[PATCH] docs: Describe protected virtualization guest setup
fiuczy at linux.ibm.com
Wed Apr 29 13:30:42 UTC 2020
On 4/29/20 3:25 PM, Daniel P. Berrangé wrote:
> On Wed, Apr 29, 2020 at 10:19:20AM -0300, Daniel Henrique Barboza wrote:
>> On 4/28/20 12:58 PM, Boris Fiuczynski wrote:
>>> From: Viktor Mihajlovski <mihajlov at linux.ibm.com>
>>> +If the check fails despite the host system actually supporting
>>> +protected virtualization guests, this can be caused by a stale
>>> +libvirt capabilities cache. To recover, run the following
>>> + $ systemctl stop libvirtd
>>> + $ rm /var/cache/libvirt/qemu/capabilities/*.xml
>>> + $ systemctl start libvirtd
>> Why isn't Libvirt re-fetching the capabilities after host changes that affects
>> KVM capabilities? I see that we're following up QEMU timestamps to detect
>> if the binary changes, which is sensible, but what about /dev/kvm? Shouldn't
>> we refresh domain capabilities every time following a host reboot?
> Caching of capabilities was done precisely to avoid refreshing on every boot
> because it resulted in slow startup for apps using libvirt after boot.
> We look for specific features that change as a way to indicate a refresh
> is needed. If there's a need to delete the capabilities manually that
> indicates we're missing some feature when deciding whether the cache is
we will provide a patch serie proposing code for such caps cache
invalidation triggers for IBM Secure Execution as well as for AMD SEV.
Afterwards we can change the documentation as well.
Mit freundlichen Grüßen/Kind regards
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Gregor Pillen
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
More information about the libvir-list