There are already several questions about how to enable virtualization on Macs (e.g. How to enable support of CPU virtualization on Macbook Pro?). It is often reported that sysctl -a | grep 'machdep.cpu.feature.*VMX' should match, but with a caveat: matching means that virtualization is supported by the cpu, not that it is enabled.
Is there a way to check that virtualization is enabled? I'm ready to compile and run a small program if that's what it takes to be able to answer, but I'd rather not.
There are 3 things which basically tells you if Intel VMX is supported and enabled on a machine or not. This is not OS specific but specific to Intel boards.
CPUID.1 will tell you in ecx.BIT[5] == 1 if CPU supports vmx.
IA32_FEATURE_CONTROL MSR BIT.2 == 1 will tell you if VMX is enabled in normal mode. If BIT.2 is 0 and BIT.0 is 1 in this MSR, this means VMX is disabled and locked in BIOS. You would need to reboot and enable that in BIOS.
Control Register CR4.BIT.13[VMXE] == 1 will tell you that VMX is enabled now on the machine. CPU will GPF if CR4.VMXE bit is cleared and you try to execute a VMXON instruction to enter VMX root mode.
You can write a small program to do this and check what you are missing.
Related
Downloaded Xamarin Android Player and with >>next>> progress installed Virtual Box.
When I tried to start an emulator I got
Failed to initialized device (name Of the emulator)
VboxManager Commendt Failed
and the detail of the error in Oracle Vm Virtualbox is
VT-x is disabled in the BIOS for both all CPU modes (VERR_VMX_MSR_ALL_VMX_DISABLED)
How can I fix this?
I have found the solution of my problem, put some images to help others, thanks
go here
It is a RAM related issue. The documentation is self explanatory:
You are trying to allocate >3GB of RAM to the VM. This requires: (a) a
64 bit host system; and (b) true hardware pass-through ie VT-x.
Fast solution
Allocate less than 3GB for the virtual machine.
Complete solution
Make sure your system is 64 bit.
Enable virtualisation in your host machine. You can find how to do it here or there are many other resources available on Google.
Turning PAE/NX on/off didn't work for me. I just needed to turn on virtualization on my computer. I was working on a HP Compaq 8200 and followed the steps below to turn on virtualization. If you are working on a different computer, you probably just need to look up how to turn on virtualization on your pc. The steps below for HP Compaq 8200 (or similar) is copied verbatim from the comment posted by the user qqdmax5 on Hp discussion board here.
To run Oracle VM Virtual Box / VMware machines on 64-bit host there is a need to enable Virtualization Technology (VTx) and Virtualization Technology Directed I/O (VTd).
Usually these setting are disabled on the level of BIOS.
To enable VTx and VTd you have to change corresponding settings in the BIOS.
Here is an example how to do it for HP Compaq 8200 or similar PC:
Start the machine.
Press F10 to enter BIOS.
Security-> System Security
Enable Virtualization Technology (VTx) and Virtualization Technology Directed I/O (VTd).
Save and restart the machine.
There is also some discussion on this on askubuntu.
In Virtual Box "Settings" > System Settings > Processor > Enable the PAE/NX option. It resolved my issue.
I had this issue when tried to run a 32-bit OS with more than 3584 MB of RAM allocated for it. Setting the guest OS RAM to 3584 MB and less helped.
But i ended just enabling the flag in BIOS nevertheless.
Follow the steps below in Oracle VM VirtualBox Manager:
Select the Virtual device and choose Settings
Navigate to System and click the Processor tab
Tick the check-box, Enable PAE/NX
Click OK and you are done
To verify, start the Virtual device from Oracle VM VirtualBox. If all has gone well, the device boots up.
Close this device and open it from Genymotion.
For latest Windows 10 (HP & Intel motherboard/processor),
Follow the below steps, starting with :
Settings ->
Update & Security ->
Recovery ->
Advanced startUp -> Restart now
F10 (System Recovery) -> System Configuration tab -> Virtualization Technology
Enable
F10 to save and exit
For Ubuntu on HP (Intel processors),
Press F10 on booting the system, it will enter into system setup mode.
You will find tabs on top like Main, Security, Advanced.
Go into Advanced >> and click on System settings.
Mark the check boxes on Enable Virtualization Technology (VTx) and Virtualization Technology Directed I/O (VTd).
Back to Main, click on save changes and exit.
enable PAE/NX in virtualbox network config
My BIOS VT-X was on, but I had to turn PAE/NX off to get the VM to run.
