heh... my qemu still runs

[Grogan]

I booted to my LFS today to see about getting some virtual machines running. So I copied them from the other box (NFS) and attempted to start my Windows 7 VM. Same everything (e.g. default 2M page size for khugepaged) but it didn't work. I script that so all I see is a terminal popping up and going away, so I started it manually and it was just that the "tun" (TUN/TAP) kernel module doesn't load automatically anymore. It had been some time since I'd used this (even on the old box I've had no need to start a VM for several months) so that's probably a dependency change in the kernel rather than having anything to do with transplanting the system.

Anyway, I compiled that qemu-5.0-rc1 in 2020 and the kernel hasn't broken any of the KVM interfaces that thing uses since. Now THAT's a stable interface (and qemu is just a front end to it, agnostic in some ways). It's been a long time since the last time I said that too and it still ain't broke

Windows 7 booted up fast, but curiously detected something different and prompted for a reboot to use my "new hardware". Probably changes to the way kvm works on my new CPU (different VT-d implementation, with iommu exposed now etc.)

My Arch VM, well, it only had about 400 updates. I'm about to see if it reboots after all that.

[Grogan]

So it looks like I can emulate a TPM 2.0 with KVM. Something like:

Code: Select all

-tpm backend.type=emulator,backend.version=2.0,model=tpm-tis

My guess is I'll need a newer qemu to be able to pass that to kvm.

I was thinking it would be just using the host TPM through the host OS interfaces like an application would (in which case no Windows 11 VM for me because I absolutely refuse to enable it) but it looks like it should be do-able after all, as it can do both passthrough and emulated back ends.

I'm thinking of doing some sort of "Make Windows 11 Nice for Yourself" type article. The article would start at the first configuration screens (whether unboxing a prebuilt or laptop, or installing Windows yourself) where we bypass the Microsoft account creation, then go on to turning stuff off, gutting the stupid spam tiles on the start menu fly-out, applying appearances to your liking, telling Microsoft Edge to bugger off etc. etc.

P.S. Unfun... I have to run a listening daemon type thing to emulate one. The above switches don't look like anything in the docs either, it seems that was for virt-install, a CLI front end that starts Virt manager with the supplied parameters filled in (then you finish creating it through the GUI), not for qemu to pass.

https://www.qemu.org/docs/master/specs/tpm.html

So before qemu starts (I would script this obviously):

Code: Select all

mkdir /tmp/mytpm1
swtpm socket --tpmstate dir=/tmp/mytpm1 \
  --ctrl type=unixio,path=/tmp/mytpm1/swtpm-sock \
  --tpm2 \
  --log level=20

Then something like this (just a sample command showing the required parameters for the TPM... the rest of that I'd have to work out myself. It looks like a lot has changed)

Code: Select all

qemu-system-x86_64 -display sdl -accel kvm \
  -m 1024 -boot d -bios bios-256k.bin -boot menu=on \
  -chardev socket,id=chrtpm,path=/tmp/mytpm1/swtpm-sock \
  -tpmdev emulator,id=tpm0,chardev=chrtpm \
  -device tpm-tis,tpmdev=tpm0 test.img

[Zema Bus]

I got it to work via Proxmox (also uses qemu) to install a Windows 11 VM. There it's just a matter of adding a virtual TPM module in the hardware section of the web GUI. Similar in Virt-Manager.

[Grogan]

Yeah, I prefer to just use the command line qemu client but it's going to need an upgrade anyway (I don't have the helper utilities for it, I know that for sure. Mine predates that shit)

I might just install Arch packages for that and use it here, this way I'll have that virt-manager shit too. I don't really care to run Windows 11 for anything else, the VM will just be for temporary use anyway. I'll just take note of all packages pulled in so I can remove them all when I'm done with it. This way I won't have to disturb my trusty qemu client on my LFS... and have to figure out what switches have changed etc.

[Grogan]

I'm not sure I want to do anything like this to my system

Code: Select all

[nicetry grogan]# pacman -S qemu
:: There are 3 providers available for qemu:
:: Repository extra
   1) qemu-base  2) qemu-desktop  3) qemu-full

Enter a number (default=1): 3
resolving dependencies...
looking for conflicting packages...

