From mboxrd@z Thu Jan 1 00:00:00 1970 From: Joerg Roedel Subject: Re: [PATCH 00/12] Add support for nested SVM (kernel) v7 Date: Thu, 27 Nov 2008 10:48:26 +0100 Message-ID: <20081127094826.GF26275@8bytes.org> References: <1227640632-18349-1-git-send-email-agraf@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org, anthony@codemonkey.ws, avi@redhat.com, muli@il.ibm.com To: Alexander Graf Return-path: Received: from 8bytes.org ([88.198.83.132]:60821 "EHLO 8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752377AbYK0Js3 (ORCPT ); Thu, 27 Nov 2008 04:48:29 -0500 Content-Disposition: inline In-Reply-To: <1227640632-18349-1-git-send-email-agraf@suse.de> Sender: kvm-owner@vger.kernel.org List-ID: On Tue, Nov 25, 2008 at 08:17:00PM +0100, Alexander Graf wrote: > The current generation of virtualization extensions only supports one VM layer. > While we can't change that, it is pretty easy to emulate the CPU's behavior > and implement the virtualization opcodes ourselves. > > This patchset does exactly this for SVM. Using it, KVM can run within a VM. > Since we're emulating the real CPU's behavior, this should also enable other > VMMs to run within KVM. > So far I've only tested to run KVM inside the VM though. > > As always, comments and suggestions are highly welcome. > > v2 takes most comments from Avi into account. > > v3 addresses Joergs comments, including > > - V_INTR_MASKING support > - a generic permission checking helper > > v4 addresses even more comments from Joerg, including > > - don't use the guest's hsave to store the guest's vmcb in > - add nested= flag for kvm-amd.ko, defaults to 0 (off) > - include Joerg's VM_CR MSR patch > > v5 removes the IOPM merging code > > v6 addresses comments from Joerg and Anthony: > > - don't flood the host's log with printks > - export SVM capability to userspace (SVM CPUID capability) > - prettify nsvm_printk > - pass an error code on inject_gp (0) > - always close interrupt_window if GIF=0 > - fix 32-bit l1 guests > - warn in syslog if nested=1 on module load > - huge speed improvements > > v7 makes vmrun return 0 so the MSR stuff gets ORed (thanks muli!) > > To be usable, this patchset requires simple changes in the userspace part. > For now you can easily use the patches I sent to the list when I sent the first > version if you comment out the new svm masking in qemu/target-i386/helper.c. > > I will submit a newer version of the userspace patch once the kernel parts are OK. > > Known issues: > > - TODO: #VMEXIT on save/restore > - SMP l2 guests break with in-kernel-apic > - NPT=1 with an i386 l1 guest breaks the l2 guest > - MMU syncing with NPT=1 seems strange > > Thanks for reviewing! Acked-by: Joerg Roedel