| Message ID | 53F21BF1.4020807@canonical.com |
|---|---|
| State | New |
| Headers | show |
Seems like it ought to be eligible for stable.
On Mon, Aug 18, 2014 at 10:29:53AM -0500, Chris J Arges wrote: > BugLink: http://bugs.launchpad.net/bugs/1329434 > > [Impact] > Using nested KVM on some hypervisors doesn't work. > > [Test Case] > A script to make this easier is posted here: > https://gist.github.com/arges/9d21c6da03a8c10d3980 > > 1) enable nested KVM: > sudo modprobe -r kvm_intel > sudo modprobe kvm_intel nested=1 > cat /sys/module/kvm_intel/parameters/nested > # should say Y > 2) generate an L1 guest and then generate an L2 guest inside the L1 guest > - ensure L1 has enough memory to boot L2 > - if using libvirt you may need to edit the default bridge to use a > different subnet than the L1 guest > 3) boot the L2 guest > 4) L2 guest should boot > > [Fix] > > These three upstream patches needed to be backported to 3.13: > > * 533558bcb69ef28aff81b6ae9acda8943575319f > - This provides necessary code changes to make backporting easier. > However vmx_leave_nested function was not yet added, so that function > modification was dropped. > > * b6b8a1451fc40412c57d10c94b62e22acab28f94 > - This patch is necessary in order to ensure that the L1 guest doesn't > crash with just 696dfd95 applied. I had to remove mpx mentions from the > cherry-pick as that feature hasn't been added yet. > > * 696dfd95ba9838327a7013e5988ff3ba60dcc8c8 > - This patch fixes the issue and was the result of the bisection. The > APIC virtualization features need to be disabled as they cause L2 guests > to not boot depending on the CPU. > > -- > > The following changes since commit 0a985c5524ae9cd5759bb3e8a4679b87b3a9d334: > > nfs: check if gssd is running before attempting to use krb5i auth in > SETCLIENTID call (2014-08-14 07:49:46 -0600) > > are available in the git repository at: > > git://kernel.ubuntu.com/arges/ubuntu-trusty.git lp1329434 > > for you to fetch changes up to 4a27cc2dfd2d562c4bb3aaac459b8e54f3ee6fc9: > > KVM: vmx: disable APIC virtualization in nested guests (2014-08-15 > 15:56:40 -0500) > > ---------------------------------------------------------------- > Jan Kiszka (2): > KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit > KVM: nVMX: Rework interception of IRQs and NMIs > > Paolo Bonzini (1): > KVM: vmx: disable APIC virtualization in nested guests > > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/vmx.c | 130 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------- > arch/x86/kvm/x86.c | 26 +++++++++++++++++++------- > 3 files changed, 95 insertions(+), 63 deletions(-) Ugg. As much as they can be reviewed these look ok. These need some testing on "not whatever they fix" before we release this. Acked-by: Andy Whitcroft <apw@canonical.com> -apw
On 08/18/2014 09:29 AM, Chris J Arges wrote: > BugLink: http://bugs.launchpad.net/bugs/1329434 > > [Impact] > Using nested KVM on some hypervisors doesn't work. > > [Test Case] > A script to make this easier is posted here: > https://gist.github.com/arges/9d21c6da03a8c10d3980 > > 1) enable nested KVM: > sudo modprobe -r kvm_intel > sudo modprobe kvm_intel nested=1 > cat /sys/module/kvm_intel/parameters/nested > # should say Y > 2) generate an L1 guest and then generate an L2 guest inside the L1 guest > - ensure L1 has enough memory to boot L2 > - if using libvirt you may need to edit the default bridge to use a > different subnet than the L1 guest > 3) boot the L2 guest > 4) L2 guest should boot > > [Fix] > > These three upstream patches needed to be backported to 3.13: > > * 533558bcb69ef28aff81b6ae9acda8943575319f > - This provides necessary code changes to make backporting easier. > However vmx_leave_nested function was not yet added, so that function > modification was dropped. > > * b6b8a1451fc40412c57d10c94b62e22acab28f94 > - This patch is necessary in order to ensure that the L1 guest doesn't > crash with just 696dfd95 applied. I had to remove mpx mentions from the > cherry-pick as that feature hasn't been added yet. > > * 696dfd95ba9838327a7013e5988ff3ba60dcc8c8 > - This patch fixes the issue and was the result of the bisection. The > APIC virtualization features need to be disabled as they cause L2 guests > to not boot depending on the CPU. > > -- > > The following changes since commit 0a985c5524ae9cd5759bb3e8a4679b87b3a9d334: > > nfs: check if gssd is running before attempting to use krb5i auth in > SETCLIENTID call (2014-08-14 07:49:46 -0600) > > are available in the git repository at: > > git://kernel.ubuntu.com/arges/ubuntu-trusty.git lp1329434 > > for you to fetch changes up to 4a27cc2dfd2d562c4bb3aaac459b8e54f3ee6fc9: > > KVM: vmx: disable APIC virtualization in nested guests (2014-08-15 > 15:56:40 -0500) > > ---------------------------------------------------------------- > Jan Kiszka (2): > KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit > KVM: nVMX: Rework interception of IRQs and NMIs > > Paolo Bonzini (1): > KVM: vmx: disable APIC virtualization in nested guests > > arch/x86/include/asm/kvm_host.h | 2 ++ > arch/x86/kvm/vmx.c | 130 > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------- > arch/x86/kvm/x86.c | 26 +++++++++++++++++++------- > 3 files changed, 95 insertions(+), 63 deletions(-) > >
BugLink: http://bugs.launchpad.net/bugs/1329434 [Impact] Using nested KVM on some hypervisors doesn't work. [Test Case] A script to make this easier is posted here: https://gist.github.com/arges/9d21c6da03a8c10d3980 1) enable nested KVM: sudo modprobe -r kvm_intel sudo modprobe kvm_intel nested=1 cat /sys/module/kvm_intel/parameters/nested # should say Y 2) generate an L1 guest and then generate an L2 guest inside the L1 guest - ensure L1 has enough memory to boot L2 - if using libvirt you may need to edit the default bridge to use a different subnet than the L1 guest 3) boot the L2 guest 4) L2 guest should boot [Fix] These three upstream patches needed to be backported to 3.13: * 533558bcb69ef28aff81b6ae9acda8943575319f - This provides necessary code changes to make backporting easier. However vmx_leave_nested function was not yet added, so that function modification was dropped. * b6b8a1451fc40412c57d10c94b62e22acab28f94 - This patch is necessary in order to ensure that the L1 guest doesn't crash with just 696dfd95 applied. I had to remove mpx mentions from the cherry-pick as that feature hasn't been added yet. * 696dfd95ba9838327a7013e5988ff3ba60dcc8c8 - This patch fixes the issue and was the result of the bisection. The APIC virtualization features need to be disabled as they cause L2 guests to not boot depending on the CPU. -- The following changes since commit 0a985c5524ae9cd5759bb3e8a4679b87b3a9d334: nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call (2014-08-14 07:49:46 -0600) are available in the git repository at: git://kernel.ubuntu.com/arges/ubuntu-trusty.git lp1329434 for you to fetch changes up to 4a27cc2dfd2d562c4bb3aaac459b8e54f3ee6fc9: KVM: vmx: disable APIC virtualization in nested guests (2014-08-15 15:56:40 -0500) ---------------------------------------------------------------- Jan Kiszka (2): KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit KVM: nVMX: Rework interception of IRQs and NMIs Paolo Bonzini (1): KVM: vmx: disable APIC virtualization in nested guests arch/x86/include/asm/kvm_host.h | 2 ++ arch/x86/kvm/vmx.c | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------------------- arch/x86/kvm/x86.c | 26 +++++++++++++++++++------- 3 files changed, 95 insertions(+), 63 deletions(-)