From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-hardened+bounces-2347-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LLXUi-0004Ma-N9
	for garchives@archives.gentoo.org; Sat, 10 Jan 2009 06:38:52 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0D510E01E9;
	Sat, 10 Jan 2009 06:38:50 +0000 (UTC)
Received: from rv-out-0708.google.com (rv-out-0708.google.com [209.85.198.245])
	by pigeon.gentoo.org (Postfix) with ESMTP id C95C0E01E9
	for <gentoo-hardened@lists.gentoo.org>; Sat, 10 Jan 2009 06:38:49 +0000 (UTC)
Received: by rv-out-0708.google.com with SMTP id b17so10542240rvf.46
        for <gentoo-hardened@lists.gentoo.org>; Fri, 09 Jan 2009 22:38:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=t5U3QVZvFWT1V5AQNioXb9b6JZr6vlHoQUV/v818RZo=;
        b=JMI+gHuUHUjNeZjmwEXNK0VmelXLpc8RF9spge88NEtO/hSL0QRuPugKFvOWIApDaE
         RYAYdthxZgI6QUeWp8X+OCRbyCW5AxHpYwVLbIt5B0JbMm6vgWpEso6/tXbSGtAzzL2N
         DiUnCs1C5Lj/+fPIN3U+39B8mXl/RQECa15xU=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=JxOIfoRwLsKHDr0sUaWmKgPXYV9yKsHaEI2QHXQzJb4qaYJE/anCvzayCwwlh1DLzY
         UW3CGF1lZUDxGEWS6LwCJ3AhHnqwsxzvzM73mKXU5MCxvCeRjMZA1lD7VsLPmtOWeTHT
         jdkTairHcMvoHfKRafwNmUN9ITOSGpv3fRgkY=
Received: by 10.141.176.13 with SMTP id d13mr13159206rvp.231.1231569529320;
        Fri, 09 Jan 2009 22:38:49 -0800 (PST)
Received: by 10.140.44.11 with HTTP; Fri, 9 Jan 2009 22:38:49 -0800 (PST)
Message-ID: <4255c2570901092238r586741ebv2fbfdae3026b7662@mail.gmail.com>
Date: Fri, 9 Jan 2009 23:38:49 -0700
From: RB <aoz.syn@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] KVM & Gentoo Hardened
In-Reply-To: <49481B57.4010801@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <49481B57.4010801@gmail.com>
X-Archives-Salt: 6bb07444-9383-4359-841f-95d87051fdda
X-Archives-Hash: 6446d14cf842a4a09c4e4b03dfb8d25d

On Tue, Dec 16, 2008 at 14:19, Romain BERGE <romain.berge@gmail.com> wrote:
> Hey all,
>
> I am wondering of using and AMD CPU with the AMD-V.
> I wonder of using KVM to virtualise a few Hardened server.
>
> Someone used already KVM+ Hardened ?

Anyone else get KVM running on a hardened host?  I'm seeing some
issues right now:
 - The kvm-82 modules use symbols only in 2.6.28, making it
incompatible with the current hardened-sources:
[ 1584.882179] kvm: Unknown symbol intel_iommu_domain_alloc
[ 1584.882259] kvm: Unknown symbol intel_iommu_detach_dev
[ 1584.882340] kvm: Unknown symbol intel_iommu_page_mapping
[ 1584.882768] kvm: Unknown symbol intel_iommu_context_mapping
[ 1584.882862] kvm: Unknown symbol intel_iommu_iova_to_pfn
[ 1584.883441] kvm: Unknown symbol intel_iommu_domain_exit
 - KVM segfaults upon execution against the 2.6.27-hardened-r3; I
haven't debugged it yet, but it may well be tied to the symbol issues
 - kqemu starts to compile with gcc-4.3.2-r2 but fails with a
relocation error I'm seeing from several other packages under the new
hardened gcc-4.3.2-r2:
relocation R_X86_64_32 against `a local symbol' can not be used when
making a shared object; recompile with -fPIC
(I've already patched a few packages for these)
 - Even after disabling kqemu and switching to gcc-3.x, compiling
qemu-softmmu results in the same error as above.

Rather disappointing, I was hoping to get a hardened profile host
backing my VMs.  Guess it's back to a standard profile for a bit.


RB