How to enable nested virtualization in KVM

Learn how to run a virtual machine within a virtual machine.

Enabling nested virtualization in KVM

Nested virtualization allows you to run a virtual machine (VM) inside another VM while still using hardware acceleration from the host.

Checking if nested virtualization is supported

For Intel processors, check the /sys/module/kvm_intel/parameters/nested file. For AMD processors, check the /sys/module/kvm_amd/parameters/nested file. If you see 1 or Y, nested virtualization is supported; if you see 0 or N, nested virtualization is not supported.

For example:

  1. cat /sys/module/kvm_intel/parameters/nested
  2. Y

Enabling nested virtualization

To enable nested virtualization for Intel processors:

  1. Shut down all running VMs and unload the kvm_probe module:

    1. sudo modprobe -r kvm_intel

  2. Activate the nesting feature:

    1. sudo modprobe kvm_intel nested=1

  3. Nested virtualization is enabled until the host is rebooted. To enable it permanently, add the following line to the /etc/modprobe.d/kvm.conf file:

    1. options kvm_intel nested=1

To enable nested virtualization for AMD processors:

  1. Shut down all running VMs and unload the kvm_amd module:

    1. sudo modprobe -r kvm_amd

  2. Activate the nesting feature:

    1. sudo modprobe kvm_amd nested=1

  3. Nested virtualization is enabled until the host is rebooted. To enable it permanently, add the following line to the /etc/modprobe.d/kvm.conf file:

    1. options kvm_amd nested=1

Configuring nested virtualization in virt-manager

Configure your VM to use nested virtualization:

  1. Open virt-manager, double-click the VM in which you wish to enable nested virtualization, and click the Show virtual hardware details icon.

  2. Click CPUs in the side menu. In the Configuration section, there are two options - either type host-passthrough in the Model: field, or select the Copy host CPU configuration check box (that fills the host-model value in the Model field).

    Using host-passthrough is not recommended for general usage. It should only be used for nested virtualization purposes.

  3. Click Apply.

Testing nested virtualization

  1. Start the virtual machine.

  2. On the virtual machine, run:

    1. sudo dnf group install virtualization

  3. Verify that the virtual machine has virtualization correctly set up:

    1. sudo virt-host-validate
    2.   QEMU: Checking for hardware virtualization                                 : PASS
    3.   QEMU: Checking if device /dev/kvm exists                                   : PASS
    4.   QEMU: Checking if device /dev/kvm is accessible                            : PASS
    5.   QEMU: Checking if device /dev/vhost-net exists                             : PASS
    6.   QEMU: Checking if device /dev/net/tun exists                               : PASS
    7.   ...

Additional resources