€•HoŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ+/translations/zh_CN/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/zh_TW/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/it_IT/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ja_JP/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/ko_KR/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ+/translations/sp_SP/virt/kvm/x86/nested-vmx”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒE/var/lib/git/docbuild/linux/Documentation/virt/kvm/x86/nested-vmx.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ Nested VMX”h]”hŒ Nested VMX”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒOverview”h]”hŒOverview”…””}”(hhÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÉhžhhŸh³h KubhŒ paragraph”“”)”}”(hXOn Intel processors, KVM uses Intel's VMX (Virtual-Machine eXtensions) to easily and efficiently run guest operating systems. Normally, these guests *cannot* themselves be hypervisors running their own guests, because in VMX, guests cannot use VMX instructions.”h]”(hŒ—On Intel processors, KVM uses Intel’s VMX (Virtual-Machine eXtensions) to easily and efficiently run guest operating systems. Normally, these guests ”…””}”(hhÜhžhhŸNh NubhŒemphasis”“”)”}”(hŒ*cannot*”h]”hŒcannot”…””}”(hhæhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähhÜubhŒh themselves be hypervisors running their own guests, because in VMX, guests cannot use VMX instructions.”…””}”(hhÜhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K hhÉhžhubhÛ)”}”(hX The "Nested VMX" feature adds this missing capability - of running guest hypervisors (which use VMX) with their own nested guests. It does so by allowing a guest to use VMX instructions, and correctly and efficiently emulating them using the single level of VMX available in the hardware.”h]”hX$The “Nested VMX†feature adds this missing capability - of running guest hypervisors (which use VMX) with their own nested guests. It does so by allowing a guest to use VMX instructions, and correctly and efficiently emulating them using the single level of VMX available in the hardware.”…””}”(hhþhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhÛ)”}”(hŒôWe describe in much greater detail the theory behind the nested VMX feature, its implementation and its performance characteristics, in the OSDI 2010 paper "The Turtles Project: Design and Implementation of Nested Virtualization", available at:”h]”hŒøWe describe in much greater detail the theory behind the nested VMX feature, its implementation and its performance characteristics, in the OSDI 2010 paper “The Turtles Project: Design and Implementation of Nested Virtualizationâ€, available at:”…””}”(hj hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhŒ block_quote”“”)”}”(hŒFhttps://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf ”h]”hÛ)”}”(hŒDhttps://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf”h]”hŒ reference”“”)”}”(hj"h]”hŒDhttps://www.usenix.org/events/osdi10/tech/full_papers/Ben-Yehuda.pdf”…””}”(hj&hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j"uh1j$hj ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhŸh³h KhhÉhžhubeh}”(h]”Œoverview”ah ]”h"]”Œoverview”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒ Terminology”h]”hŒ Terminology”…””}”(hjKhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjHhžhhŸh³h KubhÛ)”}”(hŒíSingle-level virtualization has two levels - the host (KVM) and the guests. In nested virtualization, we have three levels: The host (KVM), which we call L0, the guest hypervisor, which we call L1, and its nested guest, which we call L2.”h]”hŒíSingle-level virtualization has two levels - the host (KVM) and the guests. In nested virtualization, we have three levels: The host (KVM), which we call L0, the guest hypervisor, which we call L1, and its nested guest, which we call L2.”