[libvirt] [PATCH v2] qemu: Add check for whether KVM nesting is enabled

Daniel P. Berrangé berrange at redhat.com
Wed Nov 28 12:24:11 UTC 2018 

On Wed, Nov 28, 2018 at 07:13:05AM -0500, John Ferlan wrote:
> 
> 
> On 11/28/18 5:02 AM, Daniel P. Berrangé wrote:
> > On Tue, Nov 27, 2018 at 02:15:39PM -0500, John Ferlan wrote:
> >>
> >>
> >> On 11/27/18 12:05 PM, Andrea Bolognani wrote:
> >>> On Mon, 2018-11-26 at 18:38 -0500, John Ferlan wrote:
> >>> [...]
> >>>> +static bool
> >>>> +virQEMUCapsKVMIsNested(void)
> >>>> +{
> >>>> +    VIR_AUTOFREE(char *) kConfig = NULL;
> >>>> +
> >>>> +    /* Intel, AMD, and s390 related checks */
> >>>> +    if ((kConfig = virKModConfig()) &&
> >>>> +        (strstr(kConfig, "kvm_intel nested=1") ||
> >>>> +         strstr(kConfig, "kvm_amd nested=1") ||
> >>>> +         strstr(kConfig, "kvm nested=1")))
> >>>> +        return true;
> >>>> +    return false;
> >>>> +}
> >>>
> >>> I might be doing it wrong, but I'm pretty sure I've enabled nested
> >>> virtualization properly on my laptop given that I can successfully
> >>> run 'modprobe kvm_intel' inside the L1 guest, and yet I get
> >>>
> >>>   # modprobe -c | grep -c nested=1
> >>>   0
> >>>
> >>> both in the L0 host and the L1 guest, so this check doesn't seem
> >>> accurate to me.
> >>>
> >>> Oh, wait, I get it now: 'modprobe -c' doesn't dump the *current* host
> >>> configuration, but the *static* one! So if you enable nested KVM
> >>> support by doing
> >>>
> >>>   # modprobe -r kvm_intel
> >>>   # modprobe kvm_intel nested=1
> >>>
> >>> like I did, then the check above will not report it as enabled even
> >>> though it is; conversely, if you drop the appropriate config snippet
> >>> in /etc/modprobe.d/ but don't reload the module it will report it as
> >>> enabled even though it's not!
> >>
> >> Ugh, sigh... Yep, I was thinking primarily the static config option
> >> since we had helpers to read. Of course that won't be enough. Joy, more
> >> code to probe... Maybe it is easier to just say - clear your
> >> capabilities cache if you alter that particular kernel value.
> > 
> > Surely its already easier just to ask the kernel for the live status
> > 
> > $ cat  /sys/module/kvm_intel/parameters/nested
> > 1
> > 
> 
> My commentary was more towards I was hoping to "reuse" the exising kmod
> helpers ;-) before I had thought about or written any code to read the
> live data.
> 
> The other "annoying" part is that you have "1" in your output and I have
> "Y" or "N". So much for "consistency".

Actually I just invented that output from memory and got it wrong :)


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list