Re: [Qemu-discuss] How to enable kvm at runtime?

[Ren Kimura]

2016-02-12 2:07 GMT+09:00 Peter Maydell <address@hidden>:

On 11 February 2016 at 05:11, Ren Kimura <address@hidden> wrote:
> I have a question about activation of kvm.
>
> Is there any way to enable/disable kvm at qemu runtime?

Yes, the command line is -enable-kvm. (We default to not using KVM.)

> It should be useful for sandbox tools like DECAF or TEMU,
> because some malware use VT-x information to detect these.

Beware that you should not regard emulated QEMU as being
capable of containing malware within its sandbox -- the
emulator code has not been audited and we don't consider
it a security boundary[*]. (In contrast, there is a security
boundary for KVM and a guest should be unable to escape a
KVM VM.)

[*] In other words, if a TCG (emulated) guest can do bad
things to the host that's a bug, but it's not a security
bug. And it is very likely that at least some such bugs
exist in the emulation code.

thanks
-- PMM

Thank you for reply.

I'm sorry that I confused you with my badly worded _expression_.

I want to know whether I could enable kvm *after* launch qemu without -enable-kvm option.

Some rootkit can detect hardware assisted virtualization and stop their action any more.
When that happen, analyst need reboot qemu without -enable-kvm option to disable kvm and start analysis again.

Some sandbox implement dynamic switching command.

For example DECAF implement a 'toggle-kvm' command in qemu console.

But it doesn't work correctly.

So is there any way to switch kvm and tcg dynamically(i.e. runtime) in qemu?

Thank you.