…””}”(hjYhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhjHhžhubeh}”(h]”Œ terminology”ah ]”h"]”Œ terminology”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒRunning nested VMX”h]”hŒRunning nested VMX”…””}”(hjrhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjohžhhŸh³h K&ubhÛ)”}”(hŒ©The nested VMX feature is enabled by default since Linux kernel v4.20. For older Linux kernel, it can be enabled by giving the "nested=1" option to the kvm-intel module.”h]”hŒ­The nested VMX feature is enabled by default since Linux kernel v4.20. For older Linux kernel, it can be enabled by giving the “nested=1†option to the kvm-intel module.”…””}”(hj€hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K(hjohžhubhÛ)”}”(hŒÚNo modifications are required to user space (qemu). However, qemu's default emulated CPU type (qemu64) does not list the "VMX" CPU feature, so it must be explicitly enabled, by giving qemu one of the following options:”h]”hŒàNo modifications are required to user space (qemu). However, qemu’s default emulated CPU type (qemu64) does not list the “VMX†CPU feature, so it must be explicitly enabled, by giving qemu one of the following options:”…””}”(hjŽhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K-hjohžhubj)”}”(hŒ‘- cpu host (emulated CPU has all features of the real CPU) - cpu qemu64,+vmx (add just the vmx feature to a named CPU type) ”h]”hŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒFcpu host (emulated CPU has all features of the real CPU) ”h]”hÛ)”}”(hŒEcpu host (emulated CPU has all features of the real CPU)”h]”hŒEcpu host (emulated CPU has all features of the real CPU)”…””}”(hj«hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K1hj§ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¢ubj¦)”}”(hŒFcpu qemu64,+vmx (add just the vmx feature to a named CPU type) ”h]”hÛ)”}”(hŒDcpu qemu64,+vmx (add just the vmx feature to a named CPU type)”h]”hŒDcpu qemu64,+vmx (add just the vmx feature to a named CPU type)”…””}”(hjÃhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K3hj¿ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¢ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j hŸh³h K1hjœubah}”(h]”h ]”h"]”h$]”h&]”uh1jhŸh³h K1hjohžhubeh}”(h]”Œrunning-nested-vmx”ah ]”h"]”Œrunning nested vmx”ah$]”h&]”uh1h´hh¶hžhhŸh³h K&ubhµ)”}”(hhh]”(hº)”}”(hŒABIs”h]”hŒABIs”…””}”(hjðhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjíhžhhŸh³h K7ubhÛ)”}”(hXNested VMX aims to present a standard and (eventually) fully-functional VMX implementation for the a guest hypervisor to use. As such, the official specification of the ABI that it provides is Intel's VMX specification, namely volume 3B of their "Intel 64 and IA-32 Architectures Software Developer's Manual". Not all of VMX's features are currently fully supported, but the goal is to eventually support them all, starting with the VMX features which are used in practice by popular hypervisors (KVM and others).”h]”hX Nested VMX aims to present a standard and (eventually) fully-functional VMX implementation for the a guest hypervisor to use. As such, the official specification of the ABI that it provides is Intel’s VMX specification, namely volume 3B of their “Intel 64 and IA-32 Architectures Software Developer’s Manualâ€. Not all of VMX’s features are currently fully supported, but the goal is to eventually support them all, starting with the VMX features which are used in practice by popular hypervisors (KVM and others).”