Packages (110) bluez-libs-5.75-1  brltty-6.6-6  capstone-5.0.1-2  dtc-1.7.0-4  edk2-aarch64-202311-1  edk2-arm-202311-1  edk2-ovmf-202311-1  fuse2-2.9.9-4  glusterfs-1:11.1-1  iniparser-4.1-5  libaio-0.3.113-3
               libcacard-2.7.0-3  libiscsi-1.20.0-2  liblouis-3.29.0-1  libnfs-5.0.3-1  libslirp-4.7.0-1  libspeechd-0.11.5-1  libtraceevent-1:1.8.2-1  libtracefs-1.8.0-1  liburcu-0.14.0-1  libxdp-1.4.2-1
               multipath-tools-0.9.8-1  ndctl-78-1  numactl-2.0.18-1  qemu-audio-alsa-8.2.2-2  qemu-audio-dbus-8.2.2-2  qemu-audio-jack-8.2.2-2  qemu-audio-oss-8.2.2-2  qemu-audio-pa-8.2.2-2
               qemu-audio-pipewire-8.2.2-2  qemu-audio-sdl-8.2.2-2  qemu-audio-spice-8.2.2-2  qemu-base-8.2.2-2  qemu-block-curl-8.2.2-2  qemu-block-dmg-8.2.2-2  qemu-block-gluster-8.2.2-2
               qemu-block-iscsi-8.2.2-2  qemu-block-nfs-8.2.2-2  qemu-block-ssh-8.2.2-2  qemu-chardev-baum-8.2.2-2  qemu-chardev-spice-8.2.2-2  qemu-common-8.2.2-2  qemu-desktop-8.2.2-2  qemu-docs-8.2.2-2
               qemu-emulators-full-8.2.2-2  qemu-hw-display-qxl-8.2.2-2  qemu-hw-display-virtio-gpu-8.2.2-2  qemu-hw-display-virtio-gpu-gl-8.2.2-2  qemu-hw-display-virtio-gpu-pci-8.2.2-2
               qemu-hw-display-virtio-gpu-pci-gl-8.2.2-2  qemu-hw-display-virtio-vga-8.2.2-2  qemu-hw-display-virtio-vga-gl-8.2.2-2  qemu-hw-s390x-virtio-gpu-ccw-8.2.2-2  qemu-hw-usb-host-8.2.2-2
               qemu-hw-usb-redirect-8.2.2-2  qemu-hw-usb-smartcard-8.2.2-2  qemu-img-8.2.2-2  qemu-pr-helper-8.2.2-2  qemu-system-aarch64-8.2.2-2  qemu-system-alpha-8.2.2-2  qemu-system-alpha-firmware-8.2.2-2
               qemu-system-arm-8.2.2-2  qemu-system-arm-firmware-8.2.2-2  qemu-system-avr-8.2.2-2  qemu-system-cris-8.2.2-2  qemu-system-hppa-8.2.2-2  qemu-system-hppa-firmware-8.2.2-2
               qemu-system-loongarch64-8.2.2-2  qemu-system-m68k-8.2.2-2  qemu-system-microblaze-8.2.2-2  qemu-system-microblaze-firmware-8.2.2-2  qemu-system-mips-8.2.2-2  qemu-system-nios2-8.2.2-2
               qemu-system-or1k-8.2.2-2  qemu-system-ppc-8.2.2-2  qemu-system-ppc-firmware-8.2.2-2  qemu-system-riscv-8.2.2-2  qemu-system-riscv-firmware-8.2.2-2  qemu-system-rx-8.2.2-2
               qemu-system-s390x-8.2.2-2  qemu-system-s390x-firmware-8.2.2-2  qemu-system-sh4-8.2.2-2  qemu-system-sparc-8.2.2-2  qemu-system-sparc-firmware-8.2.2-2  qemu-system-tricore-8.2.2-2
               qemu-system-x86-8.2.2-2  qemu-system-x86-firmware-8.2.2-2  qemu-system-xtensa-8.2.2-2  qemu-tests-8.2.2-2  qemu-tools-8.2.2-2  qemu-ui-curses-8.2.2-2  qemu-ui-dbus-8.2.2-2
               qemu-ui-egl-headless-8.2.2-2  qemu-ui-gtk-8.2.2-2  qemu-ui-opengl-8.2.2-2  qemu-ui-sdl-8.2.2-2  qemu-ui-spice-app-8.2.2-2  qemu-ui-spice-core-8.2.2-2  qemu-user-8.2.2-2
               qemu-vhost-user-gpu-8.2.2-2  sdl2_image-2.8.2-4  seabios-1.16.3-1  spice-0.15.2-1  spice-protocol-0.14.4-1  usbredir-0.13.0-1  vde2-2.3.3-5  virglrenderer-0.10.4-1  virtiofsd-1.10.1-1
               wolfssl-5.7.0-1  qemu-full-8.2.2-2

Total Download Size:   140.15 MiB
Total Installed Size:  926.51 MiB

:: Proceed with installation? [Y/n] n
[nicetry grogan]# pacman -S virt-manager
resolving dependencies...
looking for conflicting packages...

