. (Albeit a free one.)

Re:I hope Windows can't access the hardware.

[Schraegstrichpunkt]

How in the WORLD does access to the video, sound, or any other daughterboard grant access for a virus?

DMA + lack of IOMMU = unrestricted access to system memory

... in the WORLD

Re:I hope Windows can't access the hardware.

[Viol8]

"You managed to get modded insightful on that, and I totally fail to see how."

So you proved.

"So I grant you that write-access to a storage device COULD theoretically be a problem. But access to anything else? No way."

So you don't think that screwing up the video would be a problem? Well I suppose if you only access your linux box through a net connection or serial terminal it wouldn't be.

I'm not saying any of this happens now , but if it becomes common then who's to say some virus writer won't add in a little bit extra to his code to check for running in a virtual env?

Re:I hope Windows can't access the hardware.

[teh_chrizzle]

So you don't think that screwing up the video would be a problem?

assuming that you are talking about crashing the X server, no, because you can just restart X without affecting the rest of the server. with packages like VMWare Server, you don't need to run an x server on the host. you can run the VMWare console app on a spearate machine to actually see and operate the guest operating systems. so you can run your VMs on a box with a rather rudimentary install and access it from a more robust linux or windows install with a GUI. in theory, even if a display mode error occurs, only the VM's console is inaccessible and can be restarted, or deleted and restored from a backup. even if you manage to crash the console app, the host and the VMs on it are still running fine.

perhaps this is an improvement in all of Xorg and not just ubuntu, but on my ubuntu machine i can log in multiple users at the same time from the console (display:0) and even ctrl+alt+backspace to restart the Xserver in one session and have the other logged in user not be affected.

Re:I hope Windows can't access the hardware.

[LarsG]

How in the WORLD does access to the video, sound, or any other daughterboard grant access for a virus?

If you don't know, please leave your geek-card at the door on your way out.

Short answer - DMA.

Long answer - memory protection between processes (and in this case guest OSes) is done by the MMU, making sure that process A can't read/write to memory owned by process B (or in this case guest OS and host OS). Unfortunately, the memory space seen by devices on extention buses like PCI is not mapped by the MMU. If a process has direct access to a device that supports DMA, it can tell the device to read or write memory that belongs to other processes (f.ex. order the sound card to read the sound buffer from kernel space. The process can then read the sound buffer to get access to kernel memory).

To safely allow a process (or guest OS) direct access to hardware devices, the hardware architecture and OS needs to be designed so that a DMA from the hardware device can only access memory owned by the process that ordered the DMA.

Re:I hope Windows can't access the hardware.

[Viol8]

"assuming that you are talking about crashing the X server, no, because you can just restart X without affecting the rest of the server."

Sorry , it doesn't always work like that. I've had X servers totally lock up video cards which stay locked even once the X server process has been killed and no amount of X restarts solved it. The only thing that worked was shutting down then switching the machine off then on again. Now this may be limited to certain graphics cards (Matrox in my case) but the fact it happens at all should be a warning.

Re:I hope Windows can't access the hardware.

[teh_chrizzle]

I've had X servers totally lock up video cards which stay locked even once the X server process has been killed and no amount of X restarts solved it.

while i have never seen that in the wild, the fact remains that video failure does not necessarily take down a whole server. if you were able to kill the X server process after the display adapter froze, you were obviously still able to access the machine. if you can access the machine, presumably others can too. since you don't need X to run VMs, your guest OS's can still operate. there is a world of difference between having your X server panic and freeze of it's own accord and being able to write a virus for windows to reach out of the VM and into linux to cause similar mayhem.

Re:I hope Windows can't access the hardware.

[Viol8]

"that video failure does not necessarily take down a whole server."

No it doesn't , but if you're running windows virtualised then the odds are you're using the console and if you can't use the console because some virus has crashed the display then that possibly defeats the purpose of having the machine in the first place especially if it happens to be your workstation.

Re:I hope Windows can't access the hardware.

[i23098]

How in the WORLD does access to the video, sound, or any other daughterboard grant access for a virus?

If you don't know, please leave your geek-card at the door on your way out.

To safely allow a process (or guest OS) direct access to hardware devices, the hardware architecture and OS needs to be designed so that a DMA from the hardware device can only access memory owned by the process that ordered the DMA.

So you knew the answer all the time :) You know about AMD's IOMMU ;). I'm sure Intel has something like this...

So, there's no problem in giving direct access to the hardware :p

Re:I hope Windows can't access the hardware.

[teh_chrizzle]

if you're running windows virtualised then the odds are you're using the console

i log into and out of windows servers, both virtualized and not, all day long, and i couldn't tell you off the top of my head where they are in the rack, which machines what VM's are hosted on, and i don't recall the last time i physically (or virtually) touched the consoles for many of them. yes it is documented somewhere, but for day to day care and feeding it's just not necessary.

as for having the server be your workstation, using a VM to test on your development machine and using VMs as servers are not the same thing. that is why companies like VMWare and MS make workstation and server products. losing the console on a workstation is catastrophic for only one user and may require extraordinary measures to recover (like rebooting the host and restoring the VM from a snapshot or possibly even an offline backup), but losing the console on a server is not, so long as the server is still running. in fact, in most enterprises it will most likely go unnoticed by the general population, provided of course that the server is still performing it's intended function.

in either case, if your virtualization package is doing what it should, a VM should not be able to affect the host OS and should not be able to take out the host machine, virus or no virus. that is the point of virtualization, to have multiple guests share the same physical hardware without affecting one another.

Re:I hope Windows can't access the hardware.

[gilboad]

AFAIK Intel -still- doesn't have IOMMU support.
Maybe they're waiting for CSI to become fully AMD64 complaint. ;)

- Gilboa

Re:I hope Windows can't access the hardware.