…””}”(hjþhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K9hjíhžhubhÛ)”}”(hXáAs a VMX implementation, nested VMX presents a VMCS structure to L1. As mandated by the spec, other than the two fields revision_id and abort, this structure is *opaque* to its user, who is not supposed to know or care about its internal structure. Rather, the structure is accessed through the VMREAD and VMWRITE instructions. Still, for debugging purposes, KVM developers might be interested to know the internals of this structure; This is struct vmcs12 from arch/x86/kvm/vmx.c.”h]”(hŒ¡As a VMX implementation, nested VMX presents a VMCS structure to L1. As mandated by the spec, other than the two fields revision_id and abort, this structure is ”…””}”(hj hžhhŸNh Nubhå)”}”(hŒ*opaque*”h]”hŒopaque”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj ubhX8 to its user, who is not supposed to know or care about its internal structure. Rather, the structure is accessed through the VMREAD and VMWRITE instructions. Still, for debugging purposes, KVM developers might be interested to know the internals of this structure; This is struct vmcs12 from arch/x86/kvm/vmx.c.”…””}”(hj hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KAhjíhžhubhÛ)”}”(hŒöThe name "vmcs12" refers to the VMCS that L1 builds for L2. In the code we also have "vmcs01", the VMCS that L0 built for L1, and "vmcs02" is the VMCS which L0 builds to actually run L2 - how this is done is explained in the aforementioned paper.”h]”hXThe name “vmcs12†refers to the VMCS that L1 builds for L2. In the code we also have “vmcs01â€, the VMCS that L0 built for L1, and “vmcs02†is the VMCS which L0 builds to actually run L2 - how this is done is explained in the aforementioned paper.”…””}”(hj,hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KIhjíhžhubhÛ)”}”(hX For convenience, we repeat the content of struct vmcs12 here. If the internals of this structure changes, this can break live migration across KVM versions. VMCS12_REVISION (from vmx.c) should be changed if struct vmcs12 or its inner struct shadow_vmcs is ever changed.”h]”hX For convenience, we repeat the content of struct vmcs12 here. If the internals of this structure changes, this can break live migration across KVM versions. VMCS12_REVISION (from vmx.c) should be changed if struct vmcs12 or its inner struct shadow_vmcs is ever changed.”…””}”(hj:hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KNhjíhžhubhŒ literal_block”“”)”}”(hXAtypedef u64 natural_width; struct __packed vmcs12 { /* According to the Intel spec, a VMCS region must start with * these two user-visible fields */ u32 revision_id; u32 abort; u32 launch_state; /* set to 0 by VMCLEAR, to 1 by VMLAUNCH */ u32 padding[7]; /* room for future expansion */ u64 io_bitmap_a; u64 io_bitmap_b; u64 msr_bitmap; u64 vm_exit_msr_store_addr; u64 vm_exit_msr_load_addr; u64 vm_entry_msr_load_addr; u64 tsc_offset; u64 virtual_apic_page_addr; u64 apic_access_addr; u64 ept_pointer; u64 guest_physical_address; u64 vmcs_link_pointer; u64 guest_ia32_debugctl; u64 guest_ia32_pat; u64 guest_ia32_efer; u64 guest_pdptr0; u64 guest_pdptr1; u64 guest_pdptr2; u64 guest_pdptr3; u64 host_ia32_pat; u64 host_ia32_efer; u64 padding64[8]; /* room for future expansion */ natural_width cr0_guest_host_mask; natural_width cr4_guest_host_mask; natural_width cr0_read_shadow; natural_width cr4_read_shadow; natural_width dead_space[4]; /* Last remnants of cr3_target_value[0-3]. */ natural_width exit_qualification; natural_width guest_linear_address; natural_width guest_cr0; natural_width guest_cr3; natural_width guest_cr4; natural_width guest_es_base; natural_width guest_cs_base; natural_width guest_ss_base; natural_width guest_ds_base; natural_width guest_fs_base; natural_width guest_gs_base; natural_width guest_ldtr_base; natural_width guest_tr_base; natural_width