Packages (21) cpio-2.15-1  gtk-vnc-1.3.1-1  libburn-1.5.6-1  libcacard-2.7.0-3  libisoburn-1.5.6-1  libisofs-1.5.6-1  libnbd-1.20.0-1  libosinfo-1.11.0-2  libvirt-1:10.2.0-1  libvirt-glib-5.0.0-1
              libvirt-python-1:10.2.0-1  numactl-2.0.18-1  osinfo-db-20231215-1  parted-3.6-1  phodav-3.0-2  spice-gtk-0.42-3  spice-protocol-0.14.4-1  usbredir-0.13.0-1  virt-install-4.1.0-2  yajl-2.1.0-6
              virt-manager-4.1.0-2

Total Download Size:   14.89 MiB
Total Installed Size:  84.90 MiB

:: Proceed with installation? [Y/n] n

P.S. I see I'd have to enable some things like virgl in my Mesa, too which would likely need a LLVM backend again. I'd actually need virgl if I want direct rendering (can't really do a passthrough method with just one GPU, and I don't want to enable that shit assed Intel thing on my CPU and run two driver stacks etc.) Virgl is a virtual GPU that's 3D capable in the guest. I don't want to use that VNC connection method for the guest window, that's silly.

P.P.S. It looks like virgl doesn't need any LLVM back end either. I didn't build a package yet (or install anything) but I just did a test build. That un-complicates at least one thing here. I just have to add virgl to gallium-drivers. I'm starting to think that's only for guests anyway, there's no mesa connection on the host for it (it's the virtio interface through KVM)

Also, I think the Qemu Desktop (option 2) is really all I need vs. full. I don't need to emulate those other architectures, for example.

Too bad Windows 11 is such a pain in the ass, or I could just continue to use my old Qemu setup.

[Grogan]

Everything Microsoft does, they do with a big bag of dicks in their mouth.

I got that virt-manager shit all set up, and go through the wizardy steps, get to choosing my ISO and... the fucking download isn't done yet, it slowed down and it's still got about half an hour to go. It's only a 6 Gb file and it's wasting my time. It took a bit to get that set up, procrastinating, reading, setting up groups and permissions and smoke break etc. and should have been long done even at the 6 mb/sec it started out at. From one of the biggest, richest companies on the planet. Meanwhile people who host free software mirrors out of the goodness of their hearts provide better service lol

I probably will end up just using the "root" privileged method so I can use full networking (needs at least a helper program SUID to establish the bridging in the guest) but for now I'll try it their way, with the systemd socket and libvirt usergroup etc. I don't really need bridged networking or anything to capture some screenshots.

I don't plan on activating this, I hope I'm not locked out of any significant customization settings. (I hear tell that some aren't available in recent builds, pertaining to Microsoft Edge)

[Grogan]

I finally got a Windows 11 install off the ground, I'm at the first configuration screens after the install, now.

These GUIs can be a real disconnect, with the silly non-obvious things they make you do. Like you have to click a little tiny icon on the lower left to actually "activate" this default NAT network, even though it shows it enabled and started elsewhere (during the creation of the VM). Stupid shit like having to create a new "Storage Pool" just to specify a location other than /var for your disk image (and again, click little + signs etc.)

Good thing I went to "view configuration" before creating the VM and went through categories because it had the CPUs configured wrong. It configured vcpus as sockets (not cores and threads), and Windows 11 only supports 1 for Home and 2 for Pro.

What else... oh yeah, when I first got it to boot after creating the VM, my window positioning was wrong and I didn't press the any key on time while booted with the windows ISO and got dumped to the EFI shell. Henceforce, the virtual machine would only start to the EFI shell. Why? Because it didn't actually have the cdrom enabled as a boot device, it was just an override for the first boot after VM creation lol

When something fails, does it tell you what's wrong? No, it gives you a python error stack and you have to figure out that you don't have things like dnsmasq installed, and the swtpm utility isn't included in any of the virt- or qemu- packages. (I couldn't add a TPM, it was saying version 2.0 was unsupported) and is a "swtpm" package on its own (and it's easy to miss something like that when optional dependencies fly by with pacman, especially when not similarly named). One bloody "swtpm: file not found" type error would immediately stop someone chasing their tail, but no, everything looks good in the GUI front end, but fails at the back end and shows the python error stack where the script failed, not why.

I just used the QXL graphics adapter for now, I'll see about enabling the virtio one after I get the latest guest drivers installed. (apparently there is support for the virgl one, though I don't know how usable it will be or what hoops I'll have to jump through to get it to work etc.)

