Qemu in a Windows host

2024-07-11 @equalsraf

UPDATE: 27/08 I have dropped this setup due to qemu issues with hyper-v - it fails to setup cpuid (reports avx2 but no avx) which breaks some code. I'm now using VirtualBox and disabled hyper-v to the same outcome.

I have several problems with WSL (both version 1 and 2) which led me to abandon it for a more traditional VM setup.

The problems:

• WSL1 is slow for some things
• WSL1 does not emulate some linux features (since its just a translation layer)
• WSL2 is a real VM (hyper-V) so its heavier
• WSL2 networking setup (NAT or otherwise) does not play nice with my VPN - there are partial workarounds that periodically break, scripts in cron/etc
• the default linux kernel used in WSL2 (built by microsoft) has some kernel features disabled that prevent it from handling older syscalls (we could compile our own)
• file sharing via wsl:// is excruciatingly slow in WSL1

The trade off here is that qemu user mode network stack is nicer to work with than WSL2 but the downside is file sharing between the host and VM. For performance I'm relying on WHPX support.

qemu setup

My setup relies on a regular qemu VM. The following need to be passed to qemu

• (-accell whpx) for acceleration through hyper-v
• (-device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp:127.0.0.1:5555-:22) to expose ssh (port 22) on the host loopback interface
• (-nographic -serial mon:stdio) the usual to disable graphics and use the serial port
• (-smp 8 -m 8192) idle memory consumption is not 8G though

The two main benefits here are:

• the use of hyper-v acceleration (keeps resource consumption relatively low)
• port forwarding works much better here than with hyper-v tools
• listening ports on the host loopback interface are reachable from the guest

Whats missing

The main downside of this setup is file sharing, and terminal setup

• qemu does not support 9p/virtfs for windows hosts to share files with the guest
• I'm starting qemu with the console on the serial port - but both the windows terminal and conemu do not work perfectly over this
• AFAIK there is no easy way to run qemu as a native windows service (in the background)

I don't have a nice solution for file sharing. The best I came up it is

• for files in the host: share folders via whatever protocol you want in the host loopback interface (e.g. regular windows shares or openssh running in the host)
• for files in the guest: I'm currently not doing it at the moment, I just rely on other protocols and hostfwd

For the terminal issues I just work around them using an ssh connection through the forwarded port. But conemu seems to be a bit better than the windows terminal.

OpenSSH server in Windows

For the VM to be able to access the host I rely on the OpenSSH server which is reachable from the VM.

To configure the ssh server in windows

• enable openssh server in windows optional features (add feature -> openssh server)
• enable OpenSSH SSH server in the services manager

If not set you may want to set the default shell for ssh (from an admin powershell)

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

The sshd_config file is stored under C:\ProgramData\ssh and you can disable password based auth and restrict the listening interface with

ListenAddress 127.0.0.1
PasswordAuthentication no
PubkeyAuthentication yes

Key based authentication uses an authorized keys file but its location differs if your user is in the Administrator group:

• .ssh/authorized_keys (in your HOME folder); or
• C:\ProgramData\ssh\administrators_authorized_keys

The later file needs to have special permissions (see the MS docs in the refs)

icacls.exe "C:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"

References