SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It is message I found running installer. So installer kernel is paravirtualized - does it mean it was build to work in virtual environment and kernel warns that it is not good idea to run such kernel on bare hardware?
The Slackware kernel is not built/optimized for virtualized environments. You will probably have to build the correct modules for the correct bare metal hypervisor (Xen or ESXi).
My point is why to use paravirtualized - whatever that means - kernel as kernel used during installation. Final installed kernel comes from package. Does paravirtualized is the same as vanilla? What is purpose of this? Why not to use just common vanilla kernel? I emphasize: it is all about installer kernel. Just there is something I don't understand.*And no one warned us that kernel has something peculiar inside.
To me, it looks like everything that should be there is there already, but I might be wrong.
Quote:
Originally Posted by hoodlum7
You will probably have to build the correct modules for the correct bare metal hypervisor (Xen or ESXi).
I haven't ever used Xen, but on ESXi I always install the VMware Tools, which includes the services and (I think) kernel modules needed on the Guest OS. One thing I can be sure about, and that is that I've got VMs running the stock generic Slackware kernels that have been running without issues for years. I've never had to recompile a kernel to get anything working in a VM.
Its not a warning at all: its informational in fact, as this means this kernel can run unmodified on both bare metal and on VMs. Contrast with say, booting the same under a hypervisor, it'll tell this instead:
It is more detailed in the liked Wikipedia article above: paravirt-ops was mainlined since 2.6.23, which for Slackware means that since at least Slackware-12.1 (and probably more stable on 13.37 upwards,) it can run unmodified under baremetal, KVM, Xen, and other hypervisors.
You will probably have to build the correct modules for the correct bare metal hypervisor (Xen or ESXi).
Huge and generic kernels run unmodified under both ESXi and Xen.
Under Xen you will not get the benefit of PV unless the PV drivers are loaded. If you don't load PV drivers (because they're absent from the kernel) Xen will switch to pure HVM mode, and present you with a Xen SCSI controller much like any real hardware. You're stuck with this 'hardware' until you reboot. You can either have one or the other. For the newcomer this is a bit strange. I expected a configuration option to determine the functionality presented to the guest but it's all done through the behaviour of the guest on boot.
Under ESXi it seems to work slightly differently. You get to choose in VM config whether you want PV or SCSI-this or SCSI-that (there are a few choices), however VMWare seems to have done a lot more work on optimising the non-PV case, so without PV it seems to perform rather better than HVM Xen.
I think a lot of confusion may persist about PV vs HVM modes because a lot of Slackware-related stuff talks about pure PV booting (which will require a special kernel, more akin to user-mode linux) instead of the latterly introduced HVM booting. For some time PV out-performed HVM, but this is no longer the case see: https://cloudacademy.com/blog/aws-am...irtual-amazon/
BUT, is not a security liability having a virtualized kernel on bare hardware? There is no performance impact?
In the Linux reunions where I have been, I heard discussions about about the possibility to have rogue virtual machines at EFI level, planted for industrial espionage in the boot or ESP partition.
After all, that's WHY they insists on having signed EFI binaries and the motherboards offers the ability to the disable hardware virtualization.
How Slackware looks intending to look to Enterprise, as probably only there matters that PAM and Kerberos, does not introduce those virtualization ready kernels a security flaw?
After all, I believe that those virtualized kernels should be stand-alone, and eventually aware chosen by user, instead of having them by default.
I for one, I do not need virtualization, but a maximum performance, also.
Last edited by LuckyCyborg; 07-07-2020 at 08:44 AM.
BUT, is not a security liability having a virtualized kernel on bare hardware? There is no performance impact?
I believe strictly there will be a performance impact, because the code for the driver will remain in memory, consuming some. I think the kernel has a way of reclaiming the memory occupied by driver init code, not so sure it can reclaim memory from drivers that are loaded but inactive. If you worry about this, then you need to hand-craft every kernel you use. You can have fun going through all the networking options and remove the ones that you don't want active, probably you're not using half of them :-).
In terms of security, of course there is potential increase in attack surface if including something you don't need, but normal kernels are surely going to be susceptible to blue pill concepts as well, if that's what you mean?
A virtualized kernel doesn't simplify the life of a rogue virtual machine put in a computer for whatever rogue reasons?
