VMWare and UDEREF
Posted: Wed Sep 09, 2009 7:17 pm
I'm making a sticky post for this, as some users may get bit by a recent necessary change to PaX's UDEREF (made a few days ago). Previously, UDEREF would detect the VMWare I/O backdoor, and if detected, would disable UDEREF for the guest. This was to avoid a conflict with VMWare that would cause incredibly poor performance on the guest. There now exist options available through the main interface of VMWare to choose to specifically use hardware-based virtualization for VM guests. The use of these options have no conflicts with UDEREF, so disabling UDEREF at startup in these cases was unnecessary.
If you're booting a VM guest with UDEREF enabled and the "Preferred mode" under Virtual Machine Settings -> Hardware -> Processors -> Execution Mode is set to "Automatic" or "Binary Translation", you need to:
Append "pax_nouderef" to your kernel command line
Check the "Disable acceleration for binary translation" option
If the second operation listed here is not done, there's some bug in VMWare's binary translation that causes the same poor performance even with UDEREF enabled but pax_nouderef used
Alternatively, you choose one of the two below options at some performance cost to keep UDEREF without the significant impact of it with binary translation:
Choose "Intel VT-x or AMD-v" as the "Preferred mode"
Choose "Intel VT-x/EPT or AMD-V/RVI" as the Preferred mode"
-Brad
If you're booting a VM guest with UDEREF enabled and the "Preferred mode" under Virtual Machine Settings -> Hardware -> Processors -> Execution Mode is set to "Automatic" or "Binary Translation", you need to:
Append "pax_nouderef" to your kernel command line
Check the "Disable acceleration for binary translation" option
If the second operation listed here is not done, there's some bug in VMWare's binary translation that causes the same poor performance even with UDEREF enabled but pax_nouderef used
Alternatively, you choose one of the two below options at some performance cost to keep UDEREF without the significant impact of it with binary translation:
Choose "Intel VT-x or AMD-v" as the "Preferred mode"
Choose "Intel VT-x/EPT or AMD-V/RVI" as the Preferred mode"
-Brad