Hello Xlord,

The CPU does have VT support and I already have the nested KVM enabled.

Checking the Linux Kernel release notes I saw that the nested kvm feature was implemented in 3.10 but he EPT support is in 3.12.

So Centos 7's kernel which is 3.10 does have the EPT support? Is there a way to check that the EPT support is available in the kernel?

Thank you, Laurentiu

On Thu, Aug 4, 2016, 06:04 -=X.L.O.R.D=- xlord.sl@gmail.com wrote:

Dear Laurentiu,

Please check below info since assume your CentOS7 box CPU processor already VT supported in advance.

1. Checkpoint #1: Hardware and Kernel modules
   
   

a. cat /proc/cpuinfo | grep vmx

b. cat /sys/module/kvm_intel/parameters/nested (if “N” then go to checkpoint #2)

2. Checkpoint #2: Assume your CentOS box support
   
   

*a. **echo 'options kvm-intel nested=y' >> /etc/modprobe.d/*dist.conf

b. modprobe kvm-intel

3.  Checkpoint #3: Verification
   
   

a. Reboot yout CentOS box

b. cat /sys/module/kvm_intel/parameters/nested (if “Y” then you can carry one process the KVM installation.

PS: Source: https://lalatendu.org/2015/11/01/kvm-nested-virtualization-in-fedora-23/ which should be very similar with CentOS and CentOS 7 already capable with on with KVM Nested EPT with CPU pass-through options supported. Hope that helps & cheers!!

Xlord

*From:* centos-virt-bounces@centos.org [mailto: centos-virt-bounces@centos.org] *On Behalf Of *Laurentiu Soica *Sent:* Thursday, August 4, 2016 3:07 AM *To:* centos-virt@centos.org *Subject:* [CentOS-virt] Centos 7 newer kernel needed

Hello,

I am looking for a Linux kernel for Centos 7 that implements a feature introduced in kernel version 3.12:

"nested EPT support to KVM's nested VMX."

If anyone has used this feature with Centos 7, please let me know.

Laurentiu

Dear Laurentiu,

Could you please check if your CPU supported from /proc/cpuinfo and lscpu ?

EPT supported

Xlord

From: -=X.L.O.R.D=- [mailto:xlord.sl@gmail.com] Sent: Thursday, August 4, 2016 5:12 PM To: 'Laurentiu Soica' laurentiu@soica.ro; 'Discussion about the virtualization on CentOS' centos-virt@centos.org Subject: RE: [CentOS-virt] Centos 7 newer kernel needed

Dear Laurentiu,

Assume your hardware does support Intel VT-x with EPT supported, I have also look into the kernel part for fun!

Just quick look at CentOS 7 and installed a CentOS_7x_x64_build1511 @installation at minimum, below is my sharing and hope to help!

1) CentOS Linux Kernel version: 3.10.0-327.e17.x86_64 SMP

2) Kernel parameters which should be your requirement;

a. Default “kvm-intel.ept=1” (refer to Kernel Archive “https://www.kernel.org/%E2%80%9D)

b.

Xlord

From: Laurentiu Soica [mailto:laurentiu@soica.ro] Sent: Thursday, August 4, 2016 2:41 PM To: -=X.L.O.R.D=- <xlord.sl@gmail.com mailto:xlord.sl@gmail.com >; Discussion about the virtualization on CentOS <centos-virt@centos.org mailto:centos-virt@centos.org > Subject: Re: [CentOS-virt] Centos 7 newer kernel needed

Hello Xlord,

The CPU does have VT support and I already have the nested KVM enabled.

Checking the Linux Kernel release notes I saw that the nested kvm feature was implemented in 3.10 but he EPT support is in 3.12.

So Centos 7's kernel which is 3.10 does have the EPT support? Is there a way to check that the EPT support is available in the kernel?

Thank you,

Laurentiu

On Thu, Aug 4, 2016, 06:04 -=X.L.O.R.D=- <xlord.sl@gmail.com mailto:xlord.sl@gmail.com > wrote:

Dear Laurentiu,

Please check below info since assume your CentOS7 box CPU processor already VT supported in advance.

1) Checkpoint #1: Hardware and Kernel modules

a. cat /proc/cpuinfo | grep vmx

b. cat /sys/module/kvm_intel/parameters/nested (if “N” then go to checkpoint #2)

2) Checkpoint #2: Assume your CentOS box support

a. echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf b. modprobe kvm-intel

3) Checkpoint #3: Verification

a. Reboot yout CentOS box

b. cat /sys/module/kvm_intel/parameters/nested (if “Y” then you can carry one process the KVM installation.

PS: Source: https://lalatendu.org/2015/11/01/kvm-nested-virtualization-in-fedora-23/ which should be very similar with CentOS and CentOS 7 already capable with on with KVM Nested EPT with CPU pass-through options supported. Hope that helps & cheers!!

