| 1 |
RB schrieb: |
| 2 |
> On Tue, Dec 16, 2008 at 14:19, Romain BERGE <romain.berge@×××××.com> wrote: |
| 3 |
>> Hey all, |
| 4 |
>> |
| 5 |
>> I am wondering of using and AMD CPU with the AMD-V. |
| 6 |
>> I wonder of using KVM to virtualise a few Hardened server. |
| 7 |
>> |
| 8 |
>> Someone used already KVM+ Hardened ? |
| 9 |
> |
| 10 |
> Anyone else get KVM running on a hardened host? I'm seeing some |
| 11 |
> issues right now: |
| 12 |
> - The kvm-82 modules use symbols only in 2.6.28, making it |
| 13 |
> incompatible with the current hardened-sources: |
| 14 |
> [ 1584.882179] kvm: Unknown symbol intel_iommu_domain_alloc |
| 15 |
> [ 1584.882259] kvm: Unknown symbol intel_iommu_detach_dev |
| 16 |
> [ 1584.882340] kvm: Unknown symbol intel_iommu_page_mapping |
| 17 |
> [ 1584.882768] kvm: Unknown symbol intel_iommu_context_mapping |
| 18 |
> [ 1584.882862] kvm: Unknown symbol intel_iommu_iova_to_pfn |
| 19 |
> [ 1584.883441] kvm: Unknown symbol intel_iommu_domain_exit |
| 20 |
> - KVM segfaults upon execution against the 2.6.27-hardened-r3; I |
| 21 |
> haven't debugged it yet, but it may well be tied to the symbol issues |
| 22 |
> - kqemu starts to compile with gcc-4.3.2-r2 but fails with a |
| 23 |
> relocation error I'm seeing from several other packages under the new |
| 24 |
> hardened gcc-4.3.2-r2: |
| 25 |
> relocation R_X86_64_32 against `a local symbol' can not be used when |
| 26 |
> making a shared object; recompile with -fPIC |
| 27 |
> (I've already patched a few packages for these) |
| 28 |
> - Even after disabling kqemu and switching to gcc-3.x, compiling |
| 29 |
> qemu-softmmu results in the same error as above. |
| 30 |
> |
| 31 |
> Rather disappointing, I was hoping to get a hardened profile host |
| 32 |
> backing my VMs. Guess it's back to a standard profile for a bit. |
| 33 |
> |
| 34 |
> |
| 35 |
> RB |
| 36 |
> |
| 37 |
> |
| 38 |
|
| 39 |
I have KVM + hardened toolchain + hardened-sources running without problems for a longer time now. |
| 40 |
Probably the main differences: |
| 41 |
-I am using the experimental hardened toolchain overlay from Zorry and xake. |
| 42 |
-I am using the in-kernel kvm-modules instead of those provided by kvm (compiled in, not as module). |
| 43 |
|
| 44 |
-- |
| 45 |
Thomas Sachau |
| 46 |
|
| 47 |
Gentoo Linux Developer |
Archives