[libvirt] [PATCH v6 4/9] libxl: do not enable nested HVM unless global nested_hvm option enabled
Jim Fehlig
jfehlig at suse.com
Thu Mar 22 00:12:39 UTC 2018
On 03/21/2018 06:05 PM, Marek Marczykowski-Górecki wrote:
> On Wed, Mar 21, 2018 at 05:55:28PM -0600, Jim Fehlig wrote:
>> On 03/21/2018 10:32 AM, Marek Marczykowski-Górecki wrote:
>>> Introduce global libxl option for enabling nested HVM feature, similar
>>> to kvm module parameter. This will prevent enabling experimental feature
>>> by mere presence of <cpu mode='host-passthrough'> element in domain
>>> config, unless explicitly enabled. <cpu mode='host-passthrough'> element
>>> may be used to configure other features, like NUMA, or CPUID.
>>>
>>> Signed-off-by: Marek Marczykowski-Górecki <marmarek at invisiblethingslab.com>
>>> Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
>>> ---
>>> Changes since v4:
>>> - add nested_hvm option to test_libvirtd_libxl.aug.in and libvirtd_libxl.aug
>>> - make it possible to override nested_hvm=0 with explicit <feature
>>> policy='require' name='vmx'/>
>>> - split xenconfig changes into separate commits
>>> Changes since v3:
>>> - use config option nested_hvm, instead of requiring explicit <feature
>>> ...> entries
>>> - title changed from "libxl: do not enable nested HVM by mere presence
>>> of <cpu> element"
>>> - xenconfig: don't add <feature policy='force' name='vmx'/> since it is
>>> implied by presence of <cpu> element
>>> - xenconfig: produce <cpu> element even when converting on host not
>>> supporting vmx/svm, to not lose setting value
>>> Changes since v2:
>>> - new patch
>>> ---
>>> src/libxl/libvirtd_libxl.aug | 2 ++
>>> src/libxl/libxl.conf | 8 ++++++++
>>> src/libxl/libxl_conf.c | 12 +++++++++++-
>>> src/libxl/libxl_conf.h | 2 ++
>>> src/libxl/test_libvirtd_libxl.aug.in | 1 +
>>> tests/libxlxml2domconfigtest.c | 3 +++
>>> 6 files changed, 27 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/libxl/libvirtd_libxl.aug b/src/libxl/libvirtd_libxl.aug
>>> index b31cc07..58b9af3 100644
>>> --- a/src/libxl/libvirtd_libxl.aug
>>> +++ b/src/libxl/libvirtd_libxl.aug
>>> @@ -28,12 +28,14 @@ module Libvirtd_libxl =
>>> let lock_entry = str_entry "lock_manager"
>>> let keepalive_interval_entry = int_entry "keepalive_interval"
>>> let keepalive_count_entry = int_entry "keepalive_count"
>>> + let nested_hvm_entry = bool_entry "nested_hvm"
>>> (* Each entry in the config is one of the following ... *)
>>> let entry = autoballoon_entry
>>> | lock_entry
>>> | keepalive_interval_entry
>>> | keepalive_count_entry
>>> + | nested_hvm_entry
>>> let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
>>> let empty = [ label "#empty" . eol ]
>>> diff --git a/src/libxl/libxl.conf b/src/libxl/libxl.conf
>>> index 264af7c..72825a7 100644
>>> --- a/src/libxl/libxl.conf
>>> +++ b/src/libxl/libxl.conf
>>> @@ -41,3 +41,11 @@
>>> #
>>> #keepalive_interval = 5
>>> #keepalive_count = 5
>>> +
>>> +# Nested HVM default control. In order to use nested HVM feature, this option
>>> +# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'>
>>> +# in domain configuration. This can be overridden in domain configuration by
>>> +# explicitly setting <feature policy='require' name='vmx'/> inside <cpu/>
>>> +# element.
>>
>> Cool, the setting can be overridden by per-domain config.
>>
>>> +# By default it is disabled.
>>> +#nested_hvm = 0
>>> diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
>>> index dcfdd67..3b9e828 100644
>>> --- a/src/libxl/libxl_conf.c
>>> +++ b/src/libxl/libxl_conf.c
>>> @@ -360,7 +360,9 @@ libxlMakeDomBuildInfo(virDomainDefPtr def,
>>> bool hasHwVirt = false;
>>> bool svm = false, vmx = false;
>>> - if (ARCH_IS_X86(def->os.arch)) {
>>> + /* enable nested HVM only if global nested_hvm option enable it and
>>> + * host support it*/
>>> + if (cfg->nested_hvm && ARCH_IS_X86(def->os.arch)) {
>>> vmx = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "vmx");
>>> svm = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "svm");
>>> hasHwVirt = vmx | svm;
>>
>> But IIUC this change will not allow per-domain config to override the global
>> setting. If cfg->nested_hvm is false, svm and vmx are both false and
>> FEATURE_REQUIRE is not honored.
>
> Ough, conflict resolution went wrong after changing 3/9 :/
> Fixed patch will follow.
Ok. No need to send the whole series again. Just a followup to this patch will
do. Thanks!
Regards,
Jim
More information about the libvir-list
mailing list