From patchwork Tue Jun 15 14:27:51 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nadav Har'El X-Patchwork-Id: 106216 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o5FERvvi020316 for ; Tue, 15 Jun 2010 14:27:57 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932112Ab0FOO1z (ORCPT ); Tue, 15 Jun 2010 10:27:55 -0400 Received: from mailgw11.technion.ac.il ([132.68.225.11]:41315 "EHLO mailgw11.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932070Ab0FOO1z (ORCPT ); Tue, 15 Jun 2010 10:27:55 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvsEAAsrF0yERHMG/2dsb2JhbACednG/bwKFGASDSg X-IronPort-AV: E=Sophos;i="4.53,420,1272834000"; d="scan'208";a="7585529" Received: from fermat.math.technion.ac.il ([132.68.115.6]) by mailgw11.technion.ac.il with ESMTP; 15 Jun 2010 17:27:52 +0300 Received: from fermat.math.technion.ac.il (localhost [127.0.0.1]) by fermat.math.technion.ac.il (8.12.10/8.12.10) with ESMTP id o5FERqcQ009945; Tue, 15 Jun 2010 17:27:52 +0300 (IDT) Received: (from nyh@localhost) by fermat.math.technion.ac.il (8.12.10/8.12.10/Submit) id o5FERpY9009944; Tue, 15 Jun 2010 17:27:51 +0300 (IDT) X-Authentication-Warning: fermat.math.technion.ac.il: nyh set sender to nyh@math.technion.ac.il using -f Date: Tue, 15 Jun 2010 17:27:51 +0300 From: "Nadav Har'El" To: Avi Kivity Cc: kvm@vger.kernel.org Subject: Re: [PATCH 1/24] Move nested option from svm.c to x86.c Message-ID: <20100615142751.GA9826@fermat.math.technion.ac.il> References: <1276431753-nyh@il.ibm.com> <201006131223.o5DCN4qC012872@rice.haifa.ibm.com> <4C15E42F.9050906@redhat.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <4C15E42F.9050906@redhat.com> User-Agent: Mutt/1.4.2.2i Hebrew-Date: 3 Tammuz 5770 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Tue, 15 Jun 2010 14:27:57 +0000 (UTC) ======== Subject: [PATCH 1/24] Add "nested" module option to vmx.c This patch adds a module option "nested" to vmx.c, which controls whether the guest can use VMX instructions, i.e., whether we allow nested virtualization. A similar, but separate, option already exists for the SVM module. This option currently defaults to 0, meaning that nested VMX must be explicitly enabled by giving nested=1. When nested VMX matures, the default should probably be changed to enable nested VMX by default - just like nested SVM is currently enabled by default. Signed-off-by: Nadav Har'El --- --- .before/arch/x86/kvm/vmx.c 2010-06-15 17:20:01.000000000 +0300 +++ .after/arch/x86/kvm/vmx.c 2010-06-15 17:20:01.000000000 +0300 @@ -67,6 +67,14 @@ module_param(emulate_invalid_guest_state static int __read_mostly vmm_exclusive = 1; module_param(vmm_exclusive, bool, S_IRUGO); +/* + * If nested=1, nested virtualization is supported, i.e., the guest may use + * VMX and be a hypervisor for its own guests. If nested=0, the guest may not + * use VMX instructions. + */ +static int nested = 0; +module_param(nested, int, S_IRUGO); + #define KVM_GUEST_CR0_MASK_UNRESTRICTED_GUEST \ (X86_CR0_WP | X86_CR0_NE | X86_CR0_NW | X86_CR0_CD) #define KVM_GUEST_CR0_MASK \