KVM: nVMX: Add "nested" module option to kvm_intel · 801d342432 - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

KVM: nVMX: Add "nested" module option to kvm_intel

This patch adds to kvm_intel a module option "nested". This option controls
whether the guest can use VMX instructions, i.e., whether we allow nested
virtualization. A similar, but separate, option already exists for the
SVM module.

This option currently defaults to 0, meaning that nested VMX must be
explicitly enabled by giving nested=1. When nested VMX matures, the default
should probably be changed to enable nested VMX by default - just like
nested SVM is currently enabled by default.

Signed-off-by: Nadav Har'El <nyh@il.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

This commit is contained in:

Nadav Har'El

2011-05-25 23:02:23 +03:00

• committed by

Avi Kivity

parent b5c9ff731f

commit 801d342432

1 changed files with 25 additions and 0 deletions

									
										25

arch/x86/kvm/vmx.c
									
										View file
										
					@ -74,6 +74,14 @@ module_param(vmm_exclusive, bool, S_IRUGO);

					static int __read_mostly yield_on_hlt = 1;

					static int __read_mostly yield_on_hlt = 1;

					module_param(yield_on_hlt, bool, S_IRUGO);

					module_param(yield_on_hlt, bool, S_IRUGO);

					/*

					 * If nested=1, nested virtualization is supported, i.e., guests may use

					 * VMX and be a hypervisor for its own guests. If nested=0, guests may not

					 * use VMX instructions.

					 */

					static int __read_mostly nested = 0;

					module_param(nested, bool, S_IRUGO);

					#define KVM_GUEST_CR0_MASK_UNRESTRICTED_GUEST				\

					#define KVM_GUEST_CR0_MASK_UNRESTRICTED_GUEST				\

						(X86_CR0_WP | X86_CR0_NE | X86_CR0_NW | X86_CR0_CD)

						(X86_CR0_WP | X86_CR0_NE | X86_CR0_NW | X86_CR0_CD)

					#define KVM_GUEST_CR0_MASK						\

					#define KVM_GUEST_CR0_MASK						\

					@ -1292,6 +1300,23 @@ static u64 vmx_compute_tsc_offset(struct kvm_vcpu *vcpu, u64 target_tsc)

						return target_tsc - native_read_tsc();

						return target_tsc - native_read_tsc();

					}

					}

					static bool guest_cpuid_has_vmx(struct kvm_vcpu *vcpu)

					{

						struct kvm_cpuid_entry2 *best = kvm_find_cpuid_entry(vcpu, 1, 0);

						return best && (best->ecx & (1 << (X86_FEATURE_VMX & 31)));

					}

					/*

					 * nested_vmx_allowed() checks whether a guest should be allowed to use VMX

					 * instructions and MSRs (i.e., nested VMX). Nested VMX is disabled for

					 * all guests if the "nested" module option is off, and can also be disabled

					 * for a single guest by disabling its VMX cpuid bit.

					 */

					static inline bool nested_vmx_allowed(struct kvm_vcpu *vcpu)

					{

						return nested && guest_cpuid_has_vmx(vcpu);

					}

					/*

					/*

					 * Reads an msr value (of 'msr_index') into 'pdata'.

					 * Reads an msr value (of 'msr_index') into 'pdata'.

					 * Returns 0 on success, non-0 otherwise.

					 * Returns 0 on success, non-0 otherwise.