[PATCH] KVM: VMX: enable nested virtualization by default

From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: liran.alon@oracle.com, jmattson@google.com
Subject: [PATCH] KVM: VMX: enable nested virtualization by default
Date: Wed, 17 Oct 2018 00:55:22 +0200	[thread overview]
Message-ID: <20181016225522.13077-1-pbonzini@redhat.com> (raw)

With live migration support and finally a good solution for CR2/DR6
exception payloads, nested VMX should finally be ready for having a stable
userspace ABI.  The results of syzkaller fuzzing are not perfect but not
horrible either (and might be partially due to running on GCE, so that
effectively we're testing three-level nesting on a fork of upstream KVM!).
Enabling it by default seems like a nice way to conclude the 4.20
pull request. :)

Unfortunately, enabling nested SVM in 2009 was a bit premature.  However,
until live migration support is in place we can reasonably expect that
it does not offer much in terms of ABI guarantees.  Therefore we are
still in time to break things and conform as much as possible to the
interface used for VMX.

Suggested-by: Jim Mattson <jmattson@google.com>
Suggested-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 arch/x86/kvm/vmx.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index e665aa7167cf..89fc2a744d7f 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -107,7 +107,7 @@ module_param_named(enable_shadow_vmcs, enable_shadow_vmcs, bool, S_IRUGO);
  * VMX and be a hypervisor for its own guests. If nested=0, guests may not
  * use VMX instructions.
  */
-static bool __read_mostly nested = 0;
+static bool __read_mostly nested = 1;
 module_param(nested, bool, S_IRUGO);
 
 static u64 __read_mostly host_xss;
-- 
2.17.1

