(from Tutorials and videos)
The first machines to support virtualization commercially were IBM mainframes in the 1970s. It has taken PCs nearly 40 years to catch up.
Until a few years ago the central processors in PCs were not virtualizable except by using slow emulation or tricks. However both AMD and Intel have recently produced processors which include extra modes and instructions that allow full, hardware-accelerated virtualization.
AMD and Intel's virtualization techniques are different and incompatible, but all hypervisors hide the differences from you.
There are also several
generations of virtualization
technologies available. Initial implementations from both AMD and
Intel were quite slow, and great improvements have been made over
time. These differences are not very visible to the end user, but we
cover some of the virtualization flags that you might see below. The
upshot is that more modern processors are not only faster, but the
virtualization will be more efficient too.
A good start is to look up the model number of your CPU on
the manufacturer's site. The accurate model name and number should
/proc/cpuinfo after boot, and you
can look these up on the following pages:
For example, my laptop's Intel i7 620M page is here.
The Intel site is the most useful, and will tell you directly if the processor supports virtualization (Intel VT-x) and/or secure passthrough of PCI devices to guests (Intel VT-d). The AMD site is less than useful in this respect. I have noticed some inaccuracies on the Intel site.
/proc/cpuinfo will tell you if the processor
supports virtualization and if it is enabled (but
it could not show up in flags because it is disabled —
more on this below).
The flags to look out for are:
vmx— Intel VT-x, basic virtualization
svm— AMD SVM, basic virtualization
ept— Extended Page Tables, an Intel feature to make emulation of guest page tables faster.
vpid— VPID, an Intel feature to make expensive TLB flushes unnecessary when context switching between guests.
npt— AMD Nested Page Tables, similar to EPT.
flexpriority— Intel feature that reduces calls into the hypervisor when accessing the Task Priority Register, which helps when running certain types of SMP guests.
vnmi— Intel Virtual NMI feature which helps with certain sorts of interrupt events in guests.
The next thing to look at are the kernel messages by running the command:
dmesg | less
The two messages to look out for are:
kvm: no hardware support
kvm: disabled by bios
Note: You will only see these messages if the KVM kernel module has tried to load. That is, if you tried to start a guest already, or if you tried to load the KVM module by hand (see the next section).
no hardware support message is self-explanatory.
disabled by bios message requires some explanation. When
virtualization first came to PCs there was a worry that malware (on
Windows of course) might use the virtualization feature in order to
sit under the operating system like a hypervisor, and become
especially hard to remove. Therefore virtualization can be completely
disabled at boot time, requiring a reboot and manual BIOS
configuration to enable it, which of course malware would not be able
to do. This plan is good in theory, but it discounts one factor: the
inability of motherboard manufacturers to create BIOSes that aren't
full of bugs. You may find that even though your processor supports
virtualization, it is not featured in the BIOS (hence impossible to
enable), or the BIOS may contain bugs that prevent you from enabling
it. There's not much you can do in these situations except to try
updating the BIOS or replacing the motherboard.
You can try to load the KVM module by hand.
As explained above, there are two different brands of virtualization (from Intel and AMD) which are incompatible. Therefore KVM has separate device drivers for each.
To load KVM on an Intel processor:
To load KVM on an AMD processor:
dmesg output after this to see if there
were any problems. Check
lsmod to see if the
modules were loaded.