1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
[% topdir = "../.." -%]
[% PROCESS globals -%]
[% WRAPPER page
title = "How to check if your hardware supports virtualization"
h1 = "How to check if your hardware supports virtualization"
section = "learning"
%]
[% WRAPPER h2 h2="Hardware virtualization technologies" anchor="hvm" %]
<p>
The first machines to support virtualization commercially were IBM
mainframes in the 1970s. It has taken PCs nearly 40 years to catch
up.
</p>
<p>
Until a few years ago the central processors in PCs were not
<a href="http://en.wikipedia.org/wiki/Popek_and_Goldberg_virtualization_requirements">virtualizable</a>
except by using slow emulation or tricks. However both AMD and Intel
have recently produced processors which include extra modes and
instructions that allow full, hardware-accelerated virtualization.
</p>
<p>
AMD and Intel's virtualization techniques are different and
incompatible, but all hypervisors hide the differences from you.
</p>
<p>
There are also several <q>generations</q> of virtualization
technologies available. Initial implementations from both AMD and
Intel were quite slow, and great improvements have been made over
time. These differences are not very visible to the end user, but we
cover some of the virtualization flags that you might see below. The
upshot is that more modern processors are not only faster, but the
virtualization will be more efficient too.
</p>
[% END %]
[% WRAPPER h2 h2="Model numbers" anchor="model-numbers" %]
<p>
A good start is to look up the model number of your CPU on
the manufacturer's site. The accurate model name and number should
be in <code>/proc/cpuinfo</code> after boot, and you
can look these up on the following pages:
</p>
<ul>
<li> <a href="http://ark.intel.com/">Intel ARK</a> </li>
<li> <a href="http://products.amd.com/">AMD Product Central</a> </li>
</ul>
<p>
For example, my
laptop's <a href="http://ark.intel.com/Product.aspx?id=43560">Intel i7
620M page is here</a>.
</p>
<p>
The Intel site is the most useful, and will tell you directly if the
processor supports virtualization (Intel VT-x) and/or secure
passthrough of PCI devices to guests (Intel VT-d). The AMD site is
less than useful in this respect. I have noticed some inaccuracies on
the Intel site.
</p>
[% END %]
[% WRAPPER h2 h2="<code>/proc/cpuinfo</code> flags" anchor="cpu-flags" %]
<p>
<code>/proc/cpuinfo</code> will tell you if the processor
supports virtualization <i>and</i> if it is enabled (but
it could not show up in flags because it is disabled —
more on this below).
</p>
<p>
The flags to look out for are:
</p>
<ul>
<li> <code>vmx</code> — Intel VT-x, basic virtualization </li>
<li> <code>svm</code> — AMD SVM, basic virtualization </li>
<li> <code>ept</code> — Extended Page Tables, an
Intel feature to make emulation of guest page tables faster. </li>
<li> <code>vpid</code> — VPID, an Intel feature to
make expensive TLB flushes unnecessary when context switching
between guests. </li>
<li> <code>npt</code> — AMD Nested Page Tables, similar
to EPT. </li>
<li> <code>tpr_shadow</code> and <code>flexpriority</code> —
Intel feature that reduces calls into the hypervisor when accessing
the Task Priority Register, which helps when running
certain types of SMP guests. </li>
<li> <code>vnmi</code> — Intel Virtual NMI feature which
helps with certain sorts of interrupt events in guests. </li>
</ul>
[% END %]
[% WRAPPER h2 h2="Kernel messages (dmesg) and the BIOS" anchor="dmesg" %]
<p>
The next thing to look at are the kernel messages by running
the command:
</p>
<pre>
dmesg | less
</pre>
<p>
The two messages to look out for are:
</p>
<pre>
kvm: no hardware support
</pre>
<p>
and
</p>
<pre>
kvm: disabled by bios
</pre>
<p>
<strong>Note:</strong> You will only see these messages if the
KVM kernel module has tried to load. That is, if you tried
to start a guest already, or if you tried to load the KVM
module by hand (see <a href="#kvm-module">the next section</a>).
</p>
<p>
The <q>no hardware support</q> message is self-explanatory.
The <q>disabled by bios</q> message requires some explanation. When
virtualization first came to PCs there was a worry that malware (on
Windows of course) might use the virtualization feature in order to
sit under the operating system like a hypervisor, and become
especially hard to remove. Therefore virtualization can be completely
disabled at boot time, requiring a reboot and manual BIOS
configuration to enable it, which of course malware would not be able
to do. This plan is good in theory, but it discounts one factor: the
inability of motherboard manufacturers to create BIOSes that aren't
full of bugs. You may find that even though your processor supports
virtualization, it is not featured in the BIOS (hence impossible to
enable), or the BIOS may contain bugs that prevent you from enabling
it. There's not much you can do in these situations except to try
updating the BIOS or replacing the motherboard.
</p>
[% END %]
[% WRAPPER h2 h2="Loading the KVM module" anchor="kvm-module" %]
<p>
You can try to load the KVM module by hand.
</p>
<p>
As explained above, there are two different brands of virtualization
(from Intel and AMD) which are incompatible. Therefore KVM has
separate device drivers for each.
</p>
<p>
To load KVM on an Intel processor:
</p>
<pre>
modprobe kvm_intel
</pre>
<p>
To load KVM on an AMD processor:
</p>
<pre>
modprobe kvm_amd
</pre>
<p>
Check <code>dmesg</code> output after this to see if there
were any problems. Check <code>lsmod</code> to see if the
modules were loaded.
</p>
[% END %]
[% END -%]
|
