patch to implement nested HVM
751 views
Skip to first unread message
Eric Shelton
Aug 26, 2015, 2:05:13 AM8/26/15
to qubes-devel
Attached is a patch for core-libvirt to add nested HVM functionality. I also found that libvirt's libxl driver did not properly support the "viridian" option - I think the patch takes care of that now as well, but I had no good way to verify. I confirmed that you can successfully run Qubes R3 rc2 within itself using this in a stub domain. You can even run an HVM domain, such as Windows, within the nested Qubes session.
In order to run an HVM domain, you need to use a custom config file for the appvm, and make sure the following two items are added under the <features> section (already, you should see pae, acpi, apic, and veridian enabled in this section of the config file):
<hap/>
<nestedhvm/>
Also attached is a sample appvm config file that includes the above two lines.
With nested HVM, you should be able to do things like run VMware, KVM, and other hypervisors within an HVM session.
Have fun!
Eric
In order to run an HVM domain, you need to use a custom config file for the appvm, and make sure the following two items are added under the <features> section (already, you should see pae, acpi, apic, and veridian enabled in this section of the config file):
<hap/>
<nestedhvm/>
Also attached is a sample appvm config file that includes the above two lines.
With nested HVM, you should be able to do things like run VMware, KVM, and other hypervisors within an HVM session.
Have fun!
Eric
Marek Marczykowski-Górecki
Aug 31, 2015, 4:26:15 PM8/31/15
to Eric Shelton, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I think it worth posting the patch upstream. Libvirt folks would require
that such patch additionally:
- include the change in XML schema (docs/schemas/domaincommon.rng)
- include documentation (docs/formatdomain.html.in)
- include some test (probably would be enough to include those
attributes in some existing test); and surely do not disable any
existing one...
Do you want to take care of it? I also can do this, but most likely not
earlier than October...
When the patch will be included upstream, we can easily switch to the new
libvirt version, or simply backport it to the current version. But we
want to have libvirt as close to the upstream as possible. The same goes
for Xen hypervisor BTW.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV5LheAAoJENuP0xzK19cshe0H/jvwOyeK24lXu3uQiq597L1L
WtrmTgU3OK+KjmrZ/QLuFsnXkSCGaLynKbMb//xThA5e98A9wia6Xw1sbTyjsTDe
Rs35c3x8mqcwveL1BNBr4w9lohkBn6rtgihYPhNmVsI3vSRHnwgxOqaeBLbw05Yq
QtVtKOui/P4/HAQNCWSt4BOPcQSvm7ZIniz0N0LXg3jHBvshhqz11h/n/zi5UiRQ
FOPyGRusJgQDwvZBzioLLPRgm9tUY1kP+zFVYIMDFSPP+Yu0PQ/lCnbiciBd8zSl
8pA2HQRqRAX65nPIQm/D9Ztb8Si4/plELlwn/T++aBcmZkMKr4dZwue8jRTjb6g=
=FiZw
-----END PGP SIGNATURE-----
Hash: SHA256
that such patch additionally:
- include the change in XML schema (docs/schemas/domaincommon.rng)
- include documentation (docs/formatdomain.html.in)
- include some test (probably would be enough to include those
attributes in some existing test); and surely do not disable any
existing one...
Do you want to take care of it? I also can do this, but most likely not
earlier than October...
When the patch will be included upstream, we can easily switch to the new
libvirt version, or simply backport it to the current version. But we
want to have libvirt as close to the upstream as possible. The same goes
for Xen hypervisor BTW.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJV5LheAAoJENuP0xzK19cshe0H/jvwOyeK24lXu3uQiq597L1L
WtrmTgU3OK+KjmrZ/QLuFsnXkSCGaLynKbMb//xThA5e98A9wia6Xw1sbTyjsTDe
Rs35c3x8mqcwveL1BNBr4w9lohkBn6rtgihYPhNmVsI3vSRHnwgxOqaeBLbw05Yq
QtVtKOui/P4/HAQNCWSt4BOPcQSvm7ZIniz0N0LXg3jHBvshhqz11h/n/zi5UiRQ
FOPyGRusJgQDwvZBzioLLPRgm9tUY1kP+zFVYIMDFSPP+Yu0PQ/lCnbiciBd8zSl
8pA2HQRqRAX65nPIQm/D9Ztb8Si4/plELlwn/T++aBcmZkMKr4dZwue8jRTjb6g=
=FiZw
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages