Detect KVM guests using dmesg #237

wants to merge 1 commit into


None yet
8 participants

maoe commented Dec 10, 2013

ohai cannot detect KVM guests if KVM/QEMU is running with -cpu option. Even if so, we still can detect them by searching for "Booting paravirtualized kernel on KVM" in dmesg output.


btm commented May 6, 2014

@maoe Thanks for the contribution, sorry we didn't get back to you earlier. We need a couple thinks like a CLA and prefer using JIRA tickets to track the status of contributions so we know when there's a patch for us to review. Please take a look here:

In this case I presume you're passing a -cpu option to KVM so it's showing a normal Pentium output in the DMI information. I found a list here:

The kernel message buffer displayed by dmesg has a limited size (e.g. 16k) and will wrap when filled, so it's possible this method will stop working if something gets noisy and prints to the buffer. It would be nice to find another method besides DMI that wasn't vulnerable to this.

We would need a unit test for this patch as well.

The cpuid method used in virt-what would be useful, if we could find a way to access that memory in ruby.;a=blob;;h=fb399becca48a38ad3b405a749895ad1f48b3276;hb=HEAD#l232;a=blob;f=virt-what-cpuid-helper.c;h=7812545d2647c7781e644aa717cafd04338a2e9e;hb=HEAD


sersut commented May 21, 2014

Let us know if you need any help with this @maoe.

maoe commented May 22, 2014

@btm @sersut Thanks for reviewing the patch. Unfortunately I may not have time to improve it anytime soon, but I'll let you know when I get there.

@sersut sersut removed the Attack List label Jun 25, 2014

imbriaco commented Jul 6, 2014

This might be a better heuristic:

# dmidecode -s system-manufacturer

Hi. I am an automated pull request bot named Curry. There are commits in this pull request whose authors are not yet authorized to contribute to Chef Software, Inc. projects or are using a non-GitHub verified email address. To become authorized to contribute, you will need to sign the Contributor License Agreement (CLA) as an individual or on behalf of your company. You can read more on Chef's blog.

GitHub Users Who Are Not Authorized To Contribute

The following GitHub users do not appear to have signed a CLA:

Please sign the CLA here.


lamont-granquist commented Jan 28, 2015

closed due to inactivity


franklouwers commented Jul 14, 2015

elsif node.deep_fetch('dmi', 'system', 'manufacturer') == 'QEMU'
virt = 'kvm'

@lamont-granquist lamont-granquist locked and limited conversation to collaborators Nov 16, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.