Procedure to enable nested virtualization (on Intel-based machines)
-----------------------------------------------------------------------
1. List modules and ensure KVM Kernel modules are enabled on L0:

    $ lsmod | grep -i kvm
    kvm_intel             133627  0
    kvm                   435079  1 kvm_intel


2. Show information for `kvm_intel` module:

    $ modinfo kvm_intel | grep -i nested
    parm:           nested:boolkvm                   435079  1 kvm_intel


3. Ensure nested virt is persistent across reboots by adding it as a
   config directive:

    $ cat /etc/modprobe.d/dist.conf
    options kvm-intel nested=y


4. Unload and re-load the KVM Intel module

    $ sudo rmmod kvm-intel
    $ sudo modprobe kvm-intel


5. Check if the Nested KVM Kernel module option is enabled:

    $ cat /sys/module/kvm_intel/parameters/nested
    Y


6. Before you boot your L1 guest (i.e. the guest hypervisor that runs
   the nested guest), expose virtualization extensions to it. The
   following exposes all the CPU features of host to your guest
   unconditionally:

    # This `virt-xml` tool is part of 'virt-install' package
    $ virt-xml guest-hyp \
        --edit \
        --cpu host-passthrough,clearxml=yes


7. Start your L1 guest (i.e. guest hypervisor):

    $ virsh start guest-hyp --console


8. Ensure KVM extensions are enabled in L1 guest by running the below
   command:

    ><guest-hyp>$ file /dev/kvm                                                                                                                       
    /dev/kvm: character special


9. Start your level-2 (nested) guest:

    ><guest-hyp>$ virsh start nested-guest                                                                                                            

NOTES: If the Intel hardware is sufficiently advanced (Intel Haswell
processor or above which has newer hardware virt extensions), you might
enable Shadow VMCS, APIC Virtualization on the physical host (L0):

    $ cat /sys/module/kvm_intel/parameters/enable_shadow_vmcs
    Y

    $ cat /sys/module/kvm_intel/parameters/enable_apicv
    N

    $ cat /sys/module/kvm_intel/parameters/ept
    Y
-----------------------------------------------------------------------

* * *

Instructions for AMD:
------------------------------------------------------------------------
(1) Enable the 'nested' parameter for AMD Kernel module:

    $ cat /sys/module/kvm_amd/parameters/nested
    0  

    $ rmmod kvm-amd
    $ modprobe kvm-amd nested=1

    $ cat /sys/module/kvm_amd/parameters/nested
    1

(2) To make the above value persistent across reboots, add an entry in
    /etc/modprobe.dist.conf so it looks as below:

    $ cat /etc/modprobe.d/dist.conf
    options kvm-amd nested=y
------------------------------------------------------------------------