Hi, Thanks for the reply. I have a Intel Q9550 processor. EPT was introduced in the Nehalem series, where my processor is not part of. Based on that, I conclude that I am not using EPT and thus using shadow page tables. The problem of running (for example) a VirtualBox guest inside a KVM guest is a problem in the use of the shadow page tables? Is there a way I can test or confirm this so that I can know what exactly is the problem with the shadow page tables? Using EPT (in a Nehalem processor) the nesting might work without the nested vmx support in KVM? I am looking into these issues for my master theses about nested virtualzation in general. The goal is to make an overview about successful and less successful nested virtualization and what the problems still are. In this case, I am looking what is keeping software virtualization solutions from nesting inside a hardware assisted virtualizaton solution (e.g. KVM). Thanks in advance, Olivier On Mon, Mar 1, 2010 at 10:19 AM, Dong, Eddie <eddie.dong@xxxxxxxxx> wrote: > The goal of HVM virtualization is to provide an exact same with native platform to guest in KVM guest and Xen HVM guest, however for some reason, it is not strictly followed in today's virtualization solution. VMMs normally take shortcut to make commodity OS happen for performance etc. That brings trouble to nested virtualBox mentioned in your case. > > 3 years ago, Intel ever tried to run VirtualPC inside Xen HVM guest. Disheng Su fixed a number of bugs in Xen and eventually succesefully launched the nested virtualPC. You may still find the patches and comments in Xenbit (from Disheng Su for nested virtualPC). The main issue at that time is for shadow page table which optimizes MMU virtualization but not exactly follow architecture equavalence for performance reason. Are you running on shadow page table or EPT? > > IBM and Intel both developed virtual VMX support for nested virtualization. You may leverage. > > Thx, Eddie > > > Olivier Berghmans wrote: >> Hi all, >> >> I'm currently researching the possibility of nested virtualization. >> The goal is to test which hypervisor can be nested inside kvm. >> >> I have already read much about nested virtualization on AMD machines >> (on the mailing list and Avi's blog) with the nested svm patch, but I >> did not find much information about this subject on Intel machines. >> What I did find is that the nested vmx support is not yet finished (or >> maybe almost?). So I understand that testing whether kvm runs inside >> kvm on Intel will not work until this patch is included in kvm. >> >> However, the goal of the patch is to insert the virtualization >> extension into the guest (in virtualized processor), right? >> Hypervisors that use software virtualization do not need these >> extension so is it correct to state that these hypervisors could >> already be nested inside kvm (e.g. running a VirtualBox or VMware >> guest inside a kvm guest)? When I tried this with VMware, the KVM >> guest (L1) crashed and rebooted. The test with VirtualBox displayed >> the message "Kernel panic - not syncing: Attempted to kill init!". >> Nesting a Xen guest inside a KVM guest also failed in that the Xen >> guest tries to boot, crashes and tries to reboot, etc. >> >> Is there something that I'm overlooking or something that I can try in >> order to get it to work? Or what could be the problem that these >> hypervisors cannot be nested? >> >> Some technical information: >> >> host$ cat /proc/cpuinfo >> model name : Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz >> >> host$ dmesg | grep kvm >> [ 18.480937] loaded kvm module (kvm-kmod-devel-88) >> [ 4924.495094] kvm: emulating exchange as write >> >> host$ uname -a >> Linux 2.6.28-16-generic #57-Ubuntu SMP Wed Nov 11 09:47:24 UTC 2009 >> i686 GNU/Linux >> >> Kind regards, >> Olivier >> >> -- >> >> Met vriendelijke groet >> Olivier Berghmans > > -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
