5.2. KVM limitations

Systems without a Constant Time Stamp Counter require additional configuration. See Chapter 17, KVM guest timing management to determine whether you have a Constant Time Stamp Counter and what additional configuration may be required.

KVM supports memory overcommit and can store the memory of guests in swap space. A guest will run slower if it is swapped frequently. When Kernel SamePage Merging (KSM) is used, make sure that the swap size is equivalent to the size of the overcommit ratio.

No support exists for having more than 10 virtual CPUs per physical processor core. A CPU overcommit configuration exceeding this limitation is unsupported and can cause problems with some guests.

Overcommitting CPUs has some risk and can lead to instability. See Section 33.4, “Overcommitting Resources” for tips and recommendations on overcommitting CPUs.

SCSI emulation is presently not supported. Virtualized SCSI devices are disabled in KVM.

KVM is limited to a maximum of four virtualized (emulated) IDE devices per guest.

Para-virtualized devices, which use the virtio drivers, are PCI devices. Presently, guests are limited to a maximum of 32 PCI devices. Some PCI devices are critical for the guest to run and these devices cannot be removed. The default, required devices are:

Hence, of the 32 available PCI devices for a guest, 4 are not removable. This means there are 28 PCI slots available for additional devices per guest. Every para-virtualized network or block device uses one slot. Each guest can use up to 28 additional devices made up of any combination of para-virtualized network, para-virtualized disk devices, or other PCI devices using VT-d.

Live migration is only possible with CPUs from the same vendor (that is, Intel to Intel or AMD to AMD only).

The No eXecution (NX) bit must be set to on or off for both CPUs for live migration.

See Chapter 21, Xen live migration and Chapter 22, KVM live migration for more details on live migration.

The host should not use disk labels to identify file systems in the /etc/fstab file, the initrd file or in the kernel command line. A security weakness exists if less privileged users or guests have write access to entire partitions or LVM volumes.

Guests should not be given write access to whole disks or block devices (for example, /dev/sdb). Guests with access to block devices may be able to access other block devices on the system or modify volume labels which can be used to compromise the host system. Instead, you should use partitions (for example, /dev/sdb1) or LVM volumes.