From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH 00/10] Add support for nested SVM (kernel) v4 Date: Sun, 19 Oct 2008 11:56:00 +0200 Message-ID: <48FB0430.10405@redhat.com> References: <1224099093-10985-1-git-send-email-agraf@suse.de> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org, joro@8bytes.org, anthony@codemonkey.ws, avi@qumranet.com To: Alexander Graf Return-path: Received: from mx2.redhat.com ([66.187.237.31]:51588 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751024AbYJSJ4J (ORCPT ); Sun, 19 Oct 2008 05:56:09 -0400 In-Reply-To: <1224099093-10985-1-git-send-email-agraf@suse.de> Sender: kvm-owner@vger.kernel.org List-ID: Alexander Graf wrote: > The current generation of virtualization extensions only supports one VM layer. > While we can't change that, it is pretty easy to emulate the CPU's behavior > and implement the virtualization opcodes ourselves. > > This patchset does exactly this for SVM. Using it, KVM can run within a VM. > Since we're emulating the real CPU's behavior, this should also enable other > VMMs to run within KVM. > So far I've only tested to run KVM inside the VM though. > > As always, comments and suggestions are highly welcome. > > v2 takes most comments from Avi into account. > > v3 addresses Joergs comments, including > > - V_INTR_MASKING support > - a generic permission checking helper > > v4 addresses even more comments from Joerg, including > > - don't use the guest's hsave to store the guest's vmcb in > - add nested= flag for kvm-amd.ko, defaults to 0 (off) > - include Joerg's VM_CR MSR patch > > To be usable, this patchset requires the two simple changes in the userspace > part, that I sent to the list with the first version. > > Known issues: > > - TODO: #VMEXIT on save/restore > - SMP l2 guests break with in-kernel-apic > Looks ready to apply, though it would be good to get smp working. Defaulting to off relaxes some of the worries. I assume the move to host-backed hsave fixes the security hole Joerg spotted? -- error compiling committee.c: too many arguments to function