nested virtualization with KVM: -enable-kvm in qemu in nested virtualization
To test if the kvm
support is enabled in the current host (ie, it works in the virtual machine) do:
grep -E "(vmx|svm)" /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave avx f16c lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce tbm topoext perfctr_core perfctr_nb arat cpb hw_pstate npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold vmmcall bmi1
In the question:
grep -E "(vmx|svm)" /proc/cpuinfo | wc -l
0
It means that the support is disabled, and enable-kvm
won't work. Action in the bare metal machine is required.
By default, Linux KVM has nested virtualization support disabled.
You have to enable it in the host of the outermost VM (in your question you tried to do that inside the outermost VM, instead). For example, for an Intel CPU:
# rmmod kvm_intel
# modprobe kvm_intel nested=1
Verification (on the host of the outermost VM):
$ cat /sys/module/kvm_intel/parameters/nested
Y
(The KVM module for AMD is unsurprisingly called kvm_amd
.)
Nesting can be enabled persistently via dropping a config file into /etc/modprobe.d
.
This is a necessary condition for nested virtualization. In addition to that, you need to tell QEMU to enable virtualization support in the outermost VM by supplying the right CPU argument, e.g.:
-cpu host
or something more specific like:
-cpu Haswell-noTSX-IBRS,vmx=on
Inside the outermost VM, you can verify virtualization support via:
$ grep -o 'vmx\|svm' /proc/cpuinfo
$ kvm-ok
INFO: /dev/kvm exists
KVM acceleration can be used