nested KVM fails on intel hardware - KVM: entry failed, hardware error 0x0
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Chris J Arges |
Bug Description
[Impact]
Using nested KVM on some hypervisors doesn't work.
[Test Case]
A script to make this easier is posted here:
https:/
1) enable nested KVM:
sudo modprobe -r kvm_intel
sudo modprobe kvm_intel nested=1
cat /sys/module/
# should say Y
2) generate an L1 guest and then generate an L2 guest inside the L1 guest
- ensure L1 has enough memory to boot L2
- if using libvirt you may need to edit the default bridge to use a different subnet than the L1 guest
3) boot the L2 guest
4) L2 guest should boot
[Fix]
These three upstream patches needed to be backported to 3.13:
* 533558bcb69ef28
- This provides necessary code changes to make backporting easier. However vmx_leave_nested function was not yet added, so that function modification was dropped.
* b6b8a1451fc4041
- This patch is necessary in order to ensure that the L1 guest doesn't crash with just 696dfd95 applied. I had to remove mpx mentions from the cherry-pick as that feature hasn't been added yet.
* 696dfd95ba98383
- This patch fixes the issue and was the result of the bisection. The APIC virtualization features need to be disabled as they cause L2 guests to not boot depending on the CPU.
--
If the L2 guest doesn't boot you can see the log:
sudo cat /var/log/
<snip>
KVM: entry failed, hardware error 0x0
EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000663
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT= 00000000 0000ffff
IDT= 00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000000
DR6=00000000fff
EFER=0000000000
Code=00 66 89 d8 66 e8 02 f7 ff ff 66 83 c4 0c 66 5b 66 5e 66 c3 <ea> 5b e0 00 f0 30 36 2f 32 33 2f 39 39 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Jun 13 18:26 seq
crw-rw---- 1 root audio 116, 33 Jun 13 18:26 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 14.04
IwConfig: Error: [Errno 2] No such file or directory
MachineType: Intel Corporation S2600WTT
Package: linux (not installed)
PciMultimedia:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
RelatedPackageV
linux-
linux-
linux-firmware 1.127.2
RfKill: Error: [Errno 2] No such file or directory
Tags: trusty uec-images
Uname: Linux 3.13.0-24-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm audio cdrom dialout dip floppy libvirtd netdev plugdev sudo video
_MarkForUpload: True
dmi.bios.date: 05/06/2014
dmi.bios.vendor: Intel Corporation
dmi.bios.version: GRNDSDP1.
dmi.board.
dmi.board.name: S2600WTT
dmi.board.vendor: Intel Corporation
dmi.board.version: H30334-201
dmi.chassis.
dmi.chassis.type: 23
dmi.chassis.vendor: .......
dmi.chassis.
dmi.modalias: dmi:bvnIntelCor
dmi.product.name: S2600WTT
dmi.product.
dmi.sys.vendor: Intel Corporation
affects: | ubuntu → linux (Ubuntu) |
Changed in linux (Ubuntu Trusty): | |
assignee: | nobody → Chris J Arges (arges) |
status: | New → In Progress |
importance: | Undecided → Medium |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-trusty removed: verification-needed-trusty |
tags: | added: ua |
Another report on different hardware: /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1278531
https:/
I've been able to test with a mainline 3.16 kernel (dfb945473ae852 8fd885607b6fa84 3c676745e0c)
and it worked fine. Time to bisect...