You need to enable virtualization using BIOS setup.
step 1. Restart your PC and when your PC booting up then press your BIOS setup key (F1 or F2 or google it your BIOS setup key).
step 2. Go to the security menu.
step 3. Select virtualization and enable it.
Note:- BIOS setup depends on PC Manufacturer-brand.
If you're on 32-bit machine don't allow more than 3584 MB of RAM and it will run.
I had to turn PAE/NX off and then back to on...voila !!
Make sure Virtualization is enabled in your bios.
Simply check how many CPUs you are allocating. With one CPU you do not need to play with your bios.
Open your BIOS and enable virtualization.
Starting from Windows 10 1809, OS generates lots of software SMIs.
We are running our real time application on separate processor core and each SMI generates unpredictable delay. Before 1809 it was always possible to disable SMIs in BIOS.
Call stack in Windows looks like:
hal!HalEfiGetEnvironmentVariable+0x56
hal!HalGetEnvironmentVariableEx+0xb572
nt!IopGetEnvironmentVariableHal+0x2a
nt!IoGetEnvironmentVariableEx+0x85
nt!ExpGetFirmwareEnvironmentVariable+0x91
nt!ExGetFirmwareEnvironmentVariable+0x110ce3
nt!NtQuerySystemEnvironmentValueEx+0x6e
SMI is generated by OUT instruction into port 0xb2. It is required to read UEFI variables from NVRAM. When BIOS is in legacy mode, there is no SMIs.
Is it possible to configure Windows, so it will not access UEFI variables using SMIs?
The short answer is NO, it is not possible to configure Windows to not generate SW SMIs on UEFI Variable accesses, because those SMIs are not generated by Windows. The SMIs are generated inside the firmware.
All UEFI-aware OSes read/write UEFI variables via GetVariable() and SetVariable() services, which are part of Runtime Services exposed by a UEFI firmware to the OS via System Table - see UEFI Spec, section 8. The current implementation of Variable Services in most firmware is to process the actual Get/Set variable requests inside SMM, for security reasons.
So it is the device's firmware that's responsible for generating SW SMIs, not the OS. However, the OS and some system services/applications absolutely need to work with UEFI variables as it is how a UEFI-aware OS is supposed to run on a UEFI firmware.
On processors that supports AMD-V (e.g. AMD Processors, Hygon Processors), the answer is yes, but in kernel mode. There are two instructions called stgi and clgi, where stgi sets the GIF and clgi clears the GIF. The GIF is used to control the interrupt behaviors so that one may enter absolute atomic operations. As defined in AMD-V, Internal SMIs (e.g. I/O Trapping) are discarded and External SMIs (e.g. from external hardware, or IPIs by APIC) are held pending when GIF is cleared. Make sure you enabled the SVME bit in EFER MSR as you are to execute these instructions.
If you would like to make it happen in a more generic way, which does not rely on AMD-V, you may try to get your code into SMI handler, in that SMIs which occurs later will be latched while processor is in SMM.
Reference:
Chapter 10.3.3 "Exceptions and Interrupts", Volume 2 "System Programming", AMD64 Architecture Programmer's Manual.
Chapter 15.17 "Global Interrupt Flag, STGI and CLGI Instructions", Volume 2 "System Programming", AMD64 Architecture Programmer's Manual.
https://www.amd.com/system/files/TechDocs/24593.pdf
Background
I've been bouncing around this for a while and still haven't come up with an adequate solution, hoping someone out there can point me in the right direction.
Essentially I need to identify whether I can run 64bit VM on a target machine (working in GO but happy to consider binding c code or some assembly (though I feel a bit out of depth there)
In order to run a 64 bit VM the system need Hardware Virtualisation support available and enabled in the bios (im only concerned with intel/amd at this time)
Journey so far
From windows 8 onwards, Windows ships with Hyper-V, and there is a nice function you can call IsProcessorFeaturePresent from the kernel32.dll with an arg of 'PF_VIRT_FIRMWARE_ENABLED' which will tell you if hardware virtualisation is enabled in firmware:
IsProcessorFeaturePresent
now I dont really like the way this behaves (it says not available if hyper-v is installed) but i can cope with it by checking if hyper-v is enabled through other means so this pretty much does the job from win8 upwards.
Problem is this function always return false on win 7 for some reason - even on a system on which I know hardware virtualization is enabled.
