KVM is a virtualization technology built into the Linux kernel. KVM enabled system can work type 1 monitorProvided that the processor supports it.
KVM can be used to create nested virtual machines on compatible hardware. This allows you to create virtual machines within virtual machines to accommodate more complex use cases. Consider a virtual development environment running on your host. You may need to run virtual hardware emulators inside That environment, nested at a depth of two levels of bare metal hardware.
This article will show you how to set up nested KVM virtualization and test how well it works. Before proceeding, check that you have Active KVM installation available And that you are familiar with creating new KVM virtual machines.
Verify that nested virtualization is enabled
Nested virtualization is supported by most modern processor families that offer virtual machines. You can check if nesting is already enabled on your hypervisor using a file
cat A command to read one of the following paths, depending on whether you have an Intel or AMD system:
# Intel $ cat /sys/module/kvm_intel/parameters/nested # AMD $ cat /sys/module/kvm_amd/parameters/nested
The output must be either
Y Means you are good to go – nested virtualization is already running. You can skip down to the “Activate nested guest virtualization” section below. If you see
N In your station, it’s time to enable nesting in the KVM kernel module.
Enable nested virtualization
Nesting is controlled by the KVM kernel module parameter. You can change the parameter by editing
/etc/modprobe.d/qemu-system-x86.conf. On some systems, this file can be called
You will likely see one line similar to one of the following:
options kvm_intel options kvm_intel nested=0 options kvm_amd options kvm_amd nested=0
Any of these variables means that KVM is active but nesting is disabled.
To enable overlapping, simply add or change a file
nested parameter so it has
1 By its value:
# Intel systems only options kvm_intel nested=1 # AMD systems only options kvm_amd nested=1
Next, you need to reload the KVM kernel module to apply your change. You must turn off any virtual machines before doing this.
# Unload the module $ sudo modprobe -r kvm_intel # Reload the module with new settings $ sudo modprobe kvm_intel
kvm_amd instead of
kvm_intel If you have an AMD processor.
Now repeat the previous command to check if overlapping is enabled or not. you should get
Y as output.
# Intel $ cat /sys/module/kvm_intel/parameters/nested Y # AMD $ cat /sys/module/kvm_amd/parameters/nested Y
This method permanently enables nested virtualization. It will continue through reboots until you remove
nested=1 From the parameters of the KVM module.
Activate nested virtualization for guest
Guest virtual machines can only use nested virtualization when they are configured with a CPU mode that supports them. The guest needs a CPU identification that exactly matches the physical hardware on your host.
Most guests will work when CPU mode is set to
host-model, which is usually the default. This means that the guest receives a CPU definition similar to that of your host. In some cases, you may need to use a file
host-passthrough A mode that exactly goes through all the characteristics of the host CPU.
You can check and change the guest CPU type by retrieving its manifest file using
virsh. First run a file
virsh Command to launch an interactive shell. then type
list --all To recover all your VMs:
virsh # list --all Id Name State ------------------------------ - ubuntu22.04 shut off - win10 shut off
edit <vm-name> To open a named virtual machine manifest:
virsh # edit ubuntu22.04
Inside the file, find the line starting with
<cpu mode=. Change it to one of these:
<cpu mode="host-model" check='partial' /> <cpu mode="host-passthrough" check='none' />
Save and close the file, then type
exit in virsh shell to close it. The guest should now be ready to start their nested guests. Try changing modes if there seems to be a problem.
Verify guest can nest
Most operating systems can tell you if they can create a virtual machine. Run the following command inside your virtual machine to check if the Linux guest has access to the virtual:
cat /proc/cpuinfo | grep "svm|vmx"
Virtualization is available if you get some output using
vmx Shaded in red. SVM will appear on AMD machines; VMX for Intel appears.
Now install the virtualization technology inside the guest. You should find that you can start a new nested VM. Here is a screenshot showing an Ubuntu virtual machine that itself is running an alpine guest using a nested KVM:
Overlapping guests come with a Few restrictions. Some KVM features become unavailable to guests who have started a nested virtual machine. You will not be able to migrate, save, or mount these virtual machines, until the intervening virtual machine is shut down.
The actual effect of attempting one of these operations is not specified. Some systems can withstand it; Others may cause a kernel panic. Always try to turn off your interfering guests before running an operation on VMs above them in the chain.
Nested virtualization provides more power and flexibility. You can sandbox security technologies that need their virtualization to function, such as IDEs that launch hardware emulators.
Getting a nest to work with KVM is usually easy. Any troubleshooting should start with checking
nested The parameter is enabled for your KVM kernel module. Next, check your guest’s custom CPU model and verify that you are using a compatible second level monitor inside the virtual machine.