This patch adds a module option "nested" to vmx.c, which controls whether the guest can use VMX instructions, i.e., whether we allow nested virtualization. A similar, but separate, option already exists for the SVM module. This option currently defaults to 0, meaning that nested VMX must be explicitly enabled by giving nested=1. When nested VMX matures, the default should probably be changed to enable nested VMX by default - just like nested SVM is currently enabled by default. Signed-off-by: Nadav Har'El <nyh@xxxxxxxxxx> --- arch/x86/kvm/vmx.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- .before/arch/x86/kvm/vmx.c 2010-10-17 11:51:59.000000000 +0200 +++ .after/arch/x86/kvm/vmx.c 2010-10-17 11:51:59.000000000 +0200 @@ -69,6 +69,14 @@ module_param(emulate_invalid_guest_state static int __read_mostly vmm_exclusive = 1; module_param(vmm_exclusive, bool, S_IRUGO); +/* + * If nested=1, nested virtualization is supported, i.e., the guest may use + * VMX and be a hypervisor for its own guests. If nested=0, the guest may not + * use VMX instructions. + */ +static int nested = 0; +module_param(nested, int, S_IRUGO); + #define KVM_GUEST_CR0_MASK_UNRESTRICTED_GUEST \ (X86_CR0_WP | X86_CR0_NE | X86_CR0_NW | X86_CR0_CD) #define KVM_GUEST_CR0_MASK \ -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html