This is just a trial run to shake down the virt-manager setup.

[Grogan]

Yes, I can use the virtio graphics adapter, but it won't let me enable 3D acceleration. That's the thing that's only for Linux guests, the virgl gallium driver (and no, I wouldn't need to enable that in the host's mesa)

So I might as well go back to QXL for Windows, it's probably better at this time.

That will be interesting to try on a new Arch VM though (I'm going to do one soon, to have a vanilla dev environment available if I need one. I do have one, but it's for my old qemu on LFS and I'd probably more want to mimic a more modern setup now, with EFI and GPT partitions etc.)

P.S. Oh shit, there is no more QXL graphics driver in the guest driver package (at least not available in Win11), only the virtio. If I enable QXL again, I only have "Microsoft Display Adapter" as I would without drivers. So I removed/reinstalled the guest package to get to the installer again and expanded the category and that's how I found out.

[Grogan]

Windows needs to be activated to even get at the "Personalization" settings now. All it will let you do is choose one of the few preset themes.

OK, Microsoft, you win (lose, actually). I'll get a copy "activated". I wanted to use Home Edition for this, to be on the same page with most people, but oh well.

[Grogan]

I thought I might just buy a Windows 11 Home Edition license seeing as we're going to need one for my sister anyway in the somewhat near future. (and retail should be able to activate again)

However, the futhermuckers want $189 CDN for it, just for Home Edition

They sure want a lot of money for this crap. Even OEM, $159 (DVD, shipped) best price I can find on Amazon (and it's not from them). OEM Home boxed copy with key only (no DVD) is $222. This could actually be a deal breaker, I might not be interested in building this PC after all. We might as well just get her an Acer or something if I have to pay that much for a crappy OS. You don't pay much for it on a new PC. Even already having a case, I'm not going to be able to do a build for less than the cost of a decent enough Acer box. Motherboard, CPU with onboard graphics, cooler, fans, RAM, NVME, power supply AND $200 for the crappy OS? I can't do that, Dave. It's pointless, for what she uses a computer for.

I could have an Acer system here tomorrow ordering directly from their web site too (not doing that today, it's just the point) and all I'll have to do is de-crapify it.

[Grogan]

Bloody Hell, this GUI is idiotic. I've been chasing my tail trying to get 3D acceleration to work (virgl, with virtio). I'm enabling it for the Virtio graphics adapter and it's just failing when I go to "Begin Installation" even for a Linux distro. The reason is, enabling it there doesn't actually enable it, you have to go to the Spice Video configuration and enable it there first.

Anyway, I'm starting a Manjaroo install. I may be doing one on Saturday (my nephew asked for a Linux install) and wouldn't mind guinea pigging it in a VM to see what's changed in the install process (It's probably been over 5 years since I've seen it) and see how it copes with EFI.

I may try the 3D acceleration again in the Windows 11 VM, that wasn't the reason it was failing at creation time, it was the Spice Video setting. (and I have all the iommu stuff enabled correctly in kernel and kernel command line)

[Grogan]

* Going to take back some of what I said here, this worked out a lot better on my nephew's system *

Manjaro sure is a load of fucking clownery.

The installer crashes when I select Manual Partitioning in EFI mode (doesn't crash in BIOS mode)

Automatic partitioning works, but it doesn't create a swap partition. I have no swap, 0 bytes available. (WHAT?!?)

You still need swap for memory management, it's the only way the kernel can free up anonymous pages (think orphaned memory that doesn't get freed up, the kernel can't just dump it because it doesn't know what the data belongs to. It can get it out of the way in swap though and this is something that happens ALOT with stupid games that don't free up memory). I could create and mount swap in a file, but I don't care enough (temporary use in a VM)

Anyway, I have a Plasma Wayland session with Direct Rendering. It doesn't feel like bare metal, but we'll see what we can turn off. It's starting to feel better already with a "prefer low latency" compositor setting for animations and stuff. I'll also try Plasma X11 but Wayland was the default.

It's still Plasma 5 though... typical crap you can expect from commercial distros. Manjaro was better before they went commercial. I'm actually quite disappointed that it's Plasma 5.

It's Linux 6.6 too, and if you switch to their linux68 kernel after the fact it's Linux 6.8.5, not even current fixes.

Bloody Hell! Manjaro didn't even install bash, which is like needed for most shell scripts (at least a bourne compatible shell). I found that out the hard way. It set me up with zsh and bash wasn't even installed, I had to install it with pacman and change my shell. I guess I won't be recommending this distro for anything now. This isn't going on my nephew's computer, it's too dumbed down now and I wouldn't want him to think this is the best he can get.

