Hi Xlord, Yes, the CPU has support for EPT. I wrongly thought that the nested EPT was first introduced in 3.12. Following your instructions I see that I have it enabled on my system as well. However, checking the kernel commits from 3.12 on search string 'nested ept' I found about 10 code changes/fixes for nested EPT. https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.62&qt=grep&q=Nested+ept What options do I have to get this commits on a Centos 7 kernel? Thank you, Laurentii On Thu, Aug 4, 2016, 12:14 -=X.L.O.R.D=- <xlord.sl at gmail.com> wrote:> Dear Laurentiu, > > Could you please check if your CPU supported from /proc/cpuinfo and lscpu ? > > > > EPT supported > > Xlord > > > > *From:* -=X.L.O.R.D=- [mailto:xlord.sl at gmail.com] > *Sent:* Thursday, August 4, 2016 5:12 PM > *To:* 'Laurentiu Soica' <laurentiu at soica.ro>; 'Discussion about the > virtualization on CentOS' <centos-virt at centos.org> > *Subject:* RE: [CentOS-virt] Centos 7 newer kernel needed > > > > Dear Laurentiu, > > Assume your hardware does support Intel VT-x with EPT supported, I have > also look into the kernel part for fun! > > Just quick look at CentOS 7 and installed a CentOS_7x_x64_build1511 > @installation at minimum, below is my sharing and hope to help! > > 1) CentOS Linux Kernel version: 3.10.0-327.e17.x86_64 SMP > > 2) Kernel parameters which should be your requirement; > > a. Default ?kvm-intel.ept=1? (refer to Kernel Archive ? > https://www.kernel.org/?) > > b. > > Xlord > > > > *From:* Laurentiu Soica [mailto:laurentiu at soica.ro <laurentiu at soica.ro>] > > *Sent:* Thursday, August 4, 2016 2:41 PM > *To:* -=X.L.O.R.D=- <xlord.sl at gmail.com>; Discussion about the > virtualization on CentOS <centos-virt at centos.org> > > *Subject:* Re: [CentOS-virt] Centos 7 newer kernel needed > > > > Hello Xlord, > > > > The CPU does have VT support and I already have the nested KVM enabled. > > > > Checking the Linux Kernel release notes I saw that the nested kvm feature > was implemented in 3.10 but he EPT support is in 3.12. > > > > So Centos 7's kernel which is 3.10 does have the EPT support? Is there a > way to check that the EPT support is available in the kernel? > > > > Thank you, > > Laurentiu > > On Thu, Aug 4, 2016, 06:04 -=X.L.O.R.D=- <xlord.sl at gmail.com> wrote: > > Dear Laurentiu, > > Please check below info since assume your CentOS7 box CPU processor > already VT supported in advance. > > 1) Checkpoint #1: Hardware and Kernel modules > > a. cat /proc/cpuinfo | grep vmx > > b. cat /sys/module/kvm_intel/parameters/nested (if ?N? then go to checkpoint #2) > > 2) Checkpoint #2: Assume your CentOS box support > > *a.* *echo 'options kvm-intel nested=y' >> /etc/modprobe.d/*dist.conf > > b. modprobe kvm-intel > > 3) Checkpoint #3: Verification > > a. Reboot yout CentOS box > > b. cat /sys/module/kvm_intel/parameters/nested (if ?Y? then you can carry one process the KVM installation. > > > > PS: Source: https://lalatendu.org/2015/11/01/kvm-nested-virtualization-in-fedora-23/ which should be very similar with CentOS and CentOS 7 already capable with on with KVM Nested EPT with CPU pass-through options supported. Hope that helps & cheers!! > > Xlord > > > > *From:* centos-virt-bounces at centos.org [mailto: > centos-virt-bounces at centos.org] *On Behalf Of *Laurentiu Soica > *Sent:* Thursday, August 4, 2016 3:07 AM > *To:* centos-virt at centos.org > *Subject:* [CentOS-virt] Centos 7 newer kernel needed > > > > Hello, > > I am looking for a Linux kernel for Centos 7 that implements a feature > introduced in kernel version 3.12: > > "nested EPT support to KVM's nested VMX." > > If anyone has used this feature with Centos 7, please let me know. > > Laurentiu > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160804/4d07f4eb/attachment-0002.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 4726 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160804/4d07f4eb/attachment-0002.png>
