Home FAQ How To Enable Nested Virtualization In KVM In Linux
Enable Nested Virtualization In KVM In Linux

How To Enable Nested Virtualization In KVM In Linux

By sk
2551 Views

In this guide, we will see how enable nested virtualization in KVM in Linux. Nested virtualization is a feature that allows you to run a virtual machine inside another virtual machine while still using the hardware acceleration from the host system. In other words, nested virtualization is a mechanism of running a hypervisor inside of a virtual machine (VM), which itself runs on a hypervisor.

Enable nested virtualization in KVM in Linux

Before enabling nested VT feature, power off all running VMs.

Next, unload KVM modules.

To unload KVM module on INTEL systems, run:

$ sudo modprobe -r kvm_intel

On AMD systems:

$ sudo modprobe -r kvm_amd

Reload the KVM module with the nested feature enabled on INTEL CPUs with command:

$ sudo modprobe kvm_intel nested=1

Reload the KVM module with the nested feature enabled on AMD CPUs using command:

$ sudo modprobe kvm_amd nested=1

Enable nested virtualization permanently

Please note that nested VT feature is only enabled until your reboot the KVM host system. To permanently enable the nested feature, edit /etc/modprobe.d/kvm.conf file:

$ sudo vi /etc/modprobe.d/kvm.conf

If the file doesn't exists, just create it.

Add the following line on INTEL hosts:

options kvm_intel nested=1

Add the following line on AMD hosts:

options kvm_amd nested=1

Save and close the file.

Done! We have enabled nested VT on KVM host system.

Verify if nested virtualization is enabled in KVM host

If your processor is INTEL, check the "/sys/module/kvm_intel/parameters/nested" file using "cat" command:

$ cat /sys/module/kvm_intel/parameters/nested

Check if nested virtualization is supported in Linux

If it returns "Y" or "1", it means that your system supports nested virtualization. If the output is "N" or "0", your system won't support nested virtualization.

If your processor is AMD, check the contents of "/sys/module/kvm_amd/parameters/nested" file.

Alternatively, you can use the following command to ensure "kvm_intel" kernel module has nesting enabled:

$ modinfo kvm_intel | grep -i nested

Sample output:

parm:           nested_early_check:bool
parm:           nested:bool

On AMD CPU:

$ modinfo kvm_amd | grep -i nested

Well, my KVM host supports nested virtualization and it is already enabled.

Enable nested virtualization on KVM guest machines

We can enable nested feature on a KVM VM either from command line or using a graphical KVM management applications like Virt-manager.

Enable nested feature in KVM guests from command line

Log in to the virsh console:

$ virsh

Edit the VM in which you want to enable nested feature:

virsh # edit centos

To find the all available VMs, run this command inside virsh console:

virsh # list --all

Find "cpu mode" parameter and set its value as "host-model".

<cpu mode='host-model' check='partial'/>

Enable nested feature in KVM guests using virsh command

Save and close the file.

Start the VM:

virsh # start centos8

Verify if nested feature is enabled for the VM:

virsh # dumpxml centos8

You should see all the necessary feature policies under "cpu mode" directive are updated now:

<cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>SandyBridge-IBRS</model>
    <vendor>Intel</vendor>
    <feature policy='require' name='vme'/>
    <feature policy='require' name='vmx'/>
    <feature policy='require' name='pcid'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='arat'/>
    <feature policy='require' name='tsc_adjust'/>
    <feature policy='require' name='umip'/>
    <feature policy='require' name='md-clear'/>
    <feature policy='require' name='stibp'/>
    <feature policy='require' name='arch-capabilities'/>
    <feature policy='require' name='ssbd'/>
    <feature policy='require' name='xsaveopt'/>
    <feature policy='require' name='ibpb'/>
    <feature policy='require' name='amd-ssbd'/>
    <feature policy='require' name='skip-l1dfl-vmentry'/>
    <feature policy='disable' name='aes'/>
  </cpu>

Verify if nested feature is enabled for KVM guest

Nested virtualization feature has been enabled for CentOS 8 VM.

Enable nested feature in KVM guests using Virt-manager

Open Virt-manager GUI application and double click the KVM guest in which you want to enable nested VT feature. Click on the "Show virtual hardware details" button and go to the "CPUs" section in left menu.

Select the "Copy host CPU configuration" check box in the CPU configuration window and click Apply.

Configure nested virtualization in VIrt-manager

Now the physical host's CPU model and configuration will be applied to the VM.

Check if the KVM guests supports virtualization

Power on and log in to the KVM guest machine in which you enabled the nested feature.

Run the following command in the KVM guest's Terminal to verify if the Virtualization is enabled or not:

# egrep --color -i "svm|vmx" /proc/cpuinfo

Sample output:

Check if KVM guests supports virtualization technology in Linux

If you see “vmx” (Intel-VT technology) or “svm” (AMD-V support) in the output, the KVM guest machine can work as a hypervisor and host VMs. As you can see in the above output, my CentOS 8 KVM VM supports virtualization.

Check the following guide to learn more ways to check if a Linux system supports VT or not.


Related read:


Resource:

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You May Also Like

1 comment

C August 20, 2020 - 6:39 pm

This is all fine but I wish someone would cover how to route from host network/LAN to nested VMs. It is the only thing I can’t get working.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More