vmm: add nested option to CPU config

Add an option in the CLI to enable nested support.
Adding an option --cpu nested=on|off to the CPU
argument to enable nested support for Microsoft
Hypervisor. By default it is enabled for both KVM
and MSHV.

Signed-off-by: Muminul Islam <muislam@microsoft.com>

fuzz/fuzz_targets/http_api.rs

@@ -132,6 +132,7 @@ impl RequestHandler for StubApiRequestHandler {
                     max_phys_bits: 46,
                     affinity: None,
                     features: CpuFeatures::default(),
+                    nested: true,
                 },
                 memory: MemoryConfig {
                     size: 536_870_912,

src/main.rs

@@ -213,7 +213,8 @@ fn get_cli_options_sorted(
                     topology=<threads_per_core>:<cores_per_die>:<dies_per_package>:<packages>,\
                     kvm_hyperv=on|off,max_phys_bits=<maximum_number_of_physical_bits>,\
                     affinity=<list_of_vcpus_with_their_associated_cpuset>,\
-                    features=<list_of_features_to_enable>",
+                    features=<list_of_features_to_enable>,\
+                    nested=on|off",
             )
             .default_value(default_vcpus)
             .group("vm-config"),
@@ -962,6 +963,7 @@ mod unit_tests {
                 max_phys_bits: 46,
                 affinity: None,
                 features: CpuFeatures::default(),
+                nested: true,
             },
             memory: MemoryConfig {
                 size: 536_870_912,

vmm/src/config.rs

@@ -598,7 +598,8 @@ impl CpusConfig {
             .add("kvm_hyperv")
             .add("max_phys_bits")
             .add("affinity")
-            .add("features");
+            .add("features")
+            .add("nested");
         parser.parse(cpus).map_err(Error::ParseCpus)?;
 
         let boot_vcpus: u32 = parser
@@ -653,6 +654,11 @@ impl CpusConfig {
             }?;
         }
 
+        let nested = parser
+            .convert::<Toggle>("nested")
+            .map_err(Error::ParseCpus)?
+            .is_none_or(|toggle| toggle.0);
+
         Ok(CpusConfig {
             boot_vcpus,
             max_vcpus,
@@ -661,6 +667,7 @@ impl CpusConfig {
             max_phys_bits,
             affinity,
             features,
+            nested,
         })
     }
 }

vmm/src/lib.rs

@@ -215,7 +215,7 @@ impl From<&VmConfig> for hypervisor::HypervisorVmConfig {
     fn from(_value: &VmConfig) -> Self {
         hypervisor::HypervisorVmConfig {
             #[cfg(feature = "tdx")]
-            tdx_enabled: _value.platform.as_ref().map(|p| p.tdx).unwrap_or(false),
+            tdx_enabled: _value.platform.as_ref().is_some_and(|p| p.tdx),
             #[cfg(feature = "sev_snp")]
             sev_snp_enabled: _value.is_sev_snp_enabled(),
             #[cfg(feature = "sev_snp")]
@@ -2397,6 +2397,7 @@ mod unit_tests {
                 max_phys_bits: 46,
                 affinity: None,
                 features: CpuFeatures::default(),
+                nested: true,
             },
             memory: MemoryConfig {
                 size: 536_870_912,

vmm/src/vm_config.rs

@@ -69,6 +69,8 @@ pub struct CpusConfig {
     pub affinity: Option<Vec<CpuAffinity>>,
     #[serde(default)]
     pub features: CpuFeatures,
+    #[serde(default = "default_cpusconfig_nested")]
+    pub nested: bool,
 }
 
 pub const DEFAULT_VCPUS: u32 = 1;
@@ -83,6 +85,7 @@ impl Default for CpusConfig {
             max_phys_bits: DEFAULT_MAX_PHYS_BITS,
             affinity: None,
             features: CpuFeatures::default(),
+            nested: true,
         }
     }
 }
@@ -177,6 +180,10 @@ fn default_memoryconfig_thp() -> bool {
     true
 }
 
+fn default_cpusconfig_nested() -> bool {
+    true
+}
+
 #[derive(Clone, Debug, PartialEq, Eq, Deserialize, Serialize)]
 pub struct MemoryConfig {
     pub size: u64,