They even disable Mesa video codecs now (though I knew about that, I'd compile that to fix it) because they are such a great distro for their users. Manjaro is pretty much pointless, now.

I guess I'll have to do Arch (maybe I'll ssh in from his laptop with PuTTY so I don't have to type fstab etc. out by hand

[Grogan]

It lets me enable it and nothing complains, but I don't really have any 3D acceleration in Windows 11 (just decent 2D with that driver). I can't run WebGL, it says it's unsupported. Curiously, dxdiag shows that I have d3d acceleration, but I've seen that before when it's bollocks.

On the Linux guest I can though, I only get about 30 FPS in that aquarium webgl demo, but it works. glxinfo shows direct rendering through virgl too.

Now I'll have to see if enabling that iommu shit harms gaming performance in any way. It shouldn't if it's not being used, but I redid the kernel so it has to be enabled on the kernel commandline again (I was just testing) so I can easily just backspace out iommu_intel=on iommu=pt from it and boot without it from the grub menu (btw... iommu=pt doesn't seem to be the same as iommu.passthrough=1, and it's not just putting the iommu in passthrough mode, it's making it so it will only try to program passthrough supporting devices (e.g. the video card, not some other random PCI devices). I still don't completely understand all this, but I'm getting closer

[Zema Bus]

You can avoid paying those insane prices for a Windows key. There are sites that sell legit keys for $20 - $40, I got a Win10 one over a year ago for a small machine where I've occasionally needed a Windows install, and a Win10 key last summer for a test machine (the one with the Intel Arc card) with Win11 (Win10 keys were cheaper and could be used to activate Win11). I also used a $20 key for my sister's machine, and my other sister and brother-in-law got a couple of these keys. They all activated right away. I think JayzTwoCents was one of the people I first found out about this from. Here's a couple of them: whokeys com/ vip-urcdkey com/

I couldn't find the older video I was thinking of but here's a recent one where he discusses the cheap keys, it'll start at the time stamp just before he gets into that discussion:



Hehe - The video below came up as a suggestion tonight so I watched it, and at the beginning he did an ad read for another one of those cheap keys sites. I've seen them in other channels too from time to time.



Incidentally he was using the Pro version of Windows where that method has already been known to work. But if those other methods won't work anymore in the upcoming builds I don't know what that'll mean for the Home editions.

[Grogan]

Yes, I saw Jay talking about such sites in some of his videos, but I discounted it because it takes a lot for me to trust. For my VM I don't care (I'll handle it) but I'd only use a legit key for somebody else. I'd actually buy two keys at a decent price, I'd prefer to have a legit one myself too.

I wasn't exactly expecting it to be free, but I was thinking a Home Edition would be like $100 or so from Microsoft, seeing as they want everybody to move to it and are offering it as a free upgrade.

I would expect that the bypassnro utility will remain, as Microsoft can't just leave people dead in the water with no way to proceed if their network adapter doesn't work during setup. They can't possibly guarantee that every NIC and WIFI adapter is going to work without third party drivers (not only driver, but programmed differently by different vendors in driver information files) or that someone is necessarily going to have a network available in the time and place they are setting up. Two things have to happen there for that. You have to have no network connectivity (cable unplugged or no wifi network joined) and run bypassnro. If you already have a connection, it's just going to proceed and the "I don't have a network" hotlink doesn't show up. So that's still cunty enough for Microsoft

However, I'd be surprised if that method of typing an invalid Microsoft account username was intentional and I'd expect them to fix that eventually. Someone could end up doing that by accident (oh no!) lol

P.S. That behaviour irks me, and it makes me think of this scenario every time. What if I was up North and had a laptop delivered to the remote community where I was stationed. It took weeks to get there, and even the spotty service available there is out for weeks until someone can get in there and fix it. I can't even boot my laptop up and work on spreadsheets and databases and print letters because of Microsoft's arrogance?

Nope, they wouldn't get away with that for long. There has to be an out that tech support could coach.

Myself, I would ship a system with a Local blank password account pre-created (like some OEMs used to do, e.g. "owner"). Probably you wouldn't get Microsoft certification but you know what? You don't need it. None of the laptops from Acer have it, because they don't do touch screens. hahah

[Grogan]

Alright, I just purchased two license keys for Windows 11 Home OEM Global from whokeys.com. $29 USD each, that's fine. (I didn't shop around)

Now to see if one of them works. (I'll leave the other untested because they are OEM)

P.S. Yep, it activated, despite the Activation Status check when clicking "Activate Windows Now" showing an error that it couldn't contact the activation servers at this time (rebooted and tried again too, it's real and it was not showing that yesterday when I clicked there). I decided to try inputting my key anyway, thinking it might be a different service that's down, and that was right... it worked.

