Skip to content

fix(vmm): fix KVM smoke test for nested virtualization#421

Merged
DorianZheng merged 1 commit into
mainfrom
fix/kvm-smoke-test
Apr 2, 2026
Merged

fix(vmm): fix KVM smoke test for nested virtualization#421
DorianZheng merged 1 commit into
mainfrom
fix/kvm-smoke-test

Conversation

@DorianZheng

@DorianZheng DorianZheng commented Apr 2, 2026

Copy link
Copy Markdown
Member

Summary

Root Cause

The smoke test from #417 didn't set up vCPU registers (CS, RIP, RFLAGS) before calling KVM_RUN. Without initialization, the x86 CPU starts at the reset vector (0xFFFFFFF0) which has no memory mapped in the test VM.

  • Bare-metal KVM: happened to produce KVM_EXIT_HLT by coincidence
  • Nested KVM (EC2 c8i): correctly failed with KVM_EXIT_UNKNOWN (0) or KVM_EXIT_SHUTDOWN (17)

This was misdiagnosed as "broken nested virtualization on Amazon Linux 2023". Both AL2023 (kernel 6.1) and Ubuntu 24.04 (kernel 6.17) work correctly on c8i when the vCPU is properly initialized.

The Fix

  1. Proper vCPU init: Set CS base=0, selector=0, RIP=0, RFLAGS=0x2 (per LWN "Using the KVM API" and dpw/kvm-hello-world)
  2. C implementation: Rust's libc::ioctl() variadic FFI has ABI issues with KVM ioctls on some platforms. The smoke test is now in kvm_smoke.c called via FFI.

Test Results

Platform Without fix With fix
EC2 c8i + AL2023 (kernel 6.1) exit_reason=17 (SHUTDOWN) exit_reason=5 (HLT) ✅
EC2 c8i + Ubuntu 24.04 (kernel 6.17) exit_reason=0 (UNKNOWN) exit_reason=5 (HLT) ✅

References

@DorianZheng
fix(vmm): fix KVM smoke test for nested virtualization (EC2 c8i)
90f11b6 
The smoke test from #417 failed on EC2 c8i instances because it didn't
initialize vCPU registers before KVM_RUN. Without setting CS base=0 and
RIP=0, the CPU starts at the x86 reset vector (0xFFFFFFF0) which is
unmapped, causing KVM_EXIT_UNKNOWN on nested KVM.

This was misdiagnosed as "broken nested virtualization on Amazon Linux
2023 / EC2 c8i". In fact, both Amazon Linux 2023 (kernel 6.1) and
Ubuntu 24.04 (kernel 6.17) work correctly on c8i when the vCPU is
properly initialized.

The fix:
- Move smoke test to C (kvm_smoke.c) — Rust's libc::ioctl() variadic
  FFI has ABI issues with KVM ioctls on some platforms
- Properly init vCPU state: CS base=0, selector=0, RIP=0, RFLAGS=0x2
- Verified on EC2 c8i with both AL2023 and Ubuntu 24.04

References:
- LWN "Using the KVM API": https://lwn.net/Articles/658511/
- dpw/kvm-hello-world: https://github.com/dpw/kvm-hello-world

Fixes the false positive from #417.
@DorianZheng DorianZheng merged commit f3461b0 into main Apr 2, 2026
20 checks passed
@DorianZheng DorianZheng deleted the fix/kvm-smoke-test branch April 2, 2026 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DorianZheng