Comment 7 for bug 1448269

I had this issue (kernel oops) when I explicitly disabled "ignore_msrs" (Ubuntu Trusty, 3.13.0-54-generic):

cat /etc/modprobe.d/qemu-system-x86.conf
options kvm-intel nested=y ept=y
options kvm ignore_msrs=1

Removing the option "kvm ignore_msrs=1" made the guest (L2) run but give a "KVM: entry failed, hardware error 0x7" when the L1 guest (guest hypervisor) was booted with these cpu flags (libvirt):

<cpu> <arch>x86_64</arch> <model>Nehalem</model> <vendor>Intel</vendor> <topology sockets='1' cores='2' threads='2'/> <feature name='rdtscp'/> <feature name='dca'/> <feature name='pdcm'/> <feature name='xtpr'/> <feature name='tm2'/> <feature name='est'/> <feature name='vmx'/> <feature name='ds_cpl'/> <feature name='monitor'/> <feature name='dtes64'/> <feature name='pbe'/> <feature name='tm'/> <feature name='ht'/> <feature name='ss'/> <feature name='acpi'/> <feature name='ds'/> <feature name='vme'/> </cpu>

Guest VM (L2) running fine with these cpu flags (libvirt) for guest VM (L1):

<cpu match='exact'> <cpu mode='host-passthrough'/> <model>Nehalem</model> <feature policy='require' name='vmx'/> </cpu>

@Serge Hallyn: I wonder what cpu parameters you have defined for your L1 guest (guest hypervisor)