[LarsG]

Are chipsets with IOMMU support out yet?

Re:I hope Windows can't access the hardware.

[sowth]

Nvidia? They are a fun bunch aren't they? I love that game...what is it called? Oh yeah... Ultimate X Crash! I love how they kick me into it as I am playing a game or a video, or I am browsing the web and I just want to watch this quick clip...

It is the greatest surprize gift. I wish I could meet the Linux driver developers from Nvidia in a dark alley so I can thank them for all these gifts they've been giving me.

Explanation Please

[iamnafets]

What the hell does this mean?

VMWare

[brunes69]

You can do that in VMWare player and VMWare server, both of which are free (as in beer).

http://www.vmware.com/

Re:VMWare

[BokLM]

You can do that in VMWare player and VMWare server, both of which are free (as in beer).

You mean I can get drunk if I use them too much ?

Re:VMWare

[October_30th]

Strange.

I've never been able to complete an installation of 32-bit Windows XP Pro SP2 on 64-bit Linux/VMware server. It locks up the computer completely when it's installing drivers.

Re:VMWare

[tehcyder]

So I can safely run a virtual Linux computer without the worry of it affecting the stability and performance of my Windows machine? Cool.

But...

[Vulcann]

...will it run .NET ?

*ducks*

Virtualisation on Linux

[cortana]

Xen
VMWare
linux-vserver
UML
OpenVZ
Plex86
Qemu
Bochs
lhype

and now

KVM

http://linuxvirtualization.com/ has some good linux to recent announcements regarding virtualisation software on Linux.

Are there any more?

Re:Virtualisation on Linux

[Bob54321]

I just went to the http://linuxvirtualization.com/ site and was quite interested in the very top post. What really excited me was KVM has gained save/resume support. That sounds like (but I could be wrong...) I can just suspend my Windows VM and come back to it at a later point. That would be a great feature as I always do the same thing every time I run Windows and it is annoying the run QEMU and restart all the programs I need open to do a ten second task.

Re:Virtualisation on Linux

[Cthefuture]

Yeah, there is Parallels which runs on Windows, Linux, and OSX.

I feel VMware is still king of the hill for most anything (especially Windows on Linux). I have yet to use any other system that can match it in terms of features, performance and compatibility. I know that sounds like an advertisement but it is one of the few pieces of software I have consistently bought the latest version of since it was first released like 7 or 8 years ago. It tends to be much less buggy than anything else also.

You can only do better if you're talking about running Linux on Linux. In those cases something like Xen or UML give maximum performance.

Re:Virtualisation on Linux

[Nimey]

Plex86 is no longer a going concern.

Re:Virtualisation on Linux

[SolitaryMan]

... annoying the run QEMU and restart all the programs I need open to do a ten second task.

I don't think this feature will be quick enough to save you time though.

Re:Virtualisation on Linux

[julesh]

Many of these are substantially different from standard virtualization systems, though:

linux-vserver and OpenVZ are chroot-based virtual hosting environments, not virtualized operating systems. You can add OpenVSD to the list of such projects, although it appears to be practically dead.

Qemu and Bochs are PC emulators, not virtual machines, which is a slightly more subtle distinction, but still one that needs to be made.

UML is something different entirely -- an operating system that is designed to run as a process on another operating system with a similar syscall interface.

That leaves KVM, Xen (which uses an exokernel, so is effectively its own OS, not a Linux-hosted VM), VMware (which is proprietary) and plex86 (which will only run modified kernels so doesn't provide a true virtual machine).

So, you see, KVM is effectively the only Linux-based VM system (by the traditional definition) on that list.

Re:Virtualisation on Linux

[GigsVT]

Virtuozzo?

Re:Virtualisation on Linux

[Kynde]

... annoying the run QEMU and restart all the programs I need open to do a ten second task.

I don't think this feature will be quick enough to save you time though.

It's pretty slick in vmware.

Re:Virtualisation on Linux

[Ed+Avis]

You left out dosemu (the earliest hardware virtualization, using the V86 mode of all 386-compatible processors - but also supporting 32-bit DPMI applications) and DOSBox (which is based on bochs). Also Cooperative Linux for running a Linux system under other OSes, such as Windows.

Re:Virtualisation on Linux

[netdur]

- dad! give me 5 dollars - 4 dollars? what are you going to do with 3 dollars? 2 dollars too much for you... take dollar! and give half to your little sister

Re:Virtualisation on Linux

[Mad+Merlin]

You do know that QEmu can suspend and resume images as well, right? Even better, with -snapshot, it won't commit any of the changes to the disk image (unless you tell it to while running), so you can keep resuming from the same point again and when you're done, just close it.

Re:Virtualisation on Linux

[evilviper]

Qemu and Bochs are PC emulators, not virtual machines, which is a slightly more subtle distinction, but still one that needs to be made.

No, Qemu, used along with with the "Qemu Accelerator" is just as much a virtual machine as VMWare.

Re:Virtualisation on Linux

[Bri3D]

MOL (Mac-On-Linux). Sure it's PowerPC, it's still virtualization.

Re:Virtualisation on Linux

[julesh]

True, but the Qemu Accelerator isn't open source, so the same criticisms then apply to that as apply to VMware.

Re:Virtualisation on Linux

[baadger]

Actually there is/was an open source effort to replace the KQEMU "accelerator" module... QVM86. Unfortunately it needs work, it's functional but only operates on x86 (no x86_64). There are patches against current CVS for compatibility with KQEMU 1.3.x and QEMU 0.8.2 on the QVM86 newsgroup but development seems to have otherwise stagnated.