guest_gdtr_base; natural_width guest_idtr_base; natural_width guest_dr7; natural_width guest_rsp; natural_width guest_rip; natural_width guest_rflags; natural_width guest_pending_dbg_exceptions; natural_width guest_sysenter_esp; natural_width guest_sysenter_eip; natural_width host_cr0; natural_width host_cr3; natural_width host_cr4; natural_width host_fs_base; natural_width host_gs_base; natural_width host_tr_base; natural_width host_gdtr_base; natural_width host_idtr_base; natural_width host_ia32_sysenter_esp; natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; natural_width paddingl[8]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; u32 page_fault_error_code_mask; u32 page_fault_error_code_match; u32 cr3_target_count; u32 vm_exit_controls; u32 vm_exit_msr_store_count; u32 vm_exit_msr_load_count; u32 vm_entry_controls; u32 vm_entry_msr_load_count; u32 vm_entry_intr_info_field; u32 vm_entry_exception_error_code; u32 vm_entry_instruction_len; u32 tpr_threshold; u32 secondary_vm_exec_control; u32 vm_instruction_error; u32 vm_exit_reason; u32 vm_exit_intr_info; u32 vm_exit_intr_error_code; u32 idt_vectoring_info_field; u32 idt_vectoring_error_code; u32 vm_exit_instruction_len; u32 vmx_instruction_info; u32 guest_es_limit; u32 guest_cs_limit; u32 guest_ss_limit; u32 guest_ds_limit; u32 guest_fs_limit; u32 guest_gs_limit; u32 guest_ldtr_limit; u32 guest_tr_limit; u32 guest_gdtr_limit; u32 guest_idtr_limit; u32 guest_es_ar_bytes; u32 guest_cs_ar_bytes; u32 guest_ss_ar_bytes; u32 guest_ds_ar_bytes; u32 guest_fs_ar_bytes; u32 guest_gs_ar_bytes; u32 guest_ldtr_ar_bytes; u32 guest_tr_ar_bytes; u32 guest_interruptibility_info; u32 guest_activity_state; u32 guest_sysenter_cs; u32 host_ia32_sysenter_cs; u32 padding32[8]; /* room for future expansion */ u16 virtual_processor_id; u16 guest_es_selector; u16 guest_cs_selector; u16 guest_ss_selector; u16 guest_ds_selector; u16 guest_fs_selector; u16 guest_gs_selector; u16 guest_ldtr_selector; u16 guest_tr_selector; u16 host_es_selector; u16 host_cs_selector; u16 host_ss_selector; u16 host_ds_selector; u16 host_fs_selector; u16 host_gs_selector; u16 host_tr_selector; };”h]”hXAtypedef u64 natural_width; struct __packed vmcs12 { /* According to the Intel spec, a VMCS region must start with * these two user-visible fields */ u32 revision_id; u32 abort; u32 launch_state; /* set to 0 by VMCLEAR, to 1 by VMLAUNCH */ u32 padding[7]; /* room for future expansion */ u64 io_bitmap_a; u64 io_bitmap_b; u64 msr_bitmap; u64 vm_exit_msr_store_addr; u64 vm_exit_msr_load_addr; u64 vm_entry_msr_load_addr; u64 tsc_offset; u64 virtual_apic_page_addr; u64 apic_access_addr; u64 ept_pointer; u64 guest_physical_address; u64 vmcs_link_pointer; u64 guest_ia32_debugctl; u64 guest_ia32_pat; u64 guest_ia32_efer; u64 guest_pdptr0; u64 guest_pdptr1; u64 guest_pdptr2; u64 guest_pdptr3; u64 host_ia32_pat; u64 host_ia32_efer; u64 padding64[8]; /* room for future expansion */ natural_width cr0_guest_host_mask; natural_width cr4_guest_host_mask; natural_width cr0_read_shadow; natural_width cr4_read_shadow; natural_width dead_space[4]; /* Last remnants of cr3_target_value[0-3]. */ natural_width exit_qualification; natural_width guest_linear_address; natural_width guest_cr0; natural_width guest_cr3; natural_width guest_cr4; natural_width guest_es_base; natural_width guest_cs_base; natural_width guest_ss_base; natural_width guest_ds_base; natural_width guest_fs_base; natural_width guest_gs_base; natural_width guest_ldtr_base; natural_width guest_tr_base; natural_width guest_gdtr_base; natural_width guest_idtr_base; natural_width guest_dr7; natural_width guest_rsp; natural_width guest_rip; natural_width guest_rflags; natural_width