On 08/04/2016 07:30 AM, Laurentiu Soica wrote:> Hi Xlord, > > Yes, the CPU has support for EPT. > > I wrongly thought that the nested EPT was first introduced in 3.12. > Following your instructions I see that I have it enabled on my system as > well. > > However, checking the kernel commits from 3.12 on search string 'nested > ept' I found about 10 code changes/fixes for nested EPT. > > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.62&qt=grep&q=Nested+ept > > What options do I have to get this commits on a Centos 7 kernel?The Standard CentOS kernel is built from the source code and configuration files of the released RHEL kernel. The only way to get things into the main CentOS kernel is for it to be in the RHEL source code. Red Hat does backport changes into the RHEL kernel, so if they support nested those changes or ones like it may be there. See Backporting: https://access.redhat.com/security/updates/backporting We do have a CentOSPlus kernel, maintained by a volunteer (hi toracat). She will take potential patches here if you have something that works: https://bugs.centos.org/view.php?id=6828 Also, if you want to try a newer kernel, we do have 2 available. I manage both of these kernels, they are both based on an LTS version of the kernel from kernel.org .. but neither gets nearly the attention (or smart people looking at them) as the RHEL based kernel. If you want to try either of them, they are in: 3.18.x LTS: http://mirror.centos.org/centos/7/virt/x86_64/xen-46/ 4.4.x LTS: http://mirror.centos.org/altarch/7.2.1511/experimental/x86_64/Packages/ Those kernels both work, I am running both on production machines .. but I am not a kernel hacker, so I just build what the upstream LTS kernel maintainer releases. They may or may not do what you want. The RHEL kernel team does a lot of work to make sure the RHEL kernel Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos-virt/attachments/20160804/76a6420b/attachment-0002.sig>
Dear Laurentiu, Agree with Johnny for kernel upgrade if upgrade helps, alternative if 3.10 or above already supported it, you can check from kernel parameter or options if they are disabled on purpose. You can do that via the "make menuconfig" via "https://wiki.centos.org/HowTos/I_need_the_Kernel_Source" or "https://wiki.centos.org/HowTos/BuildingKernelModules". Hope that helps! Xlord -----Original Message----- From: centos-virt-bounces at centos.org [mailto:centos-virt-bounces at centos.org] On Behalf Of Johnny Hughes Sent: Thursday, August 4, 2016 9:10 PM To: centos-virt at centos.org Subject: Re: [CentOS-virt] Centos 7 newer kernel needed On 08/04/2016 07:30 AM, Laurentiu Soica wrote:> Hi Xlord, > > Yes, the CPU has support for EPT. > > I wrongly thought that the nested EPT was first introduced in 3.12. > Following your instructions I see that I have it enabled on my system > as well. > > However, checking the kernel commits from 3.12 on search string > 'nested ept' I found about 10 code changes/fixes for nested EPT. > > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/l > og/?id=refs%2Ftags%2Fv3.12.62&qt=grep&q=Nested+ept > > What options do I have to get this commits on a Centos 7 kernel?The Standard CentOS kernel is built from the source code and configuration files of the released RHEL kernel. The only way to get things into the main CentOS kernel is for it to be in the RHEL source code. Red Hat does backport changes into the RHEL kernel, so if they support nested those changes or ones like it may be there. See Backporting: https://access.redhat.com/security/updates/backporting We do have a CentOSPlus kernel, maintained by a volunteer (hi toracat). She will take potential patches here if you have something that works: https://bugs.centos.org/view.php?id=6828 Also, if you want to try a newer kernel, we do have 2 available. I manage both of these kernels, they are both based on an LTS version of the kernel from kernel.org .. but neither gets nearly the attention (or smart people looking at them) as the RHEL based kernel. If you want to try either of them, they are in: 3.18.x LTS: http://mirror.centos.org/centos/7/virt/x86_64/xen-46/ 4.4.x LTS: http://mirror.centos.org/altarch/7.2.1511/experimental/x86_64/Packages/ Those kernels both work, I am running both on production machines .. but I am not a kernel hacker, so I just build what the upstream LTS kernel maintainer releases. They may or may not do what you want. The RHEL kernel team does a lot of work to make sure the RHEL kernel Thanks, Johnny Hughes