Nested virtualization -- running multiple hypervisors in virtual machines -- has come a long way in recent years. Since we first published KVM nested virtualization on Intel platforms ("The Turtles project", 2010), nested virtualization has made important strides into the mainstream. These days, all hypervisors support it to some degrees, and hardware support specifically for nested virtualization is starting to appear. The first part of this talk will provide an overview of nested virtualization in KVM today, including several emerging real-world use-cases and the current state of KVM's x86 nested virtualization support: what works, what doesn't, and what remains to be done. The second part will cover the recent "Shadow VMCS" hardware from Intel: what it is, how it works, how we added KVM support, and the potential benefits it can bring. Joint work with Abel Gordon and Nadav Har'El.
Back to the Club's homepage