If the Slackware installation disk had Linux guest support off (CONFIG_HYPERVISOR_GUEST=n), the perpetrator could always build another kernel on their own first, and use it to do the evil act of running Slackware in a virtual machine?
I believe strictly there will be a performance impact, because the code for the driver will remain in memory, consuming some.
I tested it in Slackware64-14.2, kernel 5.7.7, on a Pentium 4. Removing CONFIG_HYPERVISOR_GUEST gave 2064 kilobytes more available memory, but a benchmark of building a defconfig kernel became 0.05 % SLOWER (which is just noise, of course).
I thought CONFIG_HYPERVISOR_GUEST just enabled other options. Do you know what that actually does?
Yes, so if you disable CONFIG_HYPERVISOR_GUEST from a -current64 .config, it switches off a lot:
Code:
--- config-5.7.7-default 2020-07-01 14:29:54.000000000 +0300
+++ config-5.7.7-noguestsupport 2020-07-07 18:49:40.089783029 +0300
@@ -103,7 +103,6 @@
CONFIG_TICK_CPU_ACCOUNTING=y
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
# CONFIG_IRQ_TIME_ACCOUNTING is not set
-CONFIG_HAVE_SCHED_AVG_IRQ=y
# CONFIG_SCHED_THERMAL_PRESSURE is not set
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
@@ -324,20 +323,7 @@
# CONFIG_IOSF_MBI_DEBUG is not set
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
CONFIG_SCHED_OMIT_FRAME_POINTER=y
-CONFIG_HYPERVISOR_GUEST=y
-CONFIG_PARAVIRT=y
-# CONFIG_PARAVIRT_DEBUG is not set
-# CONFIG_PARAVIRT_SPINLOCKS is not set
-CONFIG_X86_HV_CALLBACK_VECTOR=y
-# CONFIG_XEN is not set
-CONFIG_KVM_GUEST=y
-CONFIG_ARCH_CPUIDLE_HALTPOLL=y
-# CONFIG_PVH is not set
-# CONFIG_KVM_DEBUG_FS is not set
-CONFIG_PARAVIRT_TIME_ACCOUNTING=y
-CONFIG_PARAVIRT_CLOCK=y
-# CONFIG_JAILHOUSE_GUEST is not set
-CONFIG_ACRN_GUEST=y
+# CONFIG_HYPERVISOR_GUEST is not set
# CONFIG_MK8 is not set
# CONFIG_MPSC is not set
# CONFIG_MCORE2 is not set
@@ -615,8 +601,6 @@
CONFIG_CPU_IDLE_GOV_LADDER=y
CONFIG_CPU_IDLE_GOV_MENU=y
# CONFIG_CPU_IDLE_GOV_TEO is not set
-# CONFIG_CPU_IDLE_GOV_HALTPOLL is not set
-CONFIG_HALTPOLL_CPUIDLE=y
# end of CPU Idle
CONFIG_INTEL_IDLE=y
@@ -763,8 +747,6 @@
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
CONFIG_HAVE_ARCH_JUMP_LABEL=y
CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y
-CONFIG_MMU_GATHER_TABLE_FREE=y
-CONFIG_MMU_GATHER_RCU_TABLE_FREE=y
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y
CONFIG_HAVE_CMPXCHG_LOCAL=y
@@ -1715,7 +1697,6 @@
CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS=m
CONFIG_VIRTIO_VSOCKETS_COMMON=m
-CONFIG_HYPERV_VSOCKETS=m
CONFIG_NETLINK_DIAG=m
CONFIG_MPLS=y
CONFIG_NET_MPLS_GSO=m
@@ -2026,7 +2007,6 @@
CONFIG_PCI_PASID=y
CONFIG_PCI_P2PDMA=y
CONFIG_PCI_LABEL=y
