Re: [Qemu-devel] QEMU-KVM and hardened (GRSEC/PaX) kernel

[Антон Кочков]

Yes. first thing working ok.
And second fails.

I'm using Intel iCore 7 (see attached dmesg output and kernel config -
host dmesg and host config)

Also, as this is probably kernel-kvm module bug, i'm open
https://bugzilla.kernel.org/show_bug.cgi?id=33762

Best regards,
Anton Kochkov.




On Wed, Apr 20, 2011 at 18:29, Avi Kivity <address@hidden> wrote:
> On 04/17/2011 01:45 AM, Антон Кочков wrote:
>>
>> Good day!
>> I'm trying to make working qemu-kvm with hardened gentoo on hardened
>> kernel.
>> When i'm using CONFIG_PAX_KERNPAGEXEC and CONFIG_PAX_MEM_UNDEREF qemu just
>> start
>> and go to infinite loop and take 100% of one of my CPU core. adn it
>> even can't be killed.
>> Also it is dont give answer for qemu monitor/remote gdb.
>> When I'm changed these two values as disabled, qemu-kvm now start, and
>> stop (i mean qemu monitor show that virtual machine is running, but no
>> any activity/output). Also it's load about 0%.
>> See details in bug http://bugs.gentoo.org/show_bug.cgi?id=363713
>>
>> Hope this info help improve qemu-kvm.
>>
>
> As Blue says, the problem is likely in kvm, not qemu.
>
> Please try:
> - hardened guest on soft host (I expect this to work)
> - soft guest on hardened host (I expect this to fail).
>
> Are you using an Intel or AMD host?
>
> Note virtualization hardware will play with segmentation and defeat all
> those games the hardened kernel plays.
>
> --
> error compiling committee.c: too many arguments to function
>
>

kernel-virt.log
Description: Binary data

kernel.config
Description: Binary data