The following limitations apply to the KVM hypervisor:
- Constant TSC bit
Systems without a Constant Time Stamp Counter require additional configuration. See Chapter 17, KVM guest timing management
to determine whether you have a Constant Time Stamp Counter and what additional configuration may be required.
- Memory overcommit
KVM supports memory overcommit and can store the memory of guests in swap space. A guest will run slower if it is swapped frequently. When Kernel SamePage Merging (KSM) is used, make sure that the swap size is equivalent to the size of the overcommit ratio.
- CPU overcommit
No support exists for having more than 10 virtual CPUs per physical processor core. A CPU overcommit configuration exceeding this limitation is unsupported and can cause problems with some guests.
- Virtualized SCSI devices
SCSI emulation is presently not supported. Virtualized SCSI devices are disabled in KVM.
- Virtualized IDE devices
KVM is limited to a maximum of four virtualized (emulated) IDE devices per guest.
- Para-virtualized devices
Para-virtualized devices, which use the
virtio drivers, are PCI devices. Presently, guests are limited to a maximum of 32 PCI devices. Some PCI devices are critical for the guest to run and these devices cannot be removed. The default, required devices are:
the host bridge,
the ISA bridge and usb bridge (the usb and ISA bridges are the same device),
the graphics card (using either the Cirrus or qxl driver), and
the memory balloon device.
Hence, of the 32 available PCI devices for a guest, 4 are not removable. This means there are 28 PCI slots available for additional devices per guest. Every para-virtualized network or block device uses one slot. Each guest can use up to 28 additional devices made up of any combination of para-virtualized network, para-virtualized disk devices, or other PCI devices using VT-d.
- Migration limitations
Live migration is only possible with CPUs from the same vendor (that is, Intel to Intel or AMD to AMD only).
The No eXecution (NX) bit must be set to on or off for both CPUs for live migration.
- Storage limitations
The host should not use disk labels to identify file systems in the
/etc/fstab file, the
initrd file or in the kernel command line. A security weakness exists if less privileged users or guests have write access to entire partitions or LVM volumes.
Guests should not be given write access to whole disks or block devices (for example,
/dev/sdb). Guests with access to block devices may be able to access other block devices on the system or modify volume labels which can be used to compromise the host system. Instead, you should use partitions (for example,
/dev/sdb1) or LVM volumes.