guest_pending_dbg_exceptions; natural_width guest_sysenter_esp; natural_width guest_sysenter_eip; natural_width host_cr0; natural_width host_cr3; natural_width host_cr4; natural_width host_fs_base; natural_width host_gs_base; natural_width host_tr_base; natural_width host_gdtr_base; natural_width host_idtr_base; natural_width host_ia32_sysenter_esp; natural_width host_ia32_sysenter_eip; natural_width host_rsp; natural_width host_rip; natural_width paddingl[8]; /* room for future expansion */ u32 pin_based_vm_exec_control; u32 cpu_based_vm_exec_control; u32 exception_bitmap; u32 page_fault_error_code_mask; u32 page_fault_error_code_match; u32 cr3_target_count; u32 vm_exit_controls; u32 vm_exit_msr_store_count; u32 vm_exit_msr_load_count; u32 vm_entry_controls; u32 vm_entry_msr_load_count; u32 vm_entry_intr_info_field; u32 vm_entry_exception_error_code; u32 vm_entry_instruction_len; u32 tpr_threshold; u32 secondary_vm_exec_control; u32 vm_instruction_error; u32 vm_exit_reason; u32 vm_exit_intr_info; u32 vm_exit_intr_error_code; u32 idt_vectoring_info_field; u32 idt_vectoring_error_code; u32 vm_exit_instruction_len; u32 vmx_instruction_info; u32 guest_es_limit; u32 guest_cs_limit; u32 guest_ss_limit; u32 guest_ds_limit; u32 guest_fs_limit; u32 guest_gs_limit; u32 guest_ldtr_limit; u32 guest_tr_limit; u32 guest_gdtr_limit; u32 guest_idtr_limit; u32 guest_es_ar_bytes; u32 guest_cs_ar_bytes; u32 guest_ss_ar_bytes; u32 guest_ds_ar_bytes; u32 guest_fs_ar_bytes; u32 guest_gs_ar_bytes; u32 guest_ldtr_ar_bytes; u32 guest_tr_ar_bytes; u32 guest_interruptibility_info; u32 guest_activity_state; u32 guest_sysenter_cs; u32 host_ia32_sysenter_cs; u32 padding32[8]; /* room for future expansion */ u16 virtual_processor_id; u16 guest_es_selector; u16 guest_cs_selector; u16 guest_ss_selector; u16 guest_ds_selector; u16 guest_fs_selector; u16 guest_gs_selector; u16 guest_ldtr_selector; u16 guest_tr_selector; u16 host_es_selector; u16 host_cs_selector; u16 host_ss_selector; u16 host_ds_selector; u16 host_fs_selector; u16 host_gs_selector; u16 host_tr_selector; };”…””}”hjJsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jHhŸh³h KUhjíhžhubeh}”(h]”Œabis”ah ]”h"]”Œabis”ah$]”h&]”uh1h´hh¶hžhhŸh³h K7ubhµ)”}”(hhh]”(hº)”}”(hŒAuthors”h]”hŒAuthors”…””}”(hjchžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj`hžhhŸh³h KàubhŒdefinition_list”“”)”}”(hhh]”(hŒdefinition_list_item”“”)”}”(hŒáThese patches were written by: - Abel Gordon, abelg il.ibm.com - Nadav Har'El, nyh il.ibm.com - Orit Wasserman, oritw il.ibm.com - Ben-Ami Yassor, benami il.ibm.com - Muli Ben-Yehuda, muli il.ibm.com ”h]”(hŒterm”“”)”}”(hŒThese patches were written by:”h]”hŒThese patches were written by:”…””}”(hj~hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j|hŸh³h KçhjxubhŒ definition”“”)”}”(hhh]”j¡)”}”(hhh]”(j¦)”}”(hŒ"Abel Gordon, abelg il.ibm.com”h]”hÛ)”}”(hj–h]”hŒ"Abel Gordon, abelg il.ibm.com”…””}”(hj˜hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kãhj”ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj‘ubj¦)”}”(hŒ!Nadav Har'El, nyh il.ibm.com”h]”hÛ)”}”(hj­h]”hŒ#Nadav Har’El, nyh il.ibm.com”…””}”(hj¯hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kähj«ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj‘ubj¦)”}”(hŒ%Orit Wasserman, oritw il.ibm.com”h]”hÛ)”}”(hjÄh]”hŒ%Orit Wasserman, oritw il.ibm.com”…””}”(hjÆhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KåhjÂubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj‘ubj¦)”}”(hŒ&Ben-Ami Yassor, benami il.ibm.com”h]”hÛ)”}”(hjÛh]”hŒ&Ben-Ami Yassor, benami il.ibm.com”…””}”(hjÝhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KæhjÙubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj‘ubj¦)”}”(hŒ&Muli Ben-Yehuda, muli