Skip to content

Implement support for nested virt on Linux#630

Merged
slp merged 3 commits intocontainers:mainfrom
slp:linux-nested
Apr 13, 2026
Merged

Implement support for nested virt on Linux#630
slp merged 3 commits intocontainers:mainfrom
slp:linux-nested

Conversation

@slp
Copy link
Copy Markdown
Collaborator

@slp slp commented Apr 13, 2026

So far, we supported enabling nested virt on macOS but not on Linux. Let's do that now.

Fixes: #625

@slp
cpuid: implement nested virt support
35dbf25 
For the VMM, supporting nested virt on KVM basically implies exposing
the svm (for AMD) or vmx (for Intel) flag to the guest. Extend the
cpuid crate to support doing so when requested.

Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp slp added the 1.x label Apr 13, 2026
@slp
Copy link
Copy Markdown
Collaborator Author

slp commented Apr 13, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enables nested virtualization support on Linux by updating CPUID transformations to advertise VMX and SVM features and implementing a system check via KVM module parameters. Feedback was provided regarding a logic bug in the Linux support check where an early return prevents checking for AMD support if the Intel module is present but disabled.

Comment thread src/libkrun/src/lib.rs
@slp
vmm: support nested virt on Linux
07dcd88 
In the previous commit, we extended cpuid to be able to expose the
required flags to the guest. Here, we add a field to VmResources to
store whether the VM should enable nested virt or not, and allow
krun_set_nested_virt to be used on Linux.

Signed-off-by: Sergio Lopez <slp@redhat.com>
@slp
libkrun: support krun_check_nested_virt on linux
8b7c7a6 
So far, we only supported krun_check_nested_virt on macOS. Extend it to
check for nested support on Linux too.

Signed-off-by: Sergio Lopez <slp@redhat.com>
jakecorrenti
jakecorrenti approved these changes Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jakecorrenti jakecorrenti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@slp
Copy link
Copy Markdown
Collaborator Author

slp commented Apr 13, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enables nested virtualization support on Linux, which was previously restricted to macOS. The changes introduce a nested_enabled flag within the VmSpec and VcpuConfig structures and update the CPUID transformation logic for both Intel (VMX) and AMD (SVM) to advertise these capabilities to the guest when appropriate. Additionally, the Linux implementation of krun_check_nested_virt now verifies host support by reading KVM module parameters. Feedback was provided regarding the error handling in the Linux support check, suggesting that silent failures when reading system paths could mask configuration issues.

Comment thread src/libkrun/src/lib.rs
@slp slp merged commit 19ac2c9 into containers:main Apr 13, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jakecorrenti jakecorrenti jakecorrenti approved these changes

@dorindabassey dorindabassey Awaiting requested review from dorindabassey dorindabassey is a code owner

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara is a code owner

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc is a code owner

@tylerfanelli tylerfanelli Awaiting requested review from tylerfanelli tylerfanelli is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

nested virt on linux

2 participants

@slp @jakecorrenti