Tuesday, 17 September 2019

CPU hardware assisted virtualisation exposed with PCI Passthrough on the same VM in ESXi 6.7 u2

If you have a GPU or PCI device passed through to your virtual machine, you've likely seen the error message in VMware that you cannot expose VT-d to the VM at the same time:

Failed to reconfigure virtual machine commando. PCI passthrough devices cannot be added when Nested Hardware-Assisted Virtualization is enabled.

If you need both PCI passthrough and VT-d (nested virtualisation) on the same VM in ESXi 6.7 u2, here's how:

Back up, then edit your VMX file and include the following 2 lines:

vhv.enable = "TRUE"
vhv.allowPassthru = "TRUE"

Doing so will enable experimental support for both to be passed through to the VM. Unfortunately this causes some side effects. The vmmem process appears to be running wild and taking 25% CPU on this 4-core VM (so likely a full thread.)

Since this is unsupported, I guess this is just an issue you need to live with until there is a fix (if ever.) If you happen to know one weird trick (sysadmins HATE him) to fix this please leave a comment. For now, I'll just enable in the VM when I really need to have VT-d exposed.

Vulnhub Writeup: Djinn

Vulnhub - Djinn Writeup.md Vulnhub: Djinn Description Level: Beginner-Intermediate flags: user.txt and root.txt De...