il.ibm.com ”h]”hÛ)”}”(hŒ%Muli Ben-Yehuda, muli il.ibm.com”h]”hŒ%Muli Ben-Yehuda, muli il.ibm.com”…””}”(hjôhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kçhjðubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj‘ubeh}”(h]”h ]”h"]”h$]”h&]”jÝjÞuh1j hŸh³h KãhjŽubah}”(h]”h ]”h"]”h$]”h&]”uh1jŒhjxubeh}”(h]”h ]”h"]”h$]”h&]”uh1jvhŸh³h Kçhjsubjw)”}”(hŒ³With contributions by: - Anthony Liguori, aliguori us.ibm.com - Mike Day, mdday us.ibm.com - Michael Factor, factor il.ibm.com - Zvi Dubitzky, dubi il.ibm.com ”h]”(j})”}”(hŒWith contributions by:”h]”hŒWith contributions by:”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j|hŸh³h Kíhjubj)”}”(hhh]”j¡)”}”(hhh]”(j¦)”}”(hŒ)Anthony Liguori, aliguori us.ibm.com”h]”hÛ)”}”(hj4h]”hŒ)Anthony Liguori, aliguori us.ibm.com”…””}”(hj6hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kêhj2ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj/ubj¦)”}”(hŒMike Day, mdday us.ibm.com”h]”hÛ)”}”(hjKh]”hŒMike Day, mdday us.ibm.com”…””}”(hjMhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KëhjIubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj/ubj¦)”}”(hŒ&Michael Factor, factor il.ibm.com”h]”hÛ)”}”(hjbh]”hŒ&Michael Factor, factor il.ibm.com”…””}”(hjdhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kìhj`ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj/ubj¦)”}”(hŒ#Zvi Dubitzky, dubi il.ibm.com ”h]”hÛ)”}”(hŒ"Zvi Dubitzky, dubi il.ibm.com”h]”hŒ"Zvi Dubitzky, dubi il.ibm.com”…””}”(hj{hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kíhjwubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj/ubeh}”(h]”h ]”h"]”h$]”h&]”jÝjÞuh1j hŸh³h Kêhj,ubah}”(h]”h ]”h"]”h$]”h&]”uh1jŒhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1jvhŸh³h Kíhjshžhubjw)”}”(hŒÁAnd valuable reviews by: - Avi Kivity, avi redhat.com - Gleb Natapov, gleb redhat.com - Marcelo Tosatti, mtosatti redhat.com - Kevin Tian, kevin.tian intel.com - and others.”h]”(j})”}”(hŒAnd valuable reviews by:”h]”hŒAnd valuable reviews by:”…””}”(hj¥hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j|hŸh³h Kóhj¡ubj)”}”(hhh]”j¡)”}”(hhh]”(j¦)”}”(hŒAvi Kivity, avi redhat.com”h]”hÛ)”}”(hj»h]”hŒAvi Kivity, avi redhat.com”…””}”(hj½hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kðhj¹ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¶ubj¦)”}”(hŒ"Gleb Natapov, gleb redhat.com”h]”hÛ)”}”(hjÒh]”hŒ"Gleb Natapov, gleb redhat.com”…””}”(hjÔhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KñhjÐubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¶ubj¦)”}”(hŒ)Marcelo Tosatti, mtosatti redhat.com”h]”hÛ)”}”(hjéh]”hŒ)Marcelo Tosatti, mtosatti redhat.com”…””}”(hjëhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kòhjçubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¶ubj¦)”}”(hŒ%Kevin Tian, kevin.tian intel.com”h]”hÛ)”}”(hjh]”hŒ%Kevin Tian, kevin.tian intel.com”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kóhjþubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¶ubj¦)”}”(hŒ and others.”h]”hÛ)”}”(hjh]”hŒ and others.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kôhjubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥hj¶ubeh}”(h]”h ]”h"]”h$]”h&]”jÝjÞuh1j hŸh³h Kðhj³ubah}”(h]”h ]”h"]”h$]”h&]”uh1jŒhj¡ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jvhŸh³h Kóhjshžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1jqhj`hžhhŸNh Nubeh}”(h]”Œauthors”ah ]”h"]”Œauthors”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kàubeh}”(h]”Œ nested-vmx”ah ]”h"]”Œ nested vmx”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jwŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jQjNjEjBjljijêjçj]jZjIjFuŒ nametypes”}”(jQ‰jE‰jl‰jê‰j]‰jI‰uh}”(jNh¶jBhÉjijHjçjojZjíjFj`uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.