VMware Workstation is improving its Kernel-based Virtual Machine (KVM) support on Linux, providing “kernel-level protections and safeguards.”
First spotted by Phoronix the news comes courtesy of a post to the Linux kernel mailing list by Broadcom engineer Zack Rusin.
To be able to switch VMware products running on Linux to KVM some minor changes are required to let KVM run/resume unmodified VMware guests.
First allow enabling of the VMware backdoor via an api. Currently the setting of the VMware backdoor is limited to kernel boot parameters, which forces all VM’s running on a host to either run with or without the VMware backdoor. Add a simple cap to allow enabling of the VMware backdoor on a per VM basis. The default for that setting remains the kvm.enable_vmware_backdoor boot parameter (which is false by default) and can be changed on a per-vm basis via the KVM_CAP_X86_VMWARE_BACKDOOR cap.
Second add a cap to forward hypercalls to userspace. I know that in general that’s frowned upon but VMwre guests send quite a few hypercalls from userspace and it would be both impractical and largelly impossible to handle all in the kernel. The change is trivial and I’d be maintaining this code so I hope it’s not a big deal.
The third commit just adds a self-test for the “forward VMware hypercalls to userspace” functionality.
In a statement to WPN Broadcom made clear that its own VMware ESXi will continue to serve as the foundation for all of VMware’s core products, but some elements will rely on KVM in Linux to provide the best security and performance. The situation is similar on macOS and Windows, where Microsoft and Apple discourage code from running at the kernel level.
Below is Broadcom’s statement to WPN:
VMware ESXi continues to be the foundation for all of VMware’s core products. What we are doing is exploring changes to our VMware Workstation for Linux product as a continuation of our efforts to provide the kernel-level protections and safeguards users and enterprises expect in a solution like VMware Desktop Hypervisor. All modern Operating Systems go to great lengths to discourage third party code running in the kernel. To be able to continue working on Microsoft Windows and Apple macOS, VMware (now Broadcom) already enables the VMware Desktop Hypervisor products (Workstation and Fusion) to use the vendor provided hypervisor frameworks. Broadcom is now actively investigating making the same changes for VMware Workstation for Linux that we’ve already made on Windows and macOS. Even after moving to Apple and Microsoft’s virtualization APIs, we continue to use much of VMware’s own hypervisor code to handle instruction emulation and continue to use all of VMware’s existing virtual device emulation code. This helps maintain compatible behavior of VMs across all of VMware’s virtualization products. Again, Broadcom is not dropping any focus on the VMware ESXi hypervisor in any of its core cloud infrastructure products.
The announcement is good news for VMware users, as well as the Linux community.