Also the author of KQEMU did say he would open up the source if sponsored.

Re:Virtualisation on Linux

I'm as much as open source zealot as anybody else. But I cannot ignore reality: in all the micro-benchmarks I run, Linux on VMware ESX Server 3.0.1 beats Linux on Xen.

Now that VMware has announced support for paravirtualized Linux kernels (paravirt_ops style) in Workstation 6 (currently in beta), I would expect VMware to have similar performance to Xen even in their hosted products (i.e. Player and Workstation).

Re:Virtualisation on Linux

[evilviper]

No. VMware is ENTIRELY closed source.

KQEMU is a tiny bit of closed-source code, which works together with a fully open source program.

You've already been pointed to the open source VM86, which I've personally used quite successfully in the past in lieu of kqemu.

Not everything, just video

[brunes69]

One of the main barriers to Linux adoptoin is the fact that you can't ru Windows games in Linux, unless you reboot into windows. If LVM / Xen / QEMU / VMWare started realizing this and made video driver performance a priority, they could have a real market leader on their hands.

I know if there was a VM out there that coudl run Windows games with full native windows video accelleration, I woudl pay very good money for it.

Sound / disk / CPU performance has been there in VMs for years, at least froma desktop users standpoint. The one area that lags behind all other sis video support. Even with VMWare (arguable the fastest VM out there right now), running a full scrteen Windows session under Linux feels sluggish at best...a nd there isno Direct3D support at all.

And as far as your comment - there is absolutely nothing stopping them from doing this. Just look at X, it interfaces direct with the kernel via DRI, and it's secure.. a crashing X session won't bring your whole machine down.

Re:Not everything, just video

[Schraegstrichpunkt]

One of the main barriers to Linux adoptoin is the fact that you can't ru Windows games in Linux, unless you reboot into windows. If LVM / Xen / QEMU / VMWare started realizing this and made video driver performance a priority, they could have a real market leader on their hands.

If the full interface documentation for recent Nvidia and ATI video cards was released, and GPL-compatible drivers existed, this would probably already be in the works.

Re:Not everything, just video

Er. No, it's not secure. We're just lucky that most leet haxors (that we know about...) are really just script kiddies without the technical know-how to do the fancier stuff. A malicious program running on your GPU or other expansion card has privileged access to your physical memory.

The PC architecture (and I use the term loosely...) simply doesn't have proper memory protected I/O "channels" like mainframe I/O. (I dunno about PCI Express, since it's a cut-down channel architecture, maybe it, maybe in conjunction with an AMD-syle x86_64 IOMMU, could properly memprotect all thos noncpu processors modern PeeCees tend to have).

Re:Not everything, just video

[Alioth]

Games is not the main barrier to adoption. The home desktop is low price, low margin cut-throat business. Why would VMware, XenSource etc. want to go after a market which will be difficult to support, and not provide them with the money they need to keep going? The corporate market (particularly servers) is far larger and far more important for them - so don't expect video drivers to ever be a priority.

Re:Not everything, just video

[Mad+Merlin]

Games may be an inhibitor for Linux adoption in the home market, but Xen/QEmu/KVM/VMWare aren't aimed at the home market at all. When you consider the fact that what you want is most definitely not a simple task, you may understand why nobody has done it yet.

Re:Not everything, just video

a crashing X session won't bring your whole machine down

Hahahahaha.

Re:Not everything, just video

[ckaminski]

If it's an inhibitor, explain Quake and UT? No, it's dependence on Direct3D, instead of using OpenGL.

Re:Not everything, just video

[julesh]

If the full interface documentation for recent Nvidia and ATI video cards was released, and GPL-compatible drivers existed, this would probably already be in the works.

If the emulators allowed direct hardware access, interface documentation wouldn't be required. You'd fire up Windows, granting it access to all resources associated with the card's PCI ID, and it would use its own driver. Of course, you'd have to give it exclusive access to the display for the duration of its session, but I don't see that being a huge issue.

Re:Not everything, just video

[julesh]

The corporate market (particularly servers) is far larger and far more important for them - so don't expect video drivers to ever be a priority.

If you read Xen's marketing material, the corporate desktop is pretty important to them too. And what with Vista providing a "degraded experience" for machines without Direct3D support, I'd expect them to be working on it right now, hopefully in time to get support working before most of their potential clients have Vista rolled out.

Re:Not everything, just video

[Viol8]

"a crashing X session won't bring your whole machine down."

If it locks up the video sub system it can make the machine unusable except via a net or dumb terminal connection , which could mean the machine needs a reboot. Not good in a business enviroment.

Re:Not everything, just video

[X0563511]

Don't forget dependance on the rest of the Direct* family. (DirectPlay, DirectInput, DirectRape, etc)

Re:Not everything, just video

I don't think you can give a virtualised OS "direct hardware access". How on earth would the host OS cope if it had to deal with an unknown hardware state whenever you switched back to the host?

Theres also the fact that in order to get "direct hardware access" you need to run in ring 0, which means you have absolutely no protection from the guest pissing over everything.

Surely to get 100% native performance you'd have to be able to restrict what the guest does in ring 0 and trust it completely?

Re:Not everything, just video

[julesh]

I don't think you can give a virtualised OS "direct hardware access". How on earth would the host OS cope if it had to deal with an unknown hardware state whenever you switched back to the host?

If you have a driver for the device, just tell the driver to perform a device reset. Should work for most devices.

If you don't have a driver, why do you care?

Theres also the fact that in order to get "direct hardware access" you need to run in ring 0, which means you have absolutely no protection from the guest pissing over everything.

