> From: Nadav Har'El > Sent: Tuesday, May 17, 2011 4:00 AM > > This patch includes a brief introduction to the nested vmx feature in the > Documentation/kvm directory. The document also includes a copy of the > vmcs12 structure, as requested by Avi Kivity. > > Signed-off-by: Nadav Har'El <nyh@xxxxxxxxxx> > --- > Documentation/kvm/nested-vmx.txt | 243 > +++++++++++++++++++++++++++++ > 1 file changed, 243 insertions(+) > > --- .before/Documentation/kvm/nested-vmx.txt 2011-05-16 > 22:36:51.000000000 +0300 > +++ .after/Documentation/kvm/nested-vmx.txt 2011-05-16 > 22:36:51.000000000 +0300 > @@ -0,0 +1,243 @@ > +Nested VMX > +========== > + > +Overview > +--------- > + > +On Intel processors, KVM uses Intel's VMX (Virtual-Machine eXtensions) > +to easily and efficiently run guest operating systems. Normally, these guests > +*cannot* themselves be hypervisors running their own guests, because in > VMX, > +guests cannot use VMX instructions. "because in VMX, guests cannot use VMX instructions" looks not correct or else you can't add nVMX support. :-) It's just because currently KVM doesn't emulate those VMX instructions. > + > +The "Nested VMX" feature adds this missing capability - of running guest > +hypervisors (which use VMX) with their own nested guests. It does so by > +allowing a guest to use VMX instructions, and correctly and efficiently > +emulating them using the single level of VMX available in the hardware. > + > +We describe in much greater detail the theory behind the nested VMX > feature, > +its implementation and its performance characteristics, in the OSDI 2010 > paper > +"The Turtles Project: Design and Implementation of Nested Virtualization", > +available at: > + > + http://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf > + > + > +Terminology > +----------- > + > +Single-level virtualization has two levels - the host (KVM) and the guests. > +In nested virtualization, we have three levels: The host (KVM), which we call > +L0, the guest hypervisor, which we call L1, and its nested guest, which we > +call L2. Add a brief introduction about vmcs01/vmcs02/vmcs12 is also helpful here, given that this doc is a centralized place to gain quick picture of the nested VMX. > + > + > +Known limitations > +----------------- > + > +The current code supports running Linux guests under KVM guests. > +Only 64-bit guest hypervisors are supported. > + > +Additional patches for running Windows under guest KVM, and Linux under > +guest VMware server, and support for nested EPT, are currently running in > +the lab, and will be sent as follow-on patchsets. any plan on nested VTD? > + > + > +Running nested VMX > +------------------ > + > +The nested VMX feature is disabled by default. It can be enabled by giving > +the "nested=1" option to the kvm-intel module. > + > +No modifications are required to user space (qemu). However, qemu's default > +emulated CPU type (qemu64) does not list the "VMX" CPU feature, so it must > be > +explicitly enabled, by giving qemu one of the following options: > + > + -cpu host (emulated CPU has all features of the real > CPU) > + > + -cpu qemu64,+vmx (add just the vmx feature to a named CPU > type) > + > + > +ABIs > +---- > + > +Nested VMX aims to present a standard and (eventually) fully-functional VMX > +implementation for the a guest hypervisor to use. As such, the official > +specification of the ABI that it provides is Intel's VMX specification, > +namely volume 3B of their "Intel 64 and IA-32 Architectures Software > +Developer's Manual". Not all of VMX's features are currently fully supported, > +but the goal is to eventually support them all, starting with the VMX features > +which are used in practice by popular hypervisors (KVM and others). It'd be good to provide a list of known supported features. In your current code, people have to look at code to understand current status. If you can keep a supported and verified feature list here, it'd be great. Thanks Kevin -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