-CONFIG_PCI_HYPERV=m
CONFIG_HOTPLUG_PCI=y
CONFIG_HOTPLUG_PCI_ACPI=y
CONFIG_HOTPLUG_PCI_ACPI_IBM=m
@@ -2037,7 +2017,6 @@
# PCI controller drivers
#
CONFIG_VMD=m
-CONFIG_PCI_HYPERV_INTERFACE=m
#
# DesignWare PCI Core Support
@@ -2412,7 +2391,6 @@
CONFIG_SENSORS_APDS990X=m
CONFIG_HMC6352=m
CONFIG_DS1682=m
-CONFIG_VMWARE_BALLOON=m
# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_SRAM is not set
# CONFIG_PCI_ENDPOINT_TEST is not set
@@ -2577,7 +2555,6 @@
CONFIG_SCSI_MYRB=m
CONFIG_SCSI_MYRS=m
CONFIG_VMWARE_PVSCSI=m
-CONFIG_HYPERV_STORAGE=m
CONFIG_LIBFC=m
CONFIG_LIBFCOE=m
CONFIG_FCOE=m
@@ -3670,7 +3647,6 @@
# CONFIG_IEEE802154_HWSIM is not set
CONFIG_VMXNET3=m
CONFIG_FUJITSU_ES=m
-CONFIG_HYPERV_NET=m
# CONFIG_NETDEVSIM is not set
CONFIG_NET_FAILOVER=m
CONFIG_ISDN=y
@@ -3767,7 +3743,6 @@
CONFIG_MOUSE_PS2_SENTELIC=y
CONFIG_MOUSE_PS2_TOUCHKIT=y
CONFIG_MOUSE_PS2_FOCALTECH=y
-CONFIG_MOUSE_PS2_VMMOUSE=y
CONFIG_MOUSE_PS2_SMBUS=y
CONFIG_MOUSE_SERIAL=m
CONFIG_MOUSE_APPLETOUCH=m
@@ -3987,7 +3962,6 @@
CONFIG_SERIO_ALTERA_PS2=m
CONFIG_SERIO_PS2MULT=m
CONFIG_SERIO_ARC_PS2=m
-CONFIG_HYPERV_KEYBOARD=m
# CONFIG_SERIO_GPIO_PS2 is not set
CONFIG_USERIO=m
CONFIG_GAMEPORT=m
@@ -4330,10 +4304,8 @@
CONFIG_PTP_1588_CLOCK=y
CONFIG_DP83640_PHY=m
# CONFIG_PTP_1588_CLOCK_INES is not set
-CONFIG_PTP_1588_CLOCK_KVM=m
# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set
# CONFIG_PTP_1588_CLOCK_IDTCM is not set
-# CONFIG_PTP_1588_CLOCK_VMW is not set
# end of PTP clock support
CONFIG_PINCTRL=y
@@ -6038,7 +6010,6 @@
CONFIG_FB_MB862XX=m
CONFIG_FB_MB862XX_PCI_GDC=y
CONFIG_FB_MB862XX_I2C=y
-CONFIG_FB_HYPERV=m
# CONFIG_FB_SIMPLE is not set
CONFIG_FB_SM712=m
# end of Frame buffer Devices
@@ -6732,7 +6703,6 @@
CONFIG_HID_RMI=m
CONFIG_HID_GREENASIA=m
CONFIG_GREENASIA_FF=y
-CONFIG_HID_HYPERV_MOUSE=m
CONFIG_HID_SMARTJOYPLUS=m
CONFIG_SMARTJOYPLUS_FF=y
CONFIG_HID_TIVO=m
@@ -7418,7 +7388,6 @@
CONFIG_UIO_NETX=m
CONFIG_UIO_PRUSS=m
CONFIG_UIO_MF624=m
-CONFIG_UIO_HV_GENERIC=m
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO_VIRQFD=m
CONFIG_VFIO=m
@@ -7456,10 +7425,6 @@
#
# Microsoft Hyper-V guest support
#
-CONFIG_HYPERV=m
-CONFIG_HYPERV_TIMER=y
-CONFIG_HYPERV_UTILS=m
-CONFIG_HYPERV_BALLOON=m
# end of Microsoft Hyper-V guest support
# CONFIG_GREYBUS is not set
@@ -7769,7 +7734,6 @@
CONFIG_INTEL_IOMMU_FLOPPY_WA=y
# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set
CONFIG_IRQ_REMAP=y
-CONFIG_HYPERV_IOMMU=y
#
# Remoteproc drivers
@@ -9575,6 +9539,5 @@
# CONFIG_TEST_STACKINIT is not set
# CONFIG_TEST_MEMINIT is not set
CONFIG_MEMTEST=y
-# CONFIG_HYPERV_TESTING is not set
# end of Kernel Testing and Coverage
# end of Kernel hacking
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