Not true. Hardware access is performed through I/O instructions (for which access can be granted to processes in any ring), via memory mapped blocks (which can be granted to any process via MMU manipulation), and via IRQs (which are trivially easy to deflect into a VM).

Surely to get 100% native performance you'd have to be able to restrict what the guest does in ring 0 and trust it completely?

Who's talking about 100% native performance? I'd be happy with 80%, and I'm sure that's achievable. You *can* give access to the real hardware to an OS that's running in a VM; Xen's exokernel design proved this (Xen runs as the host OS, but uses one of its guest OSs to provide hardware access for the other guests, so that it doesn't have to have to have drivers for everything itself).

Besides, restricting what ring 0 code is able to do is what the new instruction set (that this project depends upon) is designed to do.

Re:Not everything, just video

[jrockway]

> You'd fire up Windows, granting it access to all resources associated with the card's PCI ID, and it would use its own driver.

Let me let you in on a little secret. The people that work on stuff like this have no interest in running Windows in order for 3D to work. In fact, they probably aren't gamers either.

Re:Not everything, just video

[cyber-vandal]

It's not the drivers that are the problem but DirectX.

Re:Not everything, just video

[Antique+Geekmeister]

X is also amazingly bloated and overblown, or at least the tremendous variety of toolkits superglued on top of it are. It's quite painful to make something effective, thorough, and fast enough to support modern games on top of it with any of the X toolkits. And they do tend to conflict with each other in subtle ways: X needs a real cleanup, which Xorg seems to be trying to do in the quiet background behind their feature additions, but it's painful.

Re:Not everything, just video

[Schraegstrichpunkt]

Theres also the fact that in order to get "direct hardware access" you need to run in ring 0, which means you have absolutely no protection from the guest pissing over everything.

Not true. Hardware access is performed through I/O instructions (for which access can be granted to processes in any ring), via memory mapped blocks (which can be granted to any process via MMU manipulation), and via IRQs (which are trivially easy to deflect into a VM).

Again, as I stated in another post:

DMA + lack of IOMMU = full access to system memory

The CPU's MMU isn't enough.

Re:Not everything, just video

[JensenDied]

I've noticed that running a Linux vm inside windows that the display was a bit sluggish. my short fix was actually just using vnc to connect to the vm since that seemed to work great.

In the end i had not set up the driver to the vmware driver and fixing that allowed it to run fine in the full screen console and across dual monitors just fine.

Re:Not everything, just video

[Bert64]

And you'd need to reset and reinitialize the display when you left windows and returned to the native OS... Videocards aren't designed to be virtualized, and nor are their drivers.

Re:Not everything, just video

[julesh]

Again, as I stated in another post:

DMA + lack of IOMMU = full access to system memory

The CPU's MMU isn't enough.

True, but you can intercept requests to set up a DMA and change the addresses used at a software level. An IOMMU is substantially better, because it will work even if you have no idea how the hardware protocol works (e.g. it uses an encrypted data stream to transfer commands). But in most cases, you can simply bus snoop an in-operation device to find addresses and reverse engineer enough information to find out what's going on. Yes, it's hard. But it can be done.

Re:Not everything, just video

[julesh]

Let me let you in on a little secret. The people that work on stuff like this have no interest in running Windows in order for 3D to work. In fact, they probably aren't gamers either.

I'll let you into a secret -- neither am I. I'm simply concerned that virtualisation be able to run Vista effectively, for which 3D accel will be necessary.

Re:Not everything, just video

[Schraegstrichpunkt]

I imagine you don't gain much performance-wise if you're doing that, and you probably lose stability-wise. For the amount it would cost to implement something like that, and considering your approach doesn't really provide any guarantees unless every aspect of all connected hardware is known (including ordinarily-undocumented manufacturer testing modes, etc), it'll probably never be done this way, since it's probably just cheaper to build hardware with an IOMMU.

Re:Not everything, just video

[sowth]

X is bloated, but it isn't any slower than MS windows. Every 3D program run in both Linux and MSwin have mostly the same quality and framerate, though sometimes Linux is slightly faster. Yes, the GNOME and KDE systems do slow things down because they take so much processor time, but if you are running a 3D game fullscreen, they aren't doing too much. They seem to take about 5% CPU time. Too much, but alone should not be too noticable. YMMV

Though I have seen 3d programs messed up and running very slow--like ubuntu's glxgears. It was really slow and didn't spit out any benchmarks. I went to my Slackware partion and ran that version (cd /media/hda5/usr/X11/bin; ./glxgears) and it was the proper speed and gave good statistics. I don't know what the Ubuntu people did to it.

Also, it can be a pain in the ass to get the correct X config going for 3D. I think some cards are sensitive to what is loaded and in what order. Especially bits per pixel--many older cards only work in 16bpp, and many defaults are set to 24.

Re:Not everything, just video

[julesh]

I imagine you don't gain much performance-wise if you're doing that, and you probably lose stability-wise.

True, but the purpose wasn't really to gain performance but to add support for hardware for which no virtualized version exists. So the gain is a new feature.

For those brain-dead like me:

[erroneus]

http://www.haifux.org/lectures/152/kvm-external.pd f

This breaks down in fairyly simple terms where KVM fits in. Basically, the approach is pretty close to the VMware approach but presently requires the newer, more advanced processors to operate. So where VMware can run on more hardware such as my Pentium M processor based laptop, KVM will not likely work as far as I can tell. (Please tell me I'm wrong if I am.)

I'm disappointed that I will not be able to play with this new toy any time soon as I don't think I will be buying new hardware any time soon.

Re:For those brain-dead like me:

[Conley+Index]

I'm disappointed that I will not be able to play with this new toy any time soon as I don't think I will be buying new hardware any time soon. You can always emulate modern hardware...

