Ok... I will replace the hvm_svm_enabled() to check the EFER.SVME bit instead.On 12.08.13 at 13:13, "Egger, Christoph" <chegger@amazon.de> wrote:On 12.08.13 11:01, Jan Beulich wrote:On 12.08.13 at 10:57, "Egger, Christoph" <chegger@amazon.de> wrote:On 08.08.13 08:47, Jan Beulich wrote:In any case - explaining how nestedhvm_enabled() could end up returning a value different from hvm_svm_enabled() would help my understanding.nestedhvm_enabled() returns true when 'nestedhvm=1' in the guest config file. hvm_svm_enabled() returns true when the hvm guest enabled SVM in EFER.And the guest should certainly be disallowed to enable SVM in EFER when nestedhvm was not 1 in the config file.That's correct. The guest should also never see SVM available via cpuid. Analogous same regarding VMX on Intel.So Suravee, bottom line from this is: Replace the prior checks instead of adding the new ones. Jan