Bug 839359

Summary: intel processor nested kvm does not start the nested guest
Product: [Fedora] Fedora Reporter: Theophanis Kontogiannis <theophanis_kontogiannis>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: amit.shah, berrange, cfergeau, clalancette, crobinso, dwmw2, ehabkost, extras-orphan, gleb, itamar, jwang, kchamart, knoel, markmc, notting, pbonzini, quintela, rjones, scottt.tw, theophanis_kontogiannis, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-07-11 15:09:57 EDT Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Theophanis Kontogiannis 2012-07-11 13:46:52 EDT
Description of problem:

RHEL6.0 guest, has a nested RHEL6.0 guest. The nested guest will start in paused mode. Pussing "play" produses the following error on the physical F17 host:

nested_vmx_exit_handled failed vm entry 5

Version-Release number of selected component (if applicable):

F17 64bit
kernel 3.4.4-5.fc17.x86_64
qemu-kvm-1.0-17.fc17.x86_64
libvirt-daemon-config-network-0.9.11.4-3.fc17.x86_64
fence-virtd-libvirt-0.3.0-2.fc17.x86_64
libvirt-python-0.9.11.4-3.fc17.x86_64
libvirt-daemon-config-nwfilter-0.9.11.4-3.fc17.x86_64
libvirt-0.9.11.4-3.fc17.x86_64
libvirt-client-0.9.11.4-3.fc17.x86_64
libvirt-daemon-0.9.11.4-3.fc17.x86_64


How reproducible:

100%

Steps to Reproduce:

0. do all necessary steps to allow nested kvm guests on an intel processor host.
1. create a 64bit RHEL6.0 guest on a F17 host
2. launch a new 64bit RHEL6.0 guest inside the previous referenced RHEL6.0 guest
3. the nested RHEL6.0 never starts. Efforts to recover it from paused mode produce the mentioned message on the physical host
  
Actual results:

The nested guest remaing in paused mode

Expected results:

The nested guest should not remain in paused mode

Additional info:
Comment 1 Avi Kivity 2012-07-12 08:14:54 EDT
Error 5 - VMRESUME with non-launched VMCS.  Strange.

Does this occur with uniprocessor guests?
Comment 2 Theophanis Kontogiannis 2012-07-12 10:28:35 EDT
Hello,

This happens with a single cpu nested guest, inside a single cpu guest.

If I change the top level guest to have two logical cpu' the error on the physical hosts changes to:

nested_vmx_exit_handled failed vm entry 7

Please kindly let me know of what other information is needed.

I would be more then glad to assist on this.
Comment 3 Theophanis Kontogiannis 2012-07-13 02:29:50 EDT
In case it is needed this is the physical host's cpu info:

[root .ssh]# cat /proc/cpuinfo 
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz
stepping	: 6
microcode	: 0xc7
cpu MHz		: 1000.000
cache size	: 4096 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm dts tpr_shadow
bogomips	: 3990.43
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 15
model name	: Intel(R) Core(TM)2 CPU         T7200  @ 2.00GHz
stepping	: 6
microcode	: 0xc7
cpu MHz		: 1000.000
cache size	: 4096 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good nopl aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm lahf_lm dts tpr_shadow
bogomips	: 3990.43
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:
Comment 4 Kashyap Chamarthy 2012-07-30 11:52:47 EDT
Theophanis,

Out of curiosity, I'm wondering what your procedure is, when you say "0. do all necessary steps to allow nested kvm guests on an intel processor host."

I previously tried once with F16, and here's my latest attempt with F17 (as both host and guest). I noted all the versions there.

http://kashyapc.wordpress.com/2012/07/28/nested-virtualization-with-intel-take-2-with-fedora-17/

And the scripts I used to create them - http://kashyapc.fedorapeople.org/virt/nested-virt-with-intel-f17/

I'm wondering if you can give this a shot.

(Note: this procedure uses only minimal OS(@core), so no X involved, yet it'll provide serial console access.)
Comment 5 Cole Robinson 2012-08-02 21:00:43 EDT
FYI, kvm bugs should be tracked against qemu in F17. The kvm component is an historical left over and will eventually be purged from bugzilla.
Comment 6 Fedora End Of Life 2013-07-04 00:13:25 EDT
This message is a reminder that Fedora 17 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 17. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '17'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 17's end of life.

Bug Reporter:  Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 17 is end of life. If you 
would still like  to see this bug fixed and are able to reproduce it 
against a later version  of Fedora, you are encouraged  change the 
'version' to a later Fedora version prior to Fedora 17's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 7 Cole Robinson 2013-07-11 15:09:57 EDT
There's been many nested intel improvements that have landed by F19. If anyone can still reproduce on modern fedora, please open a new report.