Re:For those brain-dead like me:

[erroneus]

http://www.intel.com/products/processor_number/pro c_info_table.pdf

This confirms it. I can't play. But it also lists who can play! Are you on the list? Check it out.

Re:For those brain-dead like me:

I have a spare 486,I think it can run a emulated beowulf cluster.Where do i get the program?

Re:For those brain-dead like me:

[zdzichu]

Yes, it needs processor with Intel VT-x (Vanderpool) or AMD SVM (Pacifica). So Pentium 4/D (available since 2005), most of Core Duos, Core 2 or AMD CPUs sold since August this year (Socket F/1207 and AM2) qualify.

Re:For those brain-dead like me:

[gbjbaanb]

No, KVM will work, but it will not be as fast as you'd like. With the new CPU instructions, it will be a lot faster. (the reason is down to the memory management unit, with a VM every time it context switches, it throws away some cached page state. The new CPUs deal with this so you get the better performance).

I read a ng post where the author said his VM desktop was fine, but with the new CPUs you'd get performance very near running natively.

Re:For those brain-dead like me:

[idlake]

Basically, the approach is pretty close to the VMware approach but presently requires the newer, more advanced processors to operate.

That's not a good way of putting it, because it incorrectly suggests that VMware somehow pioneered virtualization and KVM follows it. But what VMware actually pioneered was a workaround for a lack of virtualization instructions on older x86. Modern x86 virtualization follows models that have been around since long before VMware existed.

Re:For those brain-dead like me:

[Woy]

When showing processor information i get a list of strings like mmx, sse, etc for processor capabilities. Is there such a string for this capability?

Re:For those brain-dead like me:

[42forty-two42]

Is there something in /proc/cpuflags we can check to see if our hardware qualifies?

Re:For those brain-dead like me:

[zdzichu]

"vmx". Don't get fooled by "vme" -- that's something other.

Re:For those brain-dead like me:

[kscguru]

"vmx" for Intel, "svm" for AMD

Re:For those brain-dead like me:

[the_olo]

BTW, it seems that AMD Pacifica technology, being probably the most interesting to the enterprise customers (at las cheap hardware virtualisation!), is subjected to a serious marketing screwup inside AMD.

Go to their main page, search for "pacifica", and try to visit the first page you get in the results (AMD's Virtualization Solutions - Optimizing Enterprise Services).

I get a 404 error. It's been like this at least since march 2006. Is their marketing department/webmaster on a nine month vacation or what?

BTW, I've tried notifying them about that through an online form. I've only received an automated response of course and never heard from anybody alive at AMD.

If anybody at AMD is reading this, please ask your marketing guys how did they manage to screw things up this way for so long?

VMotion/HA?

[Stile+65]

The company I work for now is virtualizing on RedHat boxes running VMWare, and one of the neat features that it has is called VMotion, which lets you nearly instantly move a virtual machine from one box to another without interrupting its execution (except a slight delay). The high availability (HA) feature, which they also have but we have not yet configured, allows this to happen automatically if a host box goes down. There are rules about which VMs may not run on the same machines, etc. (for redundancy purposes, you don't want all your web servers running on the same host, for example).

Is this at all possible with KVM? If not, are they planning it? Is it possible to approximate it with something like OpenMosix, since (IIRC) OpenMosix can move processes around dynamically when nodes fail or get bogged down, and a VM is just a process (assuming a central SAN that all the host boxes connect to)?

Re:VMotion/HA?

Is this at all possible with KVM? If not, are they planning it? Is it possible to approximate it with something like OpenMosix, since (IIRC) OpenMosix can move processes around dynamically when nodes fail or get bogged down, and a VM is just a process (assuming a central SAN that all the host boxes connect to)?

How about the moon on a stick? Would you like the moon on a stick?

Re:VMotion/HA?

[Stile+65]

Not unless it really IS made of cheese.

Re:VMotion/HA?

[hey!]

How about the moon on a stick? Would you like the moon on a stick?

I'm an American, you insensitive clod. That means on a stick, wrapped in a pork rind, breaded, then deep fried. Mmmm.

Re:VMotion/HA?

How well can Xen do this?

Re:VMotion/HA?

[smodak]

Well, the company behind KVM (I realy hope they choose some other name for the finished product) reportedly has Moshe Bar on their payroll. IIRC he is the guy involved in OpenMosix, so I'd think that this facility, if not already available, would be available very soon.

Re:VMotion/HA?

[Stile+65]

That's incredibly awesome. Thanks for the info!

Re:VMotion/HA?

[Stile+65]

I saw no such features on the XenSource site, but it may be more difficult, because the VMs aren't userspace processes in Xen. I don't know how VMWare does it, but I know it does it well. :)

Moshe Bar founded both XenSource (the people behind Xen) and Qumranet (the company behind KVM), so hopefully he'll be able to develop something like this if he hasn't already.

Re:VMotion/HA?

[WindBourne]

Yes, but now without transfat.

Re:VMotion/HA?

I've never understood American breakfasts.

Re:VMotion/HA?

VirtualIron has been shipping live migration support for guest domains for several months now. There is both a free version, and the source code is available.

Re:qemu

VMware is closed-source proprietary product. Please use qemu/kqemu and help kill VMWare instead.

kqemu is also a closed-source proprietary product.

Re:qemu

LOL, QEMU? That's total crap compared to VMware. QEMU is slow even with the proprietary closed-source "speeder upper" part and hardly runs anything. QEMU kill VMware? LOL

Re:qemu

Fabrice Bellard, (author of ffmpeg) has stated his intention to open up kqemu if sponsored.
VMWare and Xen already have some million in the bank. kqemu has nil. Read the wikipedia article....

Re:qemu

[Shawn+is+an+Asshole]

Why does it matter if you're running a proprietary OS in a proprietary VM? If you're concerned about only using free software, why bother with the proprietary OS? If you're wanting to virtualize Free operating systems, use Xen. It rocks.

A W E S O M E ! ! !

According to http://kvm.sourceforge.net/faq.html is will support VMWare images and it does run win32.

Now turn that kernel into a BIOS http://linuxbios.org/Welcome_to_LinuxBIOS and you will be able to use the same images for all your machines.

SVM for .net / Java

[0xABADC0DA]

Probably a joke but shouldn't be. The kernel developers could make it possible to accelerate the JVM/CLR by giving faster access to the actual hardware pages. What I mean is, the JVM has a 'scratch' area where recently created objects are allocated and then after garbage collecting this area the leftover objects are moved out. They do this because the vast majority of objects last only a tiny amount of time. So to be able to do a GC *only* of this scratch area the JVM actually replaces reference assignment with code that ads to a big list of all objects that took references to objects in this scratch area. Even though this is obviously slow it means the JVM doesn't have to garbage collect the entire contents of memory to make sure nothing has a ref to a new object.

If the JVM could get access to the hardware's dirty page bit that says if a page has been modified since last checked then the JVM could do direct reference assignment and then when garbage collecting only search the modified pages for references into the 'scratch' area. I expect this would be many times faster than the pointer write barrier used now.

Maybe a system call could take a mmap region and return a bitmask of page dirty flags? I think in any case there are plenty of things the kernel developers could do to make software virtual machines better if they tried. I think they just don't care to since that world is alien to them.

Re:SVM for .net / Java

[julesh]

If the JVM could get access to the hardware's dirty page bit that says if a page has been modified since last checked then the JVM could do direct reference assignment and then when garbage collecting only search the modified pages for references into the 'scratch' area. I expect this would be many times faster than the pointer write barrier used now.

I don't know how Sun's GC works, but I've worked on implementations using Boehm's collector, which is able to access the dirty bits on some OSs (e.g. under Windows using the GetWriteWatch API -- I believe the Linux version also uses dirty bits).

Re:SVM for .net / Java

Similar tricks were played with object oriented databases, although to perform pointer swizzling. If I recall correctly, it turned out that it was as fast or faster to instrument code (have the software keep track of which pages it writes) than it was to play tricks with the MMU and dirty page bits. That was a while ago; and hardware has changed, so it may be worth looking at it again.

Also, note that they use page faults to lazily modify pages as they are accessed; your approach simply reads the dirty bits after the fact and sounds more efficient. Here's a link to a relevant performance study:

http://www.cs.wisc.edu/~dewitt/includes/oodbms/qui ckstore.pdf

(It's > 40 pages, and I read it years ago, my description is based on what I remember...)

Re:SVM for .net / Java

Yes!

Going a bit further, what you'd need for a VM would be:
- the ability to clear the dirty flag as you see fit, because many GC schemes use some kind of write barrier or flag to denote "virtual pages" as they're being modified. It is of course stupid to implement that in software when the processor can do it for you *much* faster;
- the ability to tell the virtual memory *what* to swap in/out. First because GCs tend to cause page loads, but also know when they don't need the page anymore, and would perform much better if they could interact the virtual memory manager. Second because dynamically compiled ones provide lots of hints about what they're going to need soon, and a VM could use that.

There is no power on earth...

[ostiguy]

that will making a Belkin KVM work properly.

Ever hear of 5 9s reliability? Belkin KVMs are a single 9 solution, and sometime I doubt they even hit that.

Re:There is no power on earth...

[flyingfsck]

Actually, you can - just don't ever, ever, move the mouse while switching.

Re:There is no power on earth...

[cyber-vandal]

0.09 usually

Re:qemu

I want to play Baldurs Gate. On linux. And a friend can lend me his -pirated- windows 2000 CD.
And No, I don't want the VMWare spyware to tell this to Microsoft.

Graphics Acceleration

How well (if at all) does this support Graphics Acceleration? Can I play DirectX games in Windows on Linux? How about OS X (on Macintosh hardware, of course). This could be very interesting for desktop computing as we know it if these things work properly...

No paravirtualization? How stupid.

[keeboo]

Oh, great. It does require hardware extensions for virtualization. -- For some reason I don't feel like upgrading the whole server park here just to migrate from Xen to this thing.

And what if I desire paravirtualization (because it's faster and cleaner) even with such VT-enabled processors available to me?

IMO, unless this technology envolves into something Xen-alike, it was bad decision to include it into the kernel tree.

Re:No paravirtualization? How stupid.

[42forty-two42]

Nothing's stopping you from still using Xen. That said, I think perhaps a better direction is to just integrate this technology into Xen where it belongs (you'll still not be able to run windows as a guest on old machines, but it'd help remove duplicated work).

Re:No paravirtualization? How stupid.

IMO, unless this technology envolves into something Xen-alike, it was bad decision to include it into the kernel tree.

If you're so smart, feel free to fork the kernel. If you're right, people will see the wisdom of your ways, and you'll be the most powerful OS vendor in the world. OTOH, perhaps you're not as good a judge of "bad decision"s as the kernel devs are, and you should just STFU.

KVM?

[MMC+Monster]

Does this mean I can use 2 mice independently on my system? Cool!

Re:qemu

[brunes69]

Take off your tinfoil hat and let your head breathe.

You think VMWare tells anything to Microsoft? Why would they? They are about as far from being "in bed" with them as you can imagine. For one, Microsoft is their #1 competitor (with Virtual Server).

You can rest assured that VMWare tells **as little as possible** to Microsoft about everything.