[Grogan]

By the way, Microsoft Edge (Chrome) runs both WebGL 1.0.2 and WebGL 2, just very horribly (in fact I left the basemark benchmark running while I went for a smoke and it's still on the WebGL 2 test lol!)

Firefox has it blocked for good reason, due to known issues with the driver. It's not even disabled by normal settings in about:config (it's all enabled), it's a hard nope. Angle just doesn't work correctly (Both Firefox and Chrome on Windows use this translation layer, EGL 2.0 --> DirectX 11) without hardware acceleration (moreover, only with Intel, Nvidia and AMD drivers at that). What I get on Windows is webrender with a software back end with the virtio graphics driver.

[Grogan]

I hadn't watched the second video yet, and didn't know he was trying to say that bypassnro doesn't work anymore, but I can tell you for certain that it does, on 23H2 Home Edition because that's what I used yesterday. His discrepancy probably was, I think, that he actually had a network connection. (and I think it's always worked like that, in my experiences... that's why I mentioned it! They may have changed the screen progression though)

[Zema Bus]

Glad that worked out

[Grogan]

So Manjaro actually worked out very well, I was able to do everything I needed with the installer. It didn't crash on manual partitioning. I created the EFI partition, swap and the rest of the disk for the rootfs. (I bought a brand new SATA SSD for this so I wouldn't have to touch his drives). I then just changed the boot order of the drives in the BIOS. Manjaro already dutifully set up grub with a correct entry for his Windows EFI bootloader on the first NVME, so I didn't have to even figure that out. If his boot loader gets broken all he has to do is go in the BIOS and boot from the Windows drive.

So there's one thing different about Manjaro, their grub autoconfig setup is better. Arch doesn't probe other OSes with grub-mkconfig (I don't personally care, I do a hand config anyway but that's not very nice for other people).

I had him up and running with games fairly quick. I tested an EA game first in Steam because I knew I was going to have to install more stupid shit (lib32-libldap, lib32-gnutls etc.) and a different Proton. (That seems to need Proton Experimental at this time)

[Zema Bus]

I noticed that about Manjaro when I had previously configured her older machine to dual boot Manjaro and Windows 10 a few years ago. Most distros these days by default disable probing for other installed OS's so os-prober doesn't run. If not manually configuring it it can be enabled by adding or uncommenting "GRUB_DISABLE_OS_PROBER=false" in /etc/default/grub. That disables the disabling

[Grogan]

Yeah I guess that could be turned on in Arch. It probably doesn't need any additional scripting.

Speaking of Arch, do I ever have good performance in my Arch VM. I have SOME 3D acceleration, I can actually complete WebGL tests (that would never complete in software rendering mode... they'd start but stall). Compositing works, card animations in the kpat solitaire game. With the virtio drivers I have hardware assisted storage and networking too. That's the best guest performance I've seen to date now. I wouldn't have run Plasma in a VM lol

Windows 11 has OK desktop performance, but forget any 3D stuff.

[Grogan]

I got "shared folders" working for the first time. I mean actual virtio shared between host and guest (I used to just use networking... the network stack will use loopback by default if it's on the same host). I liked the simplicity of my simple qemu client, but now that I have virt-manager and the whole stack of qemu shit installed, I might as well.

Unfortunately it needs something in the host kernel that I don't like, page merging (KSM, kernel samepage merging support) that I have never wanted to enable. It merges pages with the same data into one, it's a memory saving feature. It's more designed for KVM, so you can save memory while running multiple VM's but can be enabled on the fly with madvise system calls by applications. (It can also be enabled with a sysfs tunable... echo 1 > /sys/kernel/mm/ksm/run which defaults to 0). The thing is this induces overhead (a bit of cpu time), but I don't think anything but qemu/KVM is going to ask for that and if it does cause problems, it can be disabled with that same sysfs knob)

This is because KVM guests need "shared memory" to use virtiofs shares, and it's KSM that allows this on the host.

Again, silly GUIs can be such a disconnect. After taking care of the host, I need to enable it in virt-manager for the guest. I enabled shared memory under Memory but I'm looking all over the place for a setting to enable the sharing, but it's nowhere. I do a web search and find old info, but yes indeed I should be seeing it in "Options" and I just have to find it in the newer UI. It finally dawns on me that I have to go to Add Hardware, that's how they've implemented everything now in that device tree (viewing "Details" of the virtual machine). So it's Add Hardware, and "Filesystem virtiofs". There you choose the path to the mount point on the host, but also a target directory (actually target_path in the XML config files). No, this is not the mount point in the guest, just a virtiofsd identifier, arbitrary. I named mine virtmount. I'm wondering "what fucking target, why would this know about the mount point in the guest" but it's just a mount tag for the guest to access it on the host, like share name, not a path. How "intuitive"

Anyway, with all the ducks in a row, in a Linux guest it's done using the mount command (or some browsable GUI equivalent?)

