[libvirt] [PATCH v4 4/8] libxl: do not enable nested HVM unless global nested_hvm option enabled
Jim Fehlig
jfehlig at suse.com
Tue Feb 27 00:12:18 UTC 2018
On 02/26/2018 04:51 PM, Marek Marczykowski-Górecki wrote:
> On Mon, Feb 26, 2018 at 04:23:18PM -0700, Jim Fehlig wrote:
>> On 02/26/2018 04:10 PM, Marek Marczykowski-Górecki wrote:
>>> On Mon, Feb 26, 2018 at 03:47:11PM -0700, Jim Fehlig wrote:
>>>> On 02/08/2018 03:58 PM, Marek Marczykowski-Górecki wrote:
>>>>> +
>>>>> +# Nested HVM global control. In order to use nested HVM feature, this option
>>>>> +# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'>
>>>>> +# in domain configuration.
>>>>> +# By default it is disabled.
>>>>> +#nested_hvm = 0
>>>>
>>>> I think per-domain settings should override this one. Users would find it
>>>> odd that they don't have vmx in their hvm guest with
>>>>
>>>> <cpu mode='host-passthrough'>
>>>> <feature policy='require' name='vmx'/>
>>>> </cpu>
>>>
>>> I like this one :) It means that by just introducing global
>>> "nested_hvm = 0", we can have what I've originally proposed - nested HVM
>>> disabled until explicitly enabled with exactly this config snippet.
>>
>> Yes. Sorry if we've been going around in circles on some of these topics.
>
> Ok, so before I go with v5 being mainly revert to v3 (+global config),
> can you confirm that it is really ok? Will it be consistent enough with
> KVM case? Not sure how it's handled there, but I'd guess if _kernel
> module_ parameter is set to 0 (is it where the global switch is?), it
> will stay disabled regardless of what you specify in libvirt domain XML.
Yes, AFAIK that is the case with KVM. But from a libvirt perspective, it will be
consistent with many of the other settings in <hypervisor>.conf. If a setting in
<hypervisor>.conf has a counterpart in domain XML, the latter has precedence.
Regards,
Jim
More information about the libvir-list
mailing list