Skip to main content
Qualcomm® Linux supports hardware-assisted virtualization through KVM (Kernel-based Virtual Machine), which integrates directly into the Linux kernel and runs guest operating systems at near-native performance. Virtual Host Extensions (VHE) are enabled by default on Qualcomm SoCs that implement Armv8.1 or later, allowing the host kernel to run at EL2 while guest kernels and user space run at EL1 and EL0.
Refer release notes to know about platform capability and support for hypervisor solution.

Prerequisites and Kconfig

Enable the following in the host kernel configuration:
CONFIG_KVM=y
CONFIG_VIRTUALIZATION=y
KVM requires the kernel to boot in exception level 2 (EL2). Verify KVM is available on the device after boot:
ls -l /dev/kvm

Boot the kernel in EL2

Platforms are now configured to boot into KVM as default except few. Please refer to release notes to know about each platform capability. For platforms that boot into Gunyah instead of KVM, use following instructions to switch to KVM. Follow the steps in the order given.
Platforms that are configured to boot into KVM as default will not require below steps.
  1. Boot using the default images.
  2. Update the EFI variable to select the KVM device tree overlay:
    echo -n "el2kvm" > /var/data
    efivar -n 882f8c2b-9646-435f-8de5-f208ff80c1bd-VendorDtbOverlays -w -f /var/data
    efivar -n 882f8c2b-9646-435f-8de5-f208ff80c1bd-VendorDtbOverlays -p
    sync
    
  3. Reboot into fastboot mode. Run the following command on the device shell:
    reboot bootloader
    
  4. Flash the KVM XBL config image from the host:
    fastboot flash xbl_config_a xbl_config_kvm.elf
    
    The xbl_config_kvm.elf file is located under build/tmp/deploy/images/<machine-name> in the Yocto build output. Replace the following:
    • <machine-name> by the actual Yocto machine configuration name, for example iq-9075-evk.
  5. Reboot the device.

Launch a guest VM

Before launching a guest VM, ensure the guest kernel image (Image), root file system CPIO (rootfs.cpio.gz), and root file system image (rootfs.ext4) are present in the /mnt/overlay/guest/ directory on the host.

Using QEMU

Boot with a ramdisk:
qemu-system-aarch64 \
    -M virt -m 2G \
    -kernel /mnt/overlay/guest/Image \
    -initrd /mnt/overlay/guest/rootfs.cpio.gz \
    -cpu host --enable-kvm -smp 4 -nographic
Boot with a root file system image:
qemu-system-aarch64 \
    -M virt -m 2G \
    -kernel /mnt/overlay/guest/Image \
    -drive file=/mnt/overlay/guest/rootfs.ext4,if=virtio,format=raw \
    -append "root=/dev/vda" \
    -cpu host --enable-kvm -smp 4 -nographic

Using libvirt

Libvirt manages VMs through the virsh command-line utility and the libvirtd daemon. Define a VM from an XML domain file, then control it with the following commands: Table: Common virsh VM management commands
CommandPurpose
virsh define <xml-file>Register a new VM domain from an XML definition file
virsh list --allList all defined VM domains and their state
virsh start <domain>Start a stopped VM
virsh console <domain>Connect to the VM serial console (Ctrl+] to disconnect)
virsh shutdown <domain>Gracefully shut down a running VM
virsh undefine <domain>Remove a VM definition
Replace the following:
  • <xml-file> by the path to the libvirt XML domain definition file.
  • <domain> by the VM domain name as defined in the XML <name> element.
For libvirt XML domain definition examples, see the libvirt domain format documentation.

Virtio device support

Virtio provides a paravirtualized I/O framework for high-performance device emulation between guest VMs and the host. Front-end drivers run in the guest OS; back-end drivers run in QEMU or the kernel. Communication uses virtqueues (ring buffers) to minimize guest-to-host transitions. Table: Supported virtio devices
DeviceHost KconfigGuest KconfigPurpose
virtio-blockCONFIG_VIRTIO_BLKBlock storage device for guest VMs
virtio-netCONFIG_VIRTIO_NETNetwork interface for guest VMs
virtio-serialCONFIG_VIRTIO_CONSOLESerial communication channels between host and guest
virtio-9pCONFIG_NET_9P, CONFIG_NET_9P_VIRTIOCONFIG_NET_9P, CONFIG_NET_9P_VIRTIO, CONFIG_9P_FSHost-to-guest directory sharing over the 9P protocol
VSOCKCONFIG_VSOCKETS, CONFIG_VHOST_VSOCKCONFIG_VSOCKETS, CONFIG_VIRTIO_VSOCKETSHost-to-guest socket communication
virtio-IOMMUCONFIG_VIRTIO_IOMMUParavirtualized IOMMU for DMA management
virtio-balloonCONFIG_VIRTIO_BALLOONDynamic guest memory reclaim and allocation

Host-to-guest file sharing (virtio-9p)

Pass a host directory to a guest VM using the 9P file system:
qemu-system-aarch64 \
    -M virt -m 2G \
    -kernel /mnt/overlay/guest/Image \
    -drive file=/mnt/overlay/guest/rootfs.ext4,if=virtio,format=raw \
    -append "root=/dev/vda" \
    -cpu host --enable-kvm -smp 4 -nographic \
    -fsdev local,id=fsdev0,path=/mnt/overlay/test_dir,security_model=passthrough \
    -device virtio-9p-pci,fsdev=fsdev0,mount_tag=hostshare
Mount the shared directory inside the guest:
mount -t 9p -o trans=virtio hostshare <mount-point>
Replace the following:
  • <mount-point> by the directory inside the guest to mount the shared folder.

Virtual sockets (VSOCK)

VSOCK enables socket communication between guest VMs and the host using a context identifier (CID). The host CID is always 2; guest CIDs start from 3. Table: Reserved CID values
CIDDescription
-1Any address (for binding)
0Hypervisor
1Loopback
2Host
Add VSOCK to a QEMU invocation:
-device vhost-vsock-pci,guest-cid=<cid>
Replace the following:
  • <cid> by the CID to assign to the guest VM, for example 73.

Device passthrough

Physical devices can be passed through to a guest VM using VFIO (PCI), libusb (USB), or a chardev backend (UART). Identify USB devices on the host:
lsusb
Identify PCI devices on the host:
lspci
Add USB passthrough to a QEMU invocation using the vendor and product IDs from lsusb:
-device qemu-xhci -device usb-host,vendorid=<vid>,productid=<pid>
Add PCI passthrough using the domain, bus, slot, and function from lspci:
-device vfio-pci,host=<bus>:<slot>.<function>
Replace the following:
  • <vid> and <pid> by the USB vendor and product ID in hex, for example 0x0781 and 0x5567.
  • <bus>, <slot>, <function> by the PCI address components from lspci output.
For UART passthrough, configure a chardev backend pointing to the host TTY device and expose it to the guest as a virtserialport.

Observability and maintenance

KVM traces

Enable KVM event tracing via tracefs:
echo 1 > /sys/kernel/tracing/events/kvm/enable
cat /sys/kernel/tracing/trace
QEMU trace events can be redirected to the kernel ftrace buffer. To launch a guest VM with virtio traces enabled:
qemu-system-aarch64 \
    -M virt -m 2G \
    -kernel /mnt/overlay/guest/Image \
    -drive file=/mnt/overlay/guest/rootfs.ext4,if=virtio,format=raw \
    -append "root=/dev/vda" \
    -cpu host --enable-kvm -smp 4 -nographic \
    -trace "virtio*"

Watchdog

QEMU emulates an I6300 ESB watchdog device, exposed to the guest as a standard watchdog character device. Enable it in the guest kernel:
CONFIG_I6300ESB_WDT=y
Add the watchdog to the libvirt domain XML:
<devices>
  <watchdog model='i6300esb' action='reset'/>
</devices>
The action attribute controls behavior on timeout: reset restarts the guest, poweroff shuts it down. For details, see the libvirt watchdog documentation.

Remote command execution

The QEMU guest agent (qemu-ga) allows commands to be run on a guest VM from the host without a network connection. Enable qemu-ga in the guest OS user space and configure it through a virtio-serial interface. Use virsh qemu-agent-command with the guest-exec subcommand to execute commands remotely:
virsh qemu-agent-command <domain> '{"execute":"guest-exec","arguments":{"path":"cat","arg":["/proc/meminfo"],"capture-output":true}}'
Replace the following:
  • <domain> by the VM domain name.
For more information, see QEMU Guest Agent.