Code: Select all

mount -t virtiofs virtmount /mnt/virtmount

That's "mount -t virtiofs target_path mount_point_on_guest"

For Windows guests, it has nothing to do with this. I'd have to use smbd on the host or some sftp client or something. (can do... I have the in-kernel ksmbd module and I'd just have to install some tools on the host and drop in my conf from my LFS. It's a bit different than a normal samba smbd.conf and uses its own password hashes in a file. I hate Samba and prefer to work with that)

[Grogan]

Oh bollocks, I've been had again... the virtiofsd method actually uses its own implementation of FUSE, with dm_mod and dax backend. It doesn't need KSM page merging. I was reading old information (that's the problem with this qemu/libvirt/virt-manager stuff, info from a few years ago isn't relevant or viable)

I'm looking and I don't see any KSM stuff in use (I don't see it enabled by reading the info in the sysfs files for it). I think to actually use samepage merging to save memory between guests, KSM needs to be enabled but it doesn't seem like this would need it after I found this document:

https://virtio-fs.gitlab.io/design.html

I think it only needs "shared memory" enabled in the guest because it is what enables the memfd backing this needs to use, it doesn't actually use the page merging. (memfd system calls are for working with shared memory... uses unix domain sockets descriptors. It can be accessed by multiple processes without copying data around.

I rebuilt my host kernel without that poo and that's correct, my virtiofs sharing isn't using KSM at all.

[Grogan]

Damn, that Arch VM is pretty much perfect now. I have a custom kernel now and I think I've got everything as good as I can. I was surprised to find that it took less than 2 minutes to build a kernel, with 4 cores and 8 threads, using "make -j10" like I used to. That kernel would have taken 10 minutes on bare metal on my old box. I used the same config from Arch and just went through and disabled/enabled things I need to be different for a qemu guest (point being I still built all the netfilter modules etc. that take the time). Different block/network/console/graphics/storage drivers etc. I almost got it right, but I forgot to enable AT Keyboard support though (PS/2 keyboard) as I don't use that anymore on the host... I was all "ehhh" when I couldn't type lol

Too bad there's nothing more I can do for Windows 11 guests. I'm already using the best drivers I can (got the latest virtio guest drivers etc.) and backends.

[Grogan]

I got copy and paste working between Windows 11 guest and host in both directions simply by installing the spice guest tools in Windows. That installed some serial driver for it.

On the linux guest, I was missing spice-vdagent (which I installed with pacman) but I still can't get it to work. I hate gimmicky bullshit like this. It's a Linux application and if it should work anywhere out of the box, it ought to be on a Linux guest.

P.S. Qemu now has its own "vdagent", it doesn't use a spice channel for this anymore, it replaces it for communication with the spice agent. I added it as hardware (and had to remove the spicevmc channel) and while it works for the mouse communications, I still don't have copy/paste communication with the host. Moreover, by changing to that qemu-vdagent channel, my mouse doesn't work correctly while booted with the distro kernel anymore. I have a cursor and it moves, but no buttons work. It works correctly with my kernel though

I'm probably close to figuring it out, but enough chasing my tail for now. Game time!

[Grogan]

Actually there is one thing I could do for Windows 11 guests, I'm just not willing to. I could enable the Intel graphics adapter for passthrough. That supports SR-IOV (I think all Intel graphics do these days). Of course Linux guests would then use that too and it would be way better than using virgl.

Damn, I'm torn. I don't want to have to deal with two graphics stacks and the confusion it causes, but that would be so good for running VMs. I mean, I run with no xorg configuration and that would change. Hardware resources too maybe. That's all but disabled by disabling "multi monitor support" for the integrated graphics in bios. The only clue it exists are some telltale i/o ports where X gets told to piss off when probing. It doesn't get it my way at all, as it is now.

I'd be very surprised if that didn't make my gaming a pain in the ass. Maybe not though, I think you can have it so the adapter is not usable at all on the host when already mapped or something like that.

[Zema Bus]

A lot of people doing video card passthrough these days are running Looking Glass:

Looking Glass is an open source application that allows the use of a KVM (Kernel-based Virtual Machine) configured for VGA PCI Pass-through without an attached physical monitor, keyboard or mouse. This is the final step required to move away from dual booting with other operating systems for legacy programs that require high performance graphics.

