From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Cole Robinson <crobinso@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] R: Re: [PATCH v2] target/i386: kvm: add VMX migration blocker
Date: Mon, 15 Apr 2019 12:22:48 +0100 [thread overview]
Message-ID: <20190415112247.GH2852@work-vm> (raw)
In-Reply-To: <1892546178.13440598.1555144001543.JavaMail.zimbra@redhat.com>
* Paolo Bonzini (pbonzini@redhat.com) wrote:
>
> ----- Cole Robinson <crobinso@redhat.com> ha scritto:
> > On 4/12/19 3:47 AM, Paolo Bonzini wrote:
> > > On 10/04/19 20:26, Cole Robinson wrote:
> > >> On 11/20/18 6:44 AM, Dr. David Alan Gilbert wrote:
> > >>> * Paolo Bonzini (pbonzini@redhat.com) wrote:
> > >>>> Nested VMX does not support live migration yet. Add a blocker
> > >>>> until that is worked out.
> > >>>>
> > >>>> Nested SVM only does not support it, but unfortunately it is
> > >>>> enabled by default for -cpu host so we cannot really disable it.
> > >>>>
> > >>>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > >>>
> > >>> So I'm OK with this, but it does need a release note warning whenever it
> > >>> goes in, because it'll surprise those who've already enabled nesting
> > >>> but don't use it on all their VMs.
> > >>>
> > >>
> > >> We are hitting this in Fedora 30. Now that nested VMX is enabled by
> > >> default at the kernel level, and virt-manager/boxes will use the
> > >> equivalent of -cpu host by default, libvirt managedsave (migrate to
> > >> file) and virt-manager snapshots (savevm) are rejected for default
> > >> created VMs on intel. That's quite unfortunate.
> > >>
> > >> Any ideas on how to resolve this?
> > >
> > > I think the simplest solution is just to finish implementation of nested
> > > VMX live migration and backport it to Fedora 30.
> > >
> >
> > That would simplify things :) Any guess on the timeframe? This is kernel
> > work I presume?
>
> No, the kernel part is already in. As a contingency plan, you could just revert this QEMU patch.
With a new-enough kernel, how hard is it to detect that this actual
migration is safe?
Dave
> Paolo
>
> >
> > If changes aren't landing in the near term I think we should disable
> > nested VMX by default in Fedora, maybe just with modules.d/kvm.conf
> > override. (Or revert this patch downstream, but I presume that's not a
> > good idea).
> >
> > The alternative of just letting it sit is going to generate a lot of
> > complaints I suspect. And the only solutions will be 1) disable nested
> > VMx for your whole machine and reboot, or 2) run this virt-xml command
> > to disable VMX in your domain config... and probably forget that it's
> > there and then a year later when this is all sorted out file a bug
> > asking why nested virt isn't working for this one VM ;)
> >
> > I guess #2 might not be avoidable anyways for the amount of people that
> > have already opted into nested VMX
> >
> > Thanks,
> > Cole
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, Cole Robinson <crobinso@redhat.com>
Subject: Re: [Qemu-devel] R: Re: [PATCH v2] target/i386: kvm: add VMX migration blocker
Date: Mon, 15 Apr 2019 12:22:48 +0100 [thread overview]
Message-ID: <20190415112247.GH2852@work-vm> (raw)
Message-ID: <20190415112248.8efRPwpAtfYWRRL2Gse6Hgiwa2_fE_Ko2K5azaC1K-4@z> (raw)
In-Reply-To: <1892546178.13440598.1555144001543.JavaMail.zimbra@redhat.com>
* Paolo Bonzini (pbonzini@redhat.com) wrote:
>
> ----- Cole Robinson <crobinso@redhat.com> ha scritto:
> > On 4/12/19 3:47 AM, Paolo Bonzini wrote:
> > > On 10/04/19 20:26, Cole Robinson wrote:
> > >> On 11/20/18 6:44 AM, Dr. David Alan Gilbert wrote:
> > >>> * Paolo Bonzini (pbonzini@redhat.com) wrote:
> > >>>> Nested VMX does not support live migration yet. Add a blocker
> > >>>> until that is worked out.
> > >>>>
> > >>>> Nested SVM only does not support it, but unfortunately it is
> > >>>> enabled by default for -cpu host so we cannot really disable it.
> > >>>>
> > >>>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > >>>
> > >>> So I'm OK with this, but it does need a release note warning whenever it
> > >>> goes in, because it'll surprise those who've already enabled nesting
> > >>> but don't use it on all their VMs.
> > >>>
> > >>
> > >> We are hitting this in Fedora 30. Now that nested VMX is enabled by
> > >> default at the kernel level, and virt-manager/boxes will use the
> > >> equivalent of -cpu host by default, libvirt managedsave (migrate to
> > >> file) and virt-manager snapshots (savevm) are rejected for default
> > >> created VMs on intel. That's quite unfortunate.
> > >>
> > >> Any ideas on how to resolve this?
> > >
> > > I think the simplest solution is just to finish implementation of nested
> > > VMX live migration and backport it to Fedora 30.
> > >
> >
> > That would simplify things :) Any guess on the timeframe? This is kernel
> > work I presume?
>
> No, the kernel part is already in. As a contingency plan, you could just revert this QEMU patch.
With a new-enough kernel, how hard is it to detect that this actual
migration is safe?
Dave
> Paolo
>
> >
> > If changes aren't landing in the near term I think we should disable
> > nested VMX by default in Fedora, maybe just with modules.d/kvm.conf
> > override. (Or revert this patch downstream, but I presume that's not a
> > good idea).
> >
> > The alternative of just letting it sit is going to generate a lot of
> > complaints I suspect. And the only solutions will be 1) disable nested
> > VMx for your whole machine and reboot, or 2) run this virt-xml command
> > to disable VMX in your domain config... and probably forget that it's
> > there and then a year later when this is all sorted out file a bug
> > asking why nested virt isn't working for this one VM ;)
> >
> > I guess #2 might not be avoidable anyways for the amount of people that
> > have already opted into nested VMX
> >
> > Thanks,
> > Cole
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2019-04-15 11:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-19 18:23 [Qemu-devel] [PATCH v2] target/i386: kvm: add VMX migration blocker Paolo Bonzini
2018-11-20 11:44 ` Dr. David Alan Gilbert
2018-11-20 12:14 ` Paolo Bonzini
2019-04-10 18:26 ` Cole Robinson
2019-04-12 7:47 ` Paolo Bonzini
2019-04-12 18:33 ` Cole Robinson
2019-04-13 8:26 ` [Qemu-devel] R: " Paolo Bonzini
2019-04-15 11:22 ` Dr. David Alan Gilbert [this message]
2019-04-15 11:22 ` Dr. David Alan Gilbert
2019-04-15 11:26 ` Paolo Bonzini
2019-04-15 11:26 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190415112247.GH2852@work-vm \
--to=dgilbert@redhat.com \
--cc=crobinso@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.