Xlord

From: centos-virt-bounces@centos.org mailto:centos-virt-bounces@centos.org [mailto:centos-virt-bounces@centos.org mailto:centos-virt-bounces@centos.org ] On Behalf Of Laurentiu Soica Sent: Thursday, August 4, 2016 3:07 AM To: centos-virt@centos.org mailto:centos-virt@centos.org Subject: [CentOS-virt] Centos 7 newer kernel needed

Hello,

I am looking for a Linux kernel for Centos 7 that implements a feature introduced in kernel version 3.12:

"nested EPT support to KVM's nested VMX."

If anyone has used this feature with Centos 7, please let me know.

Laurentiu

On 08/04/2016 07:30 AM, Laurentiu Soica wrote:

Hi Xlord,

Yes, the CPU has support for EPT.

I wrongly thought that the nested EPT was first introduced in 3.12. Following your instructions I see that I have it enabled on my system as well.

However, checking the kernel commits from 3.12 on search string 'nested ept' I found about 10 code changes/fixes for nested EPT.

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id...

What options do I have to get this commits on a Centos 7 kernel?

The Standard CentOS kernel is built from the source code and configuration files of the released RHEL kernel. The only way to get things into the main CentOS kernel is for it to be in the RHEL source code.

Red Hat does backport changes into the RHEL kernel, so if they support nested those changes or ones like it may be there. See Backporting:

https://access.redhat.com/security/updates/backporting

We do have a CentOSPlus kernel, maintained by a volunteer (hi toracat). She will take potential patches here if you have something that works:

https://bugs.centos.org/view.php?id=6828

Also, if you want to try a newer kernel, we do have 2 available. I manage both of these kernels, they are both based on an LTS version of the kernel from kernel.org .. but neither gets nearly the attention (or smart people looking at them) as the RHEL based kernel. If you want to try either of them, they are in:

3.18.x LTS: http://mirror.centos.org/centos/7/virt/x86_64/xen-46/

4.4.x LTS: http://mirror.centos.org/altarch/7.2.1511/experimental/x86_64/Packages/

Those kernels both work, I am running both on production machines .. but I am not a kernel hacker, so I just build what the upstream LTS kernel maintainer releases. They may or may not do what you want.

The RHEL kernel team does a lot of work to make sure the RHEL kernel

Thanks, Johnny Hughes

Hello,

OK. Thank you both for answering. I have enough information now to decide next if a kernel upgrade is required in my case or not.

I think the decision will be based on whether the 2nd level of virtualization performs fast enough and without issues.

Have a great day, Laurentiu

On Fri, Aug 5, 2016, 08:32 -=X.L.O.R.D=- xlord.sl@gmail.com wrote:

Dear Laurentiu, Agree with Johnny for kernel upgrade if upgrade helps, alternative if 3.10 or above already supported it, you can check from kernel parameter or options if they are disabled on purpose. You can do that via the "make menuconfig" via "https://wiki.centos.org/HowTos/I_need_the_Kernel_Source" or "https://wiki.centos.org/HowTos/BuildingKernelModules". Hope that helps!

Xlord -----Original Message----- From: centos-virt-bounces@centos.org [mailto: centos-virt-bounces@centos.org] On Behalf Of Johnny Hughes Sent: Thursday, August 4, 2016 9:10 PM To: centos-virt@centos.org Subject: Re: [CentOS-virt] Centos 7 newer kernel needed

On 08/04/2016 07:30 AM, Laurentiu Soica wrote:

...

Hi Xlord,

Yes, the CPU has support for EPT.

I wrongly thought that the nested EPT was first introduced in 3.12. Following your instructions I see that I have it enabled on my system as well.

However, checking the kernel commits from 3.12 on search string 'nested ept' I found about 10 code changes/fixes for nested EPT.

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/l og/?id=refs%2Ftags%2Fv3.12.62&qt=grep&q=Nested+ept

What options do I have to get this commits on a Centos 7 kernel?

The Standard CentOS kernel is built from the source code and configuration files of the released RHEL kernel. The only way to get things into the main CentOS kernel is for it to be in the RHEL source code.

Red Hat does backport changes into the RHEL kernel, so if they support nested those changes or ones like it may be there. See Backporting:

https://access.redhat.com/security/updates/backporting

We do have a CentOSPlus kernel, maintained by a volunteer (hi toracat). She will take potential patches here if you have something that works:

https://bugs.centos.org/view.php?id=6828

Also, if you want to try a newer kernel, we do have 2 available. I manage both of these kernels, they are both based on an LTS version of the kernel from kernel.org .. but neither gets nearly the attention (or smart people looking at them) as the RHEL based kernel. If you want to try either of them, they are in:

3.18.x LTS: http://mirror.centos.org/centos/7/virt/x86_64/xen-46/

4.4.x LTS: http://mirror.centos.org/altarch/7.2.1511/experimental/x86_64/Packages/

Those kernels both work, I am running both on production machines .. but I am not a kernel hacker, so I just build what the upstream LTS kernel maintainer releases. They may or may not do what you want.

The RHEL kernel team does a lot of work to make sure the RHEL kernel

Thanks, Johnny Hughes