Wendell from Level1Techs has done a lot with Looking Glass, here's one of his videos:

[Grogan]

I would actually like to attach another monitor to the Intel graphics ports for this. The one on the other desk. I think I could even do it with normal cable length just by moving the desk, and the monitor on it a bit closer but up to 10 feet cable length seems like it would be practical for DisplayPort and of course HDMI cables can be longer. I wouldn't even disconnect the DVI cable that connects it to the other computer, I just wouldn't be using both at once (i.e. that PC would be shut off if I'm using its monitor or I would just yank one cable end if I want to boot it up for network use only)

If I were to do it, I'd like to have it so the virtual machines just work with it like a normal graphics adapter and it outputs to the display. It would be Intel graphics drivers in the guest. That way Windows wouldn't know the difference, I'd have whatever DirectX support the drivers and adapter provides. I wouldn't be using that adapter for (non-solitaire type) games, but it would be sufficient for any desktop/video acceleration.

I don't want any gimmickry in the way when I access virtual machines either, I don't want to have to connect to it with some bouncy relay service to update frames while it renders things off screen. This is why I presently use the GTK windows (my VM is a windowed application in X11) rather than VNC, for example. In fact Spice is bad enough of a middle man (why I'm considering the Intel passthrough).

This is what I mean about isolating (I said "binding") the GPU, something like this:
https://wiki.archlinux.org/title/PCI_pa ... h_via_OVMF

In order to assign a device to a virtual machine, this device and all those sharing the same IOMMU group must have their driver replaced by a stub driver or a VFIO driver in order to prevent the host machine from interacting with them. In the case of most devices, this can be done on the fly right before the virtual machine starts.

However, due to their size and complexity, GPU drivers do not tend to support dynamic rebinding very well, so you cannot just have some GPU you use on the host be transparently passed to a virtual machine without having both drivers conflict with each other. Because of this, it is generally advised to bind those placeholder drivers manually before starting the virtual machine, in order to stop other drivers from attempting to claim it.

The following section details how to configure a GPU so those placeholder drivers are bound early during the boot process, which makes said device inactive until a virtual machine claims it or the driver is switched back. This is the preferred method, considering it has less caveats than switching drivers once the system is fully online.

Warning: Once you reboot after this procedure, whatever GPU you have configured will no longer be usable on the host until you reverse the manipulation. Make sure the GPU you intend to use on the host is properly configured before doing this - your motherboard should be set to display using the host GPU.

Starting with Linux 4.1, the kernel includes vfio-pci. This is a VFIO driver, meaning it fulfills the same role as pci-stub did, but it can also control devices to an extent, such as by switching them into their D3 state when they are not in use.

Binding vfio-pci via device ID
...

That should not bother me at all in the host, if configured like that. In my case (not wanting to use initrd) I'd build vfio-pci right in the kernel and use the kernel command line. I won't even build Intel graphics support in my kernel (and I won't have to add it to Mesa) and this shit will be done before amdgpu module load too so its resources won't get stepped on.

[Grogan]

I'm looking at that other software though. Maybe another front end would be better now, or just bite the bullet and configure qemu by hand in the command line. I have all the functionality and external stuff now, unlike before in my LFS.

I do think my problem with the clipboard is because virt-manager is 3 years old (and any recent commits have mostly just been to test suites and .gitinfo). Qemu was version 6.x at that time, and now it's 9.0. Configuring that qemu-vdagent is probably not using the right parameters anymore for that to work for Linux guests (it still works with Windows... the old method with spice vdagent serial drivers). For one example I found that it needs a configuration option to take over the mouse and virt-manager isn't supplying it. I might be able to edit the XML, but I'm not sure if it needs to know about the back end parameter. It doesn't do things like mouse=on as Qemu would in its command line, it would be more like "mouse enabled" in the XML.

At the end of the day, is the clipboard communication that important? I could SSH and cat to a file on the host if I really need to capture some text without having to type it. Or simply transfer a text file. I've not had shared clipboard since I quit using Virtualbox, I just thought it would be nice to have that back again since I installed a bunch of distro packages for this.

libvirt (virt-manager) does strange things with the mouse. It sets up a EvTech USB tablet for absolute pointing, but somehow also uses a PS/2 mouse to convert it to relative. I don't get it, but removing one or the other causes a dysfunctional mouse in the guest. It's got to do with that com.redhat.spice.0 channel that qemu-vdagent takes over that my clipboard isn't working in the Linux guest (though I do have communication for mouse). The best thing would be to not use Spice protocols for that.

Going through Spice-Video does somewhat suck too. I'd like to use something better.