

Slabbed-or-not: Detect if your VPS container is running under a hypervisor - DiabloD3
https://github.com/kaniini/slabbed-or-not

======
sillysaurus2
Github, you seem to be having a problem (a code file is inaccessible): [EDIT:
Problem is fixed! Took about 30 minutes.]

Between this and your recent choice to disable zooming out when browsing code
via iPhone, I'm starting to worry a bit.

~~~
mintplant
There's a big "Raw" link in your screenshot, you know.

~~~
sillysaurus2
I was running out the door when I made the post, and wound up screenshotting
the wrong tab by mistake. The correct tab had a big error message like "We're
sorry, we didn't generate this code blob fast enough for you" with no raw
link. Sorry about that.

On the very slim chance that a Github staffer is reading this, here's the link
that was down for ~30 minutes: [https://github.com/kaniini/slabbed-or-
not/blob/master/slabbe...](https://github.com/kaniini/slabbed-or-
not/blob/master/slabbed-or-not.c) ... It was down at around 8pm PST.

------
porker
Can someone explain the concept behind this? Some hosting providers are
selling VMs which are already inside a VM for some reason?

That sounds odd, but I guess it makes their management easier, though tools to
balance VMs between machines should negate the need for that.

------
userbinator
I thought the point of virtualisation is to make it so you get an environment
which behaves as close to a real machine as possible, so why are they still so
easily detectable?

~~~
paulfurtado
Most hypervisors don't try to hide themselves from the VM. Many provide
interfaces from the guest OS in the VM to the hypervisor for things like para-
virtualizing device drivers for performance, ballooning (reclaiming unused
RAM), or many other features.

~~~
nenolod
The point of the project in this case is to detect the hypervisor from within
a child container (which has a virtualized /proc and /sys).

Hosting providers do this with their Virtuozzo products so they can take
advantage of memory deduplication. Such information can be helpful in
diagnosing performance bottlenecks (think paravirtual steal-time).

------
nodata
> a lot of dishonest hosting providers will run their OpenVZ/LXC containers
> inside another virtual machine.

A lot? I don't know any. Can you name some?

~~~
nenolod
BuyVM.

[http://lowendtalk.com/discussion/20847/buyvm-lies-cheats-
ste...](http://lowendtalk.com/discussion/20847/buyvm-lies-cheats-steals-solus-
slabs-hosts-servers-in-basement)

Whether they are doing so dishonestly is a subjective question though. I
changed the README a little.

------
newman314
How is this dishonest? I'm not getting it. Can someone please elaborate?

~~~
chomp
Source code and (poorly written) readme makes it seem that some providers will
say that they run things like KVM but put you in a (much more easily oversold)
Virtuozzo container. I presume this detects that.

~~~
oakwhiz
I thought that this was more about the practice of hosting virtual machines
inside other virtual machines in order to perform memory deduplication.

------
baconhigh
everyone read the source code before compiling and running.. right?

------
justin_vanw
When I opened the github link and saw all those .c files, I assumed it must be
doing something tricky, like timing system calls or doing statistics or
looking at what memory addresses are allocated or... something.

This entire repo is like a 40 line bash script, but they wrote it in C
because.. they know C presumably?

The thing that really makes me curious though, how many people are running
VPS's on so many clients that they need a tool to tell if it's virtualized? I
can understand wanting to know, I guess, but why not just have a list like "if
/proc/whatever exists, you are in kvm" instead of compiling and running this?
Who would do it? Why is this on the frontpage?

~~~
iam
Out of curiosity how would you reimplement this file in bash?
[https://github.com/kaniini/slabbed-or-not/blob/master/xen-
de...](https://github.com/kaniini/slabbed-or-not/blob/master/xen-detect.c)

In particular, the fact that it's using inline asm directly (for cpuid, ud2,
some others). Maybe with 'as' but that's not exactly pure bash (and I suspect
not embedding it in C would need a non-trivial main function anyway).

Reading an arbitrary memory address (for the cpuid scans) might be a bit
tricky too, though it could be doable with /proc/$PID/mem.

~~~
nailer
CPUID is available in /proc/cpuinfo (or whatever the /sys or modern equivalent
is, my Linux is a bit rusty)

Not sure re: UD2 though.

~~~
nenolod
The point here is that the information in /proc/cpuinfo is virtualized, and
therefore may not reflect reality...

~~~
nailer
Would you have to be a kernel module to access the CPU directly?

~~~
aryastark
No. All binary programs access the CPU directly. Only certain instructions
require being in a certain "ring" (i.e. access level). The CPUID instruction
is non-privileged, meaning you can access it from user space.

