[3.13.y stable][trusty][SRU][pull-request] Fix for LP: #1329434

Chris J Arges chris.j.arges at canonical.com
Mon Aug 18 15:29:53 UTC 2014 

BugLink: http://bugs.launchpad.net/bugs/1329434

[Impact]
Using nested KVM on some hypervisors doesn't work.

[Test Case]
A script to make this easier is posted here:
https://gist.github.com/arges/9d21c6da03a8c10d3980

1) enable nested KVM:
sudo modprobe -r kvm_intel
sudo modprobe kvm_intel nested=1
cat /sys/module/kvm_intel/parameters/nested
# should say Y
2) generate an L1 guest and then generate an L2 guest inside the L1 guest
- ensure L1 has enough memory to boot L2
- if using libvirt you may need to edit the default bridge to use a
different subnet than the L1 guest
3) boot the L2 guest
4) L2 guest should boot

[Fix]

These three upstream patches needed to be backported to 3.13:

* 533558bcb69ef28aff81b6ae9acda8943575319f
  - This provides necessary code changes to make backporting easier.
However vmx_leave_nested function was not yet added, so that function
modification was dropped.

* b6b8a1451fc40412c57d10c94b62e22acab28f94
  - This patch is necessary in order to ensure that the L1 guest doesn't
crash with just 696dfd95 applied. I had to remove mpx mentions from the
cherry-pick as that feature hasn't been added yet.

* 696dfd95ba9838327a7013e5988ff3ba60dcc8c8
  - This patch fixes the issue and was the result of the bisection. The
APIC virtualization features need to be disabled as they cause L2 guests
to not boot depending on the CPU.

--

The following changes since commit 0a985c5524ae9cd5759bb3e8a4679b87b3a9d334:

  nfs: check if gssd is running before attempting to use krb5i auth in
SETCLIENTID call (2014-08-14 07:49:46 -0600)

are available in the git repository at:

  git://kernel.ubuntu.com/arges/ubuntu-trusty.git lp1329434

for you to fetch changes up to 4a27cc2dfd2d562c4bb3aaac459b8e54f3ee6fc9:

  KVM: vmx: disable APIC virtualization in nested guests (2014-08-15
15:56:40 -0500)

----------------------------------------------------------------
Jan Kiszka (2):
      KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit
      KVM: nVMX: Rework interception of IRQs and NMIs

Paolo Bonzini (1):
      KVM: vmx: disable APIC virtualization in nested guests

 arch/x86/include/asm/kvm_host.h |   2 ++
 arch/x86/kvm/vmx.c              | 130
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------------------------------------------
 arch/x86/kvm/x86.c              |  26 +++++++++++++++++++-------
 3 files changed, 95 insertions(+), 63 deletions(-)

More information about the kernel-team mailing list