From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Nadav Har'El" <nyh@math.technion.ac.il>
Subject: Re: [PATCH 1/24] Move nested option from svm.c to x86.c
Date: Tue, 15 Jun 2010 17:27:51 +0300
Message-ID: <20100615142751.GA9826@fermat.math.technion.ac.il>
References: <1276431753-nyh@il.ibm.com> <201006131223.o5DCN4qC012872@rice.haifa.ibm.com> <4C15E42F.9050906@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: kvm@vger.kernel.org
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mailgw11.technion.ac.il ([132.68.225.11]:41315 "EHLO
	mailgw11.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932070Ab0FOO1z (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 15 Jun 2010 10:27:55 -0400
Content-Disposition: inline
In-Reply-To: <4C15E42F.9050906@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Mon, Jun 14, 2010, Avi Kivity wrote about "Re: [PATCH 1/24] Move nested option from svm.c to x86.c":
> A global variable names 'nested' is not a good idea.  I recommend having 
> a kvm-intel scope module parameter instead, that also avoids the 0/1/2 
> values.

The rationale behind having a "nested" flag in x86.c (instead of individually
in svm.c and vmx.c) was that it allows nesting-related logic that is common to
both SVM and VMX to reside in x86.c.

But you are right that this is not very important right now. So in the fixed
patch below I've changed it to be a separate module parameter "nested" for
each module. As you requested, VMX's nested option defaults to off.

========
Subject: [PATCH 1/24] Add "nested" module option to vmx.c

This patch adds a module option "nested" to vmx.c, which controls whether
the guest can use VMX instructions, i.e., whether we allow nested
virtualization. A similar, but separate, option already exists for the
SVM module.

This option currently defaults to 0, meaning that nested VMX must be
explicitly enabled by giving nested=1. When nested VMX matures, the default
should probably be changed to enable nested VMX by default - just like
nested SVM is currently enabled by default.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
---
--- .before/arch/x86/kvm/vmx.c	2010-06-15 17:20:01.000000000 +0300
+++ .after/arch/x86/kvm/vmx.c	2010-06-15 17:20:01.000000000 +0300
@@ -67,6 +67,14 @@ module_param(emulate_invalid_guest_state
 static int __read_mostly vmm_exclusive = 1;
 module_param(vmm_exclusive, bool, S_IRUGO);
 
+/*
+ * If nested=1, nested virtualization is supported, i.e., the guest may use
+ * VMX and be a hypervisor for its own guests. If nested=0, the guest may not
+ * use VMX instructions.
+ */
+static int nested = 0;
+module_param(nested, int, S_IRUGO);
+
 #define KVM_GUEST_CR0_MASK_UNRESTRICTED_GUEST				\
 	(X86_CR0_WP | X86_CR0_NE | X86_CR0_NW | X86_CR0_CD)
 #define KVM_GUEST_CR0_MASK						\

-- 
Nadav Har'El                        |      Tuesday, Jun 15 2010, 3 Tammuz 5770
nyh@math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |When everything's coming your way, you're
http://nadav.harel.org.il           |in the wrong lane.