Lead Maintainer of KVM development team , Avi Kivity, posted an article on his blog recently on what I think is an exciting development in KVM: nested virtualization. Up until now, nested virtualization has been a ‘nice to have’ feature of KVM (or any hypervisor I would imagine) but , as it turns out, two developers have been working behind the scenes putting together some patches for developing nested virtualization utilizing AMD svm technology. Apparently, due to the way amd implements it’s cpu extensions, it’s easier to develop nested virtualization using amd technology compared to intel. Avi notes in his blog.

Yesterday I found a nice surprise in my inbox - a post, by Alex Graf, adding support for virtualizing AMD's SVM instruction set when running KVM on AMD SVM.

What does this mean? up until now, when kvm virtualizes a processor, the guest sees a cpu that is similar to the host processor, but does not have virtualization extensions. This means that you cannot run a hypervisor that needs these virtualization extensions within a guest (you can still run hypervisors that do not rely on these extensions, such as VMware, but with lower performance). With the new patches, the virtualized cpu does include the virtualization extensions; this means the guest can run a hypervisor, including kvm, and have its own guests.

There are two uses that immediately spring to mind: debugging hypervisors and embedded hypervisors. Obviously having svm enabled in a guest means that one can debug a hypervisor in a guest, which is a lot easier that debugging on bare metal. The other use is to have a hypervisor running in the firmware at all times; up until now this meant you couldn't run another hypervisor on such a machine. With nested virtualization, you can.

The reason the post surprised me was the relative simplicity in which nested virtualization was implemented: less than a thousand lines of code. This is due to the clever design of the svm instruction set, and the ingenuity of the implementers (Alex Graf and Jörg Rödel) in exploiting the instruction set and meshing the implementation so well with the existing kvm code.

I don’t think anyone will be running a guest within a guest for any practical purposes but certainly there can be some uses on the development side as Avi noted. One use that I would be personally interested in is testing other hypervisors within KVM such as vmware, xen etc. . I’m really interested in hearing how you would use this technology?