All this is not to mention the fact that what you are implying would be highly unethical and if VMWare actually did that, they would have been found out long ago and publicly flogged. VMWare does not "phone home" to anyone, including VMWare Inc. itself.

Maybe we need longer acronyms ;)

[msobkow]

Even in C/C++, 24 character id's using a 5-character library prefix made it a lot easier to keep track of all the modules. 3-character acronyms have as much capacity as IPv4.

What is the big deal?

[jlbprof]

I understand we are talking about virtual machines that is multiple OS's running on the same machine simultaneously.

My question is: what does that offer me? Other then possibly running a linux and XP on my home machine what could that possibly offer anyone?

Thanx

Julian

Re:What is the big deal?

[arodland]

Well first off... what's wrong with that?

Second... you haven't shopped for hosting anytime in the past year, have you?

Re:What is the big deal?

[shish]

It's more use on servers -- where as typically you have several vastly overpowered servers* each doing one thing (so if the kernel crashes, or gets rooted, or a bit of hardware goes dead, only one service is affected); with VMs you can put all those installations onto one physical bit of hardware and make much better use of it. If one of the servers suddenly needs more CPU power, or the hardware needs changing for other reasons, you can migrate the installations to a different bit of hardware, thus having 100% uptime even when the hardware is being changed (migration is done in such a way that it's seamless to the human eye -- 30ms or so actual downtime, and things like network connections stay up).

* The last place I worked at used dual core, dual cpu, 2GHz boxes with 4GB of RAM as standard -- I never saw any of the boxes go above 10% CPU use :-/

Re:What is the big deal?

[An+Onerous+Coward]

Running Windows and Linux at the same time is a pretty big deal, if you need access to Windows-only apps. It's good for web developers, who need to check out their results in IE, and it may make some Windows to Linux migration attempts easier (since the migration might otherwise be held up by a desperate need for a single legacy app).

What else does it offer you, the consumer? Well, you can try things that no sane mortal should attempt with their computer. Install crapware and find out what it actually does to your system, and just delete the VM when you're done. Or let your kid loose on your computer knowing that there isn't much he can do to hose it.

Since you ask "what could it possibly offer anyone", I'd also point out that VMs are getting popular on computer farms (web hosting, etc), where clients are allowed to rent a virtual machine with guaranteed access to a certain amount of memory, a certain amount of clock cycles, etc. In clusters, there is also technology for halting a virtual machine on one box, migrating it to another, then starting it running there. That makes it much easier to take down a given box for maintenance.

One other thing you can do is network simulations. You could have a dozen VMs running on a single host, all forming a virtual network of whatever topology you desired. This can be useful for trying out new network protocols and distributed applications.

I'm sure there are lots of other examples that I'm not aware of.

Re:What is the big deal?

[adrianmonk]

My question is: what does that offer me? Other then possibly running a linux and XP on my home machine what could that possibly offer anyone?

Imagine this scenario: you work in a certain group at work, doing, say, Java development. But you know C++ too, and there is a project that some other group needs your help on for 2 months. You'd have to install a whole crapload of development tools and stuff to do the C++ development, and you really don't want to mess up your machine because you already have a whole crapload of developer tools for Java on there, and some of them might even be conflicting versions.

Now, here's where virtualization becomes handy: if the group doing the C++ development is on the ball, they can just give you an image to run under a virtualizer. Your machine's current configuration is untouched, and yet you have the full power of the machine to do your development work. After the 2 month project is over, you check in all your code. You start working on Java again, and a few months later, you delete the virtual machine image that you were using to develop the C++ code.

Yes, to an extent, you can do this with a really good package manager, but that assumes that all the software you need is available in that package format and it also assumes that you are using the same operating system. What if the C++ group is using Slackware and the Java group is using debian? With virtualization, you can just run both.

There *are* open source vmware options

See http://www.vmware.com/download/open_source.html

It is already possible.

[Ayanami+Rei]

Using QEMU with the closed-source kernel driver mode, or when using Xen in paravirt. w/32-bit Windows, you can make a PCI or PCI-express card available exclusively to a guest, making it appear in their PCI configuration space. Of course, the VGA for the system will still be emulated by the VM. It would be a good idea to do the initial install without the device available, and the make it available on a subsequent boot of the Windows image so it discovers it and prompts for drivers.
IIRC, this does not work for AGP cards. So PCI add-in cards or PCI-e are the only options.

Attach a seperate monitor to this card, and the guest will be able to install drivers for it and generally use it as if it were running dedicated.
Don't attempt to initialize or otherwise use that card from your host/privledged guest, because I can't imagine what the consequences of that would be.

I haven't tried this myself, but we're going to soon when we get some VT-capable hardware. Everything I've read about these capabilities suggests this is possible, and I can't wait to try it. I think the reason you don't hear much about it is because most people still have a single video card, or they are using PCI forwarding for cards that attach to SANs or network cards and stuff for speed.

Aren't KVM switches obsolete legacy tech

I'd have thought that most computers that don't have a monitor attached are servers anyway - so why the heck are users
even wasting memory running any sort of graphical user interface on them at all. Seems very wasteful. When I do need to run a graphical app on one of these, I'd just "export DISPLAY=othercomputer:0" and run just the one GUI application itself on a different computers windowing systems.

Even when you would need a whole windowing system (can't think of a good reason why - but perhaps for people who can't remember where they put their programs and like the icons) - it seems to me that VNC, Remote Desktop, etc are a far better solution than a KVM switch.

If it's to administer servers remotely, KVM switches suck too. Since video subsystems die far more than serial ports, you're much better off administering the system through a serial port.

What am I missing, is there any good use for these devices?

Re:Aren't KVM switches obsolete legacy tech

[thzinc]

Answer: Windows.

