From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Nadav Har'El" Subject: Re: [PATCH 0/24] Nested VMX, v5 Date: Sun, 17 Oct 2010 14:39:14 +0200 Message-ID: <20101017123914.GA14069@fermat.math.technion.ac.il> References: <1276431753-nyh@il.ibm.com> <4C1621E5.5040201@redhat.com> <20100614130341.GA4455@fermat.math.technion.ac.il> <4C174F36.2060008@redhat.com> <20101017120310.GA12274@fermat.math.technion.ac.il> <4CBAE7D2.2050602@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org To: Avi Kivity Return-path: Received: from mailgw12.technion.ac.il ([132.68.225.12]:14759 "EHLO mailgw12.technion.ac.il" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752180Ab0JQMjg (ORCPT ); Sun, 17 Oct 2010 08:39:36 -0400 Content-Disposition: inline In-Reply-To: <4CBAE7D2.2050602@redhat.com> Sender: kvm-owner@vger.kernel.org List-ID: On Sun, Oct 17, 2010, Avi Kivity wrote about "Re: [PATCH 0/24] Nested VMX, v5": > >patch. In short, try running the L0 kernel with the "nosmp" option, > What are the problems with smp? Unfortunately, there appears to be a bug which causes KVM with nested VMX to hang when SMP is enabled, even if you don't try to use more than one CPU for the guest. I still need to debug this to figure out why. > > give the > >"-cpu host" option to qemu, > > Why is this needed? Qemu has a list of cpu types, and for each type it lists its features. The problem is that Qemu doesn't list the "VMX" feature for any of the CPUs, even those (like core 2 duo). I have a trivial patch to qemu to add the "VMX" feature to those CPUs, which is harmless even if KVM doesn't support nested VMX (qemu will drop features which KVM doesn't support). But until I send such a patch to qemu, the easiest workaround is just to use "-cpu host" - which will (among other things) tell qemu to emulate a machine which has vmx, just like the host does. (I also explained this in the intro to v6 of the patch). > > >and the "nested=1 ept=0 vpid=0" options to the > >kvm-intel module in L0. > > Why are those needed? Seems trivial to support a nonept guest on an ept > host - all you do is switch cr3 during vmentry and vmexit. nested=1 is needed because you asked for it *not* to be the default :-) You're right, ept=1 on the host *could* be supported even before nested ept is supported (this is the mode we called "shadow on ept" in the paper). But at the moment, I believe it doesn't work correctly. I'll add making this case work to my TODO list. I'm not sure why vpid=0 is needed (but I verified that you get a failed entry if you don't use it). I understood that there was some discussion on what is the proper way to do nested vpid, and that in the meantime it isn't supported, but I agree that it should have been possible to use vpid normally to run L1's but avoid using it when running L2's. Again, I'll need to debug this issue to understand how difficult it would be to fix this case. Nadav. -- Nadav Har'El | Sunday, Oct 17 2010, 9 Heshvan 5771 nyh@math.technion.ac.il |----------------------------------------- Phone +972-523-790466, ICQ 13349191 |Strike not only while the iron is hot, http://nadav.harel.org.il |make the iron hot by striking it.