只是为了好玩,我试图在 VM 内运行一个 VM,而该 VM 又在 VM 内运行。
我很确定我的 CPU 实际上通常不支持嵌套 VT-x,但我可以使用以下命令在 Virtualbox 的外层强制启用该设置:
VBoxManage modifyvm vm-name-here --nested-hw-virt on
这样我就可以在虚拟机内运行虚拟机。速度很慢(启动大约需要 15 分钟),但一切(没有超时)都运行正常。
现在的问题是:我也需要在中间 VM 内使用 VT-x,否则它无法启动内部 VM(错误消息对此非常清楚)。但是,如果我在外部 VM 内运行上述命令以强制将 VT-x 传递到中间层,那么它就不会再启动中间 VM,并显示以下错误消息:
Cannot enable nested VT-x/AMD-V without nested-paging and unresricted guest execution!
(VERR_CPUM_INVALID_HWVIRT_CONFIG).
Result Code:
NS_ERROR_FAILURE (0x80004005)
Component:
ConsoleWrap
Interface:
IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
我无法找到关于“不受限制的客户机执行”的解释,修复此错误的唯一提示是在 Windows 设置中禁用 Hyper-V,但这不适用于此处,因为它是 Linux 中的 Linux 中的 Linux。我还尝试在所有级别上将“半虚拟化设备”切换为除“默认”之外的其他设置(猜测是因为“Hyper-V”是那里的一个选项),但这也不能解决问题。在所有级别
上将鼠标悬停在小“V”指示器上时,都会显示“不受限制的执行:活动”,但我读到过某处说这可能不可靠。所有级别都选中了“启用嵌套分页”。
设置:
HOST:
This laptop: https://geizhals.de/schenker-xmg-a507-vsy-10504411-a1686447.html
CPU: Intel Core i7-7700HQ
OS: Manjaro (with KDE) 20.1.2
Kernel: 5.8.16-2
Potentially relevant installed packages: dkms 2.8.3-1.1, intel-ucode 20200616-1, lib32-util-linux 2.36-1,
lib32-vulkan-intel 20.1.8-1, libva-intel-driver 2.4.1-1, linux-api-headers 5.8-1,
linux-firmware 20201005.r1732.58d41d0-1, linux-latest 5.8-2, linux-latest-nvidia-450xx 5.8-2,
linux-latest-virtualbox-host-modules 5.8-2, linux58 5.8.16-2, linux58-headers 5.8.16-2,
linux58-nvidia-450xx 450.80.02-3, linux58-virtualbox-host-modules 6.1.14-13, util-linux 2.36-4,
util-linux-libs 2.36-4, virtualbox 6.1.14-1, virtualbox 6.1.14-1, virtualbox-host-dkms 6.1.14-1,
vulkan-intel 20.1.8-1, xf86-video-intel 1:2.99.917+908+g7181c5a4-1
OUTER VM:
OS: Manjaro (with KDE) 20.1.2
Kernel: 5.8.16-2
Settings: PAE/NX, nested VT-x/AMD-V and nested paging enabled, default paravirtualisation device,
graphics controller VBoxSVGA, rest mostly default
Relevant installed packages: dkms 2.8.3-1.1, intel-ucode 20200616-1, lib32-libva-intel-driver 2.4.1-1,
lib32-util-linux 2.36-1, libva-intel-driver 2.4.1-1, linux-api-headers 5.8-1,
linux-firmware 20201005.r1732.58d41d0-1, linux-latest 5.8-2, linux-latest-virtualbox-guest-modules 5.8-2,
linux-latest-virtualbox-host-modules 5.8-2, linux58 5.8.16-2, linux58-headers 5.8.16-2,
linux58-virtualbox-guest-modules 6.1.14-13, linux58-virtualbox-host-modules 6.1.14-13, util-linux 2.36-4,
util-linux-libs 2.36-4, virtualbox 6.1.14-1, virtualbox-guest-utils 6.1.14-1,
virtualbox-host-dkms 6.1.14-1
MIDDLE VM:
OS, kernel, settings, relevant installed packages: same as outer VM, except VT-x disabled for now
INNER VM:
OS: either Manjaro (with KDE) 20.1.2 or Manjaro 32bit (with XFCE) 18.0.4, if only 32bit works
Kernel: 5.8.?-?
Settings: same as in outer VM, but currently invalid because of missing VT-x
grep -E --color 'vmx|svm' /proc/cpuinfo系统的输出:
主持人,8倍于此:
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushopt intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad ept_1gb flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest ple pml ept_mode_based_exec
外部 VM,是这个的 2 倍:
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti tpr_shadow vnmi flexpriority vpid fsgsbase avx2 invpcid rdseed clflushopt md_clear flush_l1d
vmx flags : vnmi flexpriority tsc_offset vtpr vapic
中间虚拟机,如果其设置中禁用了嵌套的 VT-x 选项:空输出(否则它甚至不会启动)
输出lscpu:
HOST:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 2
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 158
Model name: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Stepping: 9
CPU MHz: 993.110
CPU max MHz: 3800.0000
CPU min MHz: 800.0000
BogoMIPS: 5602.18
Virtualization: VT-x
L1d cache: 128 KiB
L1i cache: 128 KiB
L2 cache: 1 MiB
L3 cache: 6 MiB
NUMA node0 CPU(s): 0-7
Vulnerability Itlb multihit: KVM: Mitigation: VMX disabled
Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cache flushes, SMT vulnerable
Vulnerability Mds: Mitigation; Clear CPU buffers; SMT vulnerable
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP conditional, RSB filling
Vulnerability Srbds: Mitigation; Microcode
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xt
opology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_
lm abm 3dnowprefetch cpuid_fault epb invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid mpx rdseed adx smap clflushop
t intel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
OUTER VM:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 2
On-line CPU(s) list: 0,1
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 158
Model name: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Stepping: 9
CPU MHz: 2807.998
BogoMIPS: 5618.99
Virtualization: VT-x
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 64 KiB
L1i cache: 64 KiB
L2 cache: 512 KiB
L3 cache: 12 MiB
NUMA node0 CPU(s): 0,1
Vulnerability Itlb multihit: KVM: Mitigation: VMX disabled
Vulnerability L1tf: Mitigation; PTE Inversion; VMX EPT disabled
Vulnerability Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Full generic retpoline, STIBP disabled, RSB filling
Vulnerability Srbds: Unknown: Dependent on hypervisor status
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good
nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hyper
visor lahf_lm abm 3dnowprefetch invpcid_single pti tpr_shadow vnmi flexpriority vpid fsgsbase avx2 invpcid rdseed clflushopt md_clear flush_l1d
MIDDLE VM (with nested VT-x disabled):
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 158
Model name: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Stepping: 9
CPU MHz: 2806.774
BogoMIPS: 5615.44
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32 KiB
L1i cache: 32 KiB
L2 cache: 256 KiB
L3 cache: 6 MiB
NUMA node0 CPU(s): 0
Vulnerability Itlb multihit: KVM: Mitigation: VMX unsupported
Vulnerability L1tf: Mitigation; PTE Inversion
Vulnerability Mds: Mitigation; Clear CPU buffers; SMT Host state unknown
Vulnerability Meltdown: Mitigation; PTI
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Full generic retpoline, STIBP disabled, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good
nopl xtopology nonstop_tsc cpuid tsc_known_freq pni ssse3 pcid sse4_1 sse4_2 x2apic hypervisor lahf_lm invpcid_single pti fsgsbase invpcid md_
clear flush_l1d