[libvirt] [PATCH v2] qemu: Add check for whether KVM nesting is enabled

Tue Nov 27 19:15:39 UTC 2018

On 11/27/18 12:05 PM, Andrea Bolognani wrote:
> On Mon, 2018-11-26 at 18:38 -0500, John Ferlan wrote:
> [...]
>> +static bool
>> +virQEMUCapsKVMIsNested(void)
>> +{
>> +    VIR_AUTOFREE(char *) kConfig = NULL;
>> +
>> +    /* Intel, AMD, and s390 related checks */
>> +    if ((kConfig = virKModConfig()) &&
>> +        (strstr(kConfig, "kvm_intel nested=1") ||
>> +         strstr(kConfig, "kvm_amd nested=1") ||
>> +         strstr(kConfig, "kvm nested=1")))
>> +        return true;
>> +    return false;
>> +}
> 
> I might be doing it wrong, but I'm pretty sure I've enabled nested
> virtualization properly on my laptop given that I can successfully
> run 'modprobe kvm_intel' inside the L1 guest, and yet I get
> 
>   # modprobe -c | grep -c nested=1
>   0
> 
> both in the L0 host and the L1 guest, so this check doesn't seem
> accurate to me.
> 
> Oh, wait, I get it now: 'modprobe -c' doesn't dump the *current* host
> configuration, but the *static* one! So if you enable nested KVM
> support by doing
> 
>   # modprobe -r kvm_intel
>   # modprobe kvm_intel nested=1
> 
> like I did, then the check above will not report it as enabled even
> though it is; conversely, if you drop the appropriate config snippet
> in /etc/modprobe.d/ but don't reload the module it will report it as
> enabled even though it's not!

Ugh, sigh... Yep, I was thinking primarily the static config option
since we had helpers to read. Of course that won't be enough. Joy, more
code to probe... Maybe it is easier to just say - clear your
capabilities cache if you alter that particular kernel value.

> 
> As an added bonus, if you have random whitespace or additional
> options in the configuration line for the module, both of which are
> completely legal, then the string matching will fail :)
> 

So much for the easy way out.

> We will probably also need to add a completely different check for
> POWER9 hosts, where nested KVM support is enabled through a machine
> type property of the L1 guest rather than a setting on the host.
> I'll look into that as soon as I can get my hands on some suitable
> hardware.
> 
> One final remark about the naming: <kvmIsNested/> seems wrong to me,
> as IIUC it's not part of the capabilities of the L1 guest (where
> KVM is, indeed, nested) but rather of the L0 host, which makes
> <kvmSupportsNesting/> or something like that a much better choice
> in my opinion.
> 

Naming is hard ;-)  I like your naming better though.

John