主权项 |
1. A system comprising:
a processor providing hardware virtualization; a memory to store a plurality of virtual machine data structures corresponding to a plurality of nested virtualization levels including a first nested virtualization level and a second nested virtualization level nested within the first nested virtualization level, the virtual machine data structures including a first virtual machine data structure corresponding to the first nested virtualization level and a second virtual machine data structure corresponding to the second nested virtualization level, the virtual machine data structures to assist management of the hardware virtualization provided by the processor; a plurality of nested virtual machines located within the nested virtualization levels, the nested virtual machines including a plurality of first nested virtual machines located within the first nested virtualization level and a plurality of second nested virtual machines located within the second nested virtualization level; and, a plurality of hypervisors to manage the nested virtual machines using the virtual machine data structures, the hypervisors including a root hypervisor to manage all the first nested virtual machines using the first virtual machine data structure for all the first nested virtual machines, the hypervisors including a first nested virtualization level hypervisor to run within the first nested virtual machines and to manage all the second nested virtual machines using the second virtual machine data structure for all the second nested virtual machines, wherein the first virtual machine data structure includes a privilege violation variable indicating which hypervisor of the hypervisors to which execution is to proceed responsive to a privilege violation by any first nested virtual machine, wherein the second virtual machine data structure includes a privilege violation variable indicating which hypervisor of the hypervisors to which execution is to proceed responsive to a privilege violation by any second nested virtual machine, wherein each virtual machine data structure comprises a bit mask corresponding to privileges of the nested virtual machines located within the nested virtualization level to which the virtual machine data structure corresponds, the privileges indicating which hardware virtualization instructions of the processor the nested virtual machines are permitted to execute. |