There are some things you just can't do in terminal services that you must do on the console. Also, each of those remote solutions require two things: bandwidth and a listening port. While bandwidth on a LAN might not be a big deal, a listening port for that remote application can be a big vulnerability if it's not locked down properly.

Don't knock the KVM switch. It's still pretty applicable to today's technology.

Re:Aren't KVM switches obsolete legacy tech

[el_gordo101]

Answer #2: The Mac Mini. Ships with no keyboard, mouse, or monitor. Hook up a KVM (or KDM [Keyboard, Display, Mouse], as Apple calls them, just to add to the TLA confusion) to your existing hardware and off you go.

Re:Aren't KVM switches obsolete legacy tech

[advocate_one]

I don't do "Windows"... I have two boxes under my desk, both on, one running Ubuntu 6.06, the other running Ubuntu "Whatever the next version in 2007 will be"... I don't like pissing around with VNC... it works, but is crap when you've got 1280x1024 desktops with 3D running...

Re:Aren't KVM switches obsolete legacy tech

[turbidostato]

"Answer: Windows."

Answer#2: BIOS.

Re:Aren't KVM switches obsolete legacy tech

[theparag0n]

It should be Ubuntu 7.04, Feisty Fawn, assuming they meet their deadlines.

Read their FAQ

[Shadowlore]

It says in their FAQ:
"kvm today supports non-live migration, where there is a pause while memory content is transferred. Pauseless live migration is work in progress."

It's already done, folks...

[5of0]

To save wikipedia from the inevitable rush of /.ers, someone has already added it to the disambig page (congrats, Dillee1 and Rvalles).
There isn't actually an article, though...

Re:It's already done, folks...

[complete+loony]

Yeah I spotted that too, however I only realised after I submitted that I'd missed the "d" on the end of updated.

RootKit Security Hole?

It seems like only a few months ago I was reading on slashdot that virtualization allows the installation of rootkits without the operating system being able to detect it.

Anyone have more info on this please?

Re:Not frist psot! Or, Stifr Tsop

[davidsyes]

Does this mean we won't need Win4Lin? (no more damned W4L-imposed kernel dependency or fearing that netraverse 2.6.8.1 won't run nice on a 2.6.21, or 2.7.x, or 2.8.x someday...).

I don't see (yet) that this will threaten VMware, but if the KVM could fake hardware enough that I could not need Wine, Cedega/Codeweavers, or Win4Lin, then I could run that legacy Win98 disk of my and run my Lotus Apps in there...

(rubbing hands expectantly...)

another reason

[Ungrounded+Lightning]

Why would VMware, XenSource etc. want to go after a market which will be difficult to support, and not provide them with the money they need to keep going?

Because as long as they don't support video hardware there will be extra pressure for both other vendors and open source authors to attempt it.

If an open source project does it and gets it right, when the closed source vendors haven't got it, the open soucre project is likely to be adopted, not just by home users, but by commercial users who want to efficiently virtualize the video (along with others who just want another solution). Then the closed-source vendors' market starts to erode.

Unlike the desktop market (where MS' plethora of integrated applications makes displacing them difficult), virtualization tools have a narrow and well-defined scope. That makes a small and well-defined target for authors of competing products/projects.

Re:Not frist psot! Or, Stifr Tsop

[Aladrin]

I believe this will function like VMWare, and not like Wine/Cedega. This isn't an emulation layer on top of an OS, it's a method of running multiple OS's at the same time.

Less like running Windows apps in Linux and more like alt-tabbing through entire OS's.

Unless I'm way way off base, which has happened now and again.

smacktards

You smacktard....games are a HUGE reason people don't adopt Linux. Think about this a moment, will you?

If Linux could play Windows games, that's one less excuse NOT to switch to Linux. Right now, there are lots of reasons not to switch. Most are due to compatibility but if you could play games on Linux -- that's one less compatibility issue. Duh.

Re:qemu

[Shawn+is+an+Asshole]

Then you want Wine or Cedega. VMs don't do accelerated video.

Oh, Microsoft is going to have a field day....

[r_jensen11]

Just imagine it:

Get The Facts campaign 2007:

Windows Vista, on average, crashes once every other day.

Linux running Windows Vista, on average, crashes once every day.
Therefore, Windows is more stable than Linux.

Mod Parent Up!! -- Re:RootKit Security Hole?

> It seems like only a few months ago I was reading on slashdot that virtualization allows the installation of rootkits without the operating system being able to detect it.

> Anyone have more info on this please?

Mod Parent Up!!

fedora?

[hany]

What does this news mean to Fedora?

Fedora, statring few months/years ago and finaly delivered in Fedora Core 6, build its virtualization infrastructure on Xen.

While their solutions seems good, it did not convince me because my simple test to run FC6 i386 guest under FC6 x86_64 host using this Xen solution failed (hopefully not because of me but because of lack of support for such scenario). I hope this KVM is better in that regard (i386 under x86_64)?

Re:fedora?

[Flailmonkey]

Earlier mentioned, supposedly Xen currently does not like/support running 32-bit clients under 64-bit hosts. This would probably explain why your own attempt to do so failed. The KVM website reports, "kvm supports 32-bit guests on 64-bit hosts, and any combination of PAE and non-PAE guests and hosts. The only unsupported combination is a 64-bit guest on a 32-bit host."

From the documentation, it seems this would support what you were asking about!

My first thought was:

[einhverfr]

A kernel-level KVM? Why? Doesn't CTRL-ALT-F[1-12] do that?

Re: KVM - 32-bit on 64-bit

[hany]

Well thank you.

You certainly sped-up my experiments with KVM. :)

Thank you again.