PAE/NX, software virtualization, and Linux guest hangs in VirtualBox

Discussion in 'all things UNIX' started by Gullible Jones, Oct 31, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    If you're like me and tend to put the cart before the horse, you may have tried running Linux VMs with PAE and VT-x, and found them to work great everywhere.

    Likewise, you may have tried running Windows VMs with PAE and software virtualization only, and found them to work without a hitch.

    So... That should work on Linux, right?

    Wrong. There is a reason that VirtualBox PAE support is considered experimental. If your Linux guests have been running slow, crashing, or mysteriously hanging on boot, PAE might be why. If you want to use hardware NX support on a 32-bit VM, you need hardware virtualization.

    Just FYI...
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Gullible,

    So, by "hardware virtualization" you mean a processor with VT-x, VT-d, VT-i, etc. in addition to PAE eh? IOW, you need to buy the processor (horse) according to all of its specific hardware virtualization support before trying out using the (cart) aka VirtualBox PAE.

    -- Tom
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @lotuseclat79 I've actually had some success virtualizing Win2k/XP on older laptops, without hardware virt. But... yeah, that's pretty much it. Hardware PAE/NX cannot be effectively made available to guest OSes without hardware VT-x etc. even though it can be enabled in the GUI for such guests. That ought to teach me to read manuals.

    Speaking of which, I've been reading the VBox end-user and SDK manuals; and the remarks therein on VBox software virtualization are interesting...

    I had figured that it was a full platform emulator optimized for x86 only, with the guest extensions providing something similar to VirtIO. But it is actually a good deal more complicated than that. I wonder about the dangers that might be posed by corner cases.

    e.g. Could there be situations where the VBox driver might fail to recognize a dangerous instruction, and it would pass into ring 0 unmodified? That might allow arbitrary guest tampering with the host OS.

    I'm thinking it might not be a good idea to trust Virtualbox VM security, even without guest extensions, in the absence of hardware virtualization capability.

    (And in cases where that capability is available, it might be a good idea to constrain Virtualbox with AppArmor or such; or at least run it in its own user account. It does not sound like the userspace code is restricted all that much, with or without hardware virtualization.)
     
Loading...