Nested virtualization suddenly doesnt work

[PeterMarcusH.]

Thank you for your replies . I am allowed to enter the vm when chaning CPU type to anything other than host, however this results in docker not being able to run. Since i guess nested virtualization only works through host?

 

[Ivan Dimitrov]

Have you put kvm-intel.nested=1 in the kernel parameters?

 

[PeterMarcusH.]

If you mean grep -R "" /sys/module/kvm_intel/parameters, then i believe so yes

/sys/module/kvm_intel/parameters/enlightened_vmcs:N
/sys/module/kvm_intel/parameters/eptad:Y
/sys/module/kvm_intel/parameters/flexpriority:Y
/sys/module/kvm_intel/parameters/vmentry_l1d_flush:cond
/sys/module/kvm_intel/parameters/ple_window_shrink:0
/sys/module/kvm_intel/parameters/ept:Y
/sys/module/kvm_intel/parameters/ple_gap:128
/sys/module/kvm_intel/parameters/emulate_invalid_guest_state:Y
/sys/module/kvm_intel/parameters/pml:Y
/sys/module/kvm_intel/parameters/enable_apicv:N
/sys/module/kvm_intel/parameters/enable_shadow_vmcs:Y
/sys/module/kvm_intel/parameters/ple_window_max:4294967295
/sys/module/kvm_intel/parameters/ple_window:4096
/sys/module/kvm_intel/parameters/pt_mode:0
/sys/module/kvm_intel/parameters/nested:Y
/sys/module/kvm_intel/parameters/vnmi:Y
/sys/module/kvm_intel/parameters/vpid:Y
/sys/module/kvm_intel/parameters/preemption_timer:Y
/sys/module/kvm_intel/parameters/ple_window_grow:2
/sys/module/kvm_intel/parameters/dump_invalid_vmcs:N
/sys/module/kvm_intel/parameters/fasteoi:Y
/sys/module/kvm_intel/parameters/unrestricted_guest:Y
/sys/module/kvm_intel/parameters/nested_early_check:N

 

[Ivan Dimitrov]

I am not sure if the module configuration si comming from the kernel command line or from explicit module config in /etc/modprobe/...
Here are my kernel parameters (systemd-boot)

cat /etc/kernel/cmdline
root=ZFS=rpool/ROOT/pve-1 boot=zfs intel_iommu=on intel_iommu=pt mitigations=off kvm-intel.vmentry_l1d_flush=never kvm-intel.nested=1

 

[PeterMarcusH.]

I tried this, but still the same

 

[vizsla]

I was experiencing the same error "kvm: error: failed to set MSR 0x48b to 0x137bff00000000" with the latest 6.2 kernel and using "host" cpu. Setting the CPU to SkyLake-Server allowed me to boot the machines. After reading the thread I narrowed down the problem to flag "-pcid".
I also have "mitigations=off" in my kernel command line so I am not sure if this has any connection. Setting pcid to default allows me to boot with cpu "host" again.

Do you mind if I ask a side question here? Is there documentation on the difference between selection Skylake-Client or Skylake-Server? When I built my VM back in 2017, I think there was only an option for Skylake-Client. And when I attempt to switch it to Skylake-Server, the VM won't start and I can't figure out why not.