The first machines to support virtualization commercially were IBM mainframes in the 1970s. It has taken PCs nearly 40 years to catch up.
Until a few years ago the central processors in PCs were not virtualizable
except by using slow emulation or tricks. However both AMD and Intel have recently produced processors which include extra modes and instructions that allow full, hardware-accelerated virtualization.
AMD and Intel's virtualization techniques are different and incompatible, but all hypervisors hide the differences from you.
There are also several generations of virtualization technologies available. Initial implementations from both AMD and Intel were quite slow, and great improvements have been made over time. These differences are not very visible to the end user, but we cover some of the virtualization flags that you might see below. The upshot is that more modern processors are not only faster, but the virtualization will be more efficient too.
A good start is to look up the model number of your CPU on the manufacturer's site. The accurate model name and number should be in /proc/cpuinfo after boot, and you can look these up on the following pages:
For example, my laptop's Intel i7 620M page is here
The Intel site is the most useful, and will tell you directly if the processor supports virtualization (Intel VT-x) and/or secure passthrough of PCI devices to guests (Intel VT-d). The AMD site is less than useful in this respect. I have noticed some inaccuracies on the Intel site.
/proc/cpuinfo will tell you if the processor supports virtualization and
if it is enabled (but it could not show up in flags because it is disabled - more on this below).
The flags to look out for are:
- vmx - Intel VT-x, basic virtualization
- svm - AMD SVM, basic virtualization
- ept - Extended Page Tables, an Intel feature to make emulation of guest page tables faster.
- vpid - VPID, an Intel feature to make expensive TLB flushes unnecessary when context switching between guests.
- npt - AMD Nested Page Tables, similar to EPT.
- tpr_shadow and flexpriority - Intel feature that reduces calls into the hypervisor when accessing the Task Priority Register, which helps when running certain types of SMP guests.
- vnmi - Intel Virtual NMI feature which helps with certain sorts of interrupt events in guests.
The next thing to look at are the kernel messages by running the command:
dmesg ' less
The two messages to look out for are:
kvm: no hardware support
kvm: disabled by bios
You will only see these messages if the KVM kernel module has tried to load. That is, if you tried to start a guest already, or if you tried to load the KVM module by hand (see the next section
The no hardware support message is self-explanatory. The disabled by biosmessage requires some explanation. When virtualization first came to PCs there was a worry that malware (on Windows of course) might use the virtualization feature in order to sit under the operating system like a hypervisor, and become especially hard to remove. Therefore virtualization can be completely disabled at boot time, requiring a reboot and manual BIOS configuration to enable it, which of course malware would not be able to do. This plan is good in theory, but it discounts one factor: the inability of motherboard manufacturers to create BIOSes that aren't full of bugs. You may find that even though your processor supports virtualization, it is not featured in the BIOS (hence impossible to enable), or the BIOS may contain bugs that prevent you from enabling it. There's not much you can do in these situations except to try updating the BIOS or replacing the motherboard.
You can try to load the KVM module by hand.
As explained above, there are two different brands of virtualization (from Intel and AMD) which are incompatible. Therefore KVM has separate device drivers for each.
To load KVM on an Intel processor:
To load KVM on an AMD processor:
Check dmesg output after this to see if there were any problems. Check lsmod to see if the modules were loaded.