Coming from another angle I have used this lib to determine what instruction sets are available: intel processor feature lib - this allows me to know what type of virtualization instructions are available on the processor (if any)
But I'm still missing the final piece of knowing if its enabled in the bios on win 7. I figure in principle it should be easy from here - I should be able to call something which utilizes the virtualization extensions and see if it responds as expected. But unfortunately I have no idea how to do this.
Does anyone have any suggestions as to how I might do this?
Note: Im happy to consider 3rd party libs but this would be used in commercial software so licensing would have to allow for that (e.g nothing from Microsoft)
I am afraid you won't be able to achieve what you want unless you are ready to provide a kernel driver, because checking if BIOS has enabled virtualization requires kernel privileges.
Intel Software Developer Manual describes a model-specific register (MSR) with number 3Ah called IA32_FEATURE_CONTROL. Its bits 1 and 2 control whether VMX instructions are allowed in SMX and non-SMX modes. Also there is bit zero which, when written with 1, locks the whole register's value, thus making impossible to enable/disabled features until the next processor reset. This means that, if BIOS code has disabled VMX and locked it, an OS that boots later will be unable to change that fact, only to see it.
To read this or any other MSR one should use machine instruction RDMSR, and this instruction is only available when CPL is zero, that is, within an OS context. It will throw an exception if attempted to be used from application code.
Unless you find a program interface method that wraps RDMSR around and provides it to applications, you are out of luck. Typically that implies loading and running a dedicated kernel driver. I am aware about one for Linux, but cannot say if there is anything for Windows.
As an extra note, if your code is already running inside a virtual machine, like it is for some Windows installations which enable a Hyper-V environment for regular desktop, then you won't even be able to see an actual host MSR value. It will be up to the VMM to provide you with an emulated value, as well as it will show you whatever CPUID value it wants you to see, not the one from the host.
According to the white paper that VMWare has published, binary translation techinology is only used in kernel (ring 0 codes), ring 3 code is "directly executed" on cpu hardware.
As I observed, no matter how many processes are run in the guest OS, there is always only 1 process in the host OS. So I assume all the guest ring 3 code are run in the single host process context. (for VMWare, it's vmware-vmx.exe).
So my question here is, how do you execute so many ring 3 code natively in a single process? Considering most of the windows exe file don't contain relocation information, it cannot be executed somewhere else, and binary translation is not used in ring3 code.
Thanks.
Let's talk about VMX, which is Intel VT-x's design.
Intel VT-x introduces two new modes to solve this problem: VMX root mode and VMX non-root mode, which are for host and guest respectively. Both modes have ring 0~3, which means the host and guest will not share the same ring level.
A hypervisor running in ring 3 of VMX root mode, when it decides to transfer the CPU control to a guest, the hypervisor lanuch VMLAUNCH instruction, which allows transfer to VMX non-root mode from VMX root mode. Then guest ring 3 code now is able to automatically executing in VMX non-root mode. All of this is supported by Intel VT-x. No binary translation or instruction emulation is needed for running guest.
Of course ring 3 of VMX non-root mode has less privilege and power. For example, when a guest ring 3 code encounters somthing it cannot handle, such as a physical device access request, CPU will automatically detect this kind of restriction and transfer back to hypervisor in VMX root-mode. After hypervisor finish this task, then it will trigger VMLAUNCH again to for running guest.
I'm new to kvm, can someone explain it's process when guest handle a external interrupt or the emulated device interrupt?
Thanks
Amos
In x86 architecture, Intel in this case, most interrupts will cause CPU VM exit, which means the control of CPU will return to host from guests.
So the processes are
CPU is used by guest OS in VMX non-root mode.
CPU is aware of an interrupt coming.
CPU's control returns to host running in VMX root mode. (VM exit)
The host (KVM) handles the interrupt.
Host executed VMLAUNCH instruction to let CPU transfer to VMX non-root mode again for running
guest code.
Repeat 1.
If you are new to kvm, you should first read a few papers about how kvm module works (I assume you know basic idea of virtualization).How it uses qemu to do i/o emulation etc.
I recommend you read these papers:
kvm: the Linux Virtual Machine Monitor: https://www.kernel.org/doc/mirror/ols2007v1.pdf#page=225
Kernel-based Virtual Machine Technology : http://www.fujitsu.com/downloads/MAG/vol47-3/paper18.pdf KVM: Kernel-based Virtualization Driver: http://www.linuxinsight.com/files/kvm_whitepaper.pdf
These are papers written by guys who started kvm.( they are short and sweet :) )
After this you should start looking at the documentation of the kvm in the source code especially the file api.txt its very good.
Then I think you can jump into the source code to understand how things actually work.
Cheers