[PATCH] docs: Describe protected virtualization guest setup
Boris Fiuczynski
fiuczy at linux.ibm.com
Wed Apr 29 13:30:42 UTC 2020
On 4/29/20 3:25 PM, Daniel P. Berrangé wrote:
> On Wed, Apr 29, 2020 at 10:19:20AM -0300, Daniel Henrique Barboza wrote:
>>
>>
>> On 4/28/20 12:58 PM, Boris Fiuczynski wrote:
>>> From: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>>>
>>
>> [...]
>>> +
>>> +If the check fails despite the host system actually supporting
>>> +protected virtualization guests, this can be caused by a stale
>>> +libvirt capabilities cache. To recover, run the following
>>> +commands
>>> +
>>> +::
>>> +
>>> + $ systemctl stop libvirtd
>>> + $ rm /var/cache/libvirt/qemu/capabilities/*.xml
>>> + $ systemctl start libvirtd
>>> +
>>> +
>>
>>
>> Why isn't Libvirt re-fetching the capabilities after host changes that affects
>> KVM capabilities? I see that we're following up QEMU timestamps to detect
>> if the binary changes, which is sensible, but what about /dev/kvm? Shouldn't
>> we refresh domain capabilities every time following a host reboot?
>
> Caching of capabilities was done precisely to avoid refreshing on every boot
> because it resulted in slow startup for apps using libvirt after boot.
>
> We look for specific features that change as a way to indicate a refresh
> is needed. If there's a need to delete the capabilities manually that
> indicates we're missing some feature when deciding whether the cache is
> stale.
>
> Regards,
> Daniel
>
Daniel's,
we will provide a patch serie proposing code for such caps cache
invalidation triggers for IBM Secure Execution as well as for AMD SEV.
Afterwards we can change the documentation as well.
--
Mit freundlichen Grüßen/Kind regards
Boris Fiuczynski
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list
mailing list