[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-discuss] How to enable kvm at runtime?

From: Ren Kimura
Subject: Re: [Qemu-discuss] How to enable kvm at runtime?
Date: Fri, 12 Feb 2016 03:57:07 +0900

2016-02-12 2:07 GMT+09:00 Peter Maydell <address@hidden>:
On 11 February 2016 at 05:11, Ren Kimura <address@hidden> wrote:
> I have a question about activation of kvm.
> Is there any way to enable/disable kvm at qemu runtime?

Yes, the command line is -enable-kvm. (We default to not using KVM.)

> It should be useful for sandbox tools like DECAF or TEMU,
> because some malware use VT-x information to detect these.

Beware that you should not regard emulated QEMU as being
capable of containing malware within its sandbox -- the
emulator code has not been audited and we don't consider
it a security boundary[*]. (In contrast, there is a security
boundary for KVM and a guest should be unable to escape a

[*] In other words, if a TCG (emulated) guest can do bad
things to the host that's a bug, but it's not a security
bug. And it is very likely that at least some such bugs
exist in the emulation code.

-- PMM

Thank you for reply.

I'm sorry that I confused you with my badly worded _expression_.

I want to know whether I could enable kvm *after* launch qemu without -enable-kvm option.

Some rootkit can detect hardware assisted virtualization and stop their action any more.
When that happen, analyst need reboot qemu without -enable-kvm option to disable kvm and start analysis again.

Some sandbox implement dynamic switching command.
For example DECAF implement a 'toggle-kvm' command in qemu console.
But it doesn't work correctly.

So is there any way to switch kvm and tcg dynamically(i.e. runtime) in qemu?

Thank you.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]