From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Subject: Re: [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state Date: Mon, 12 Nov 2018 16:54:37 +0000 Message-ID: <20181112165437.GW3602@redhat.com> References: <20181102034649.43559-1-liran.alon@oracle.com> <12c26c34-8dd1-a442-7826-86b93ff978f8@redhat.com> <20181102165409.GF21191@redhat.com> <20181112161829.GU3602@redhat.com> <20181112165053.GF2293@work-vm> Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: ehabkost@redhat.com, kvm@vger.kernel.org, mtosatti@redhat.com, qemu-devel@nongnu.org, Liran Alon , Paolo Bonzini , rth@twiddle.net, jmattson@google.com To: "Dr. David Alan Gilbert" Return-path: Content-Disposition: inline In-Reply-To: <20181112165053.GF2293@work-vm> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel2=m.gmane.org@nongnu.org Sender: "Qemu-devel" List-Id: kvm.vger.kernel.org On Mon, Nov 12, 2018 at 04:50:54PM +0000, Dr. David Alan Gilbert wrote: > * Daniel P. Berrang=C3=A9 (berrange@redhat.com) wrote: > > On Sun, Nov 04, 2018 at 11:19:57PM +0100, Paolo Bonzini wrote: > > > On 02/11/2018 17:54, Daniel P. Berrang=C3=A9 wrote: > > > > We have usually followed a rule that new machine types must not > > > > affect runability of a VM on a host. IOW new machine types should > > > > not introduce dependancies on specific kernels, or hardware featu= res > > > > such as CPU flags. > > >=20 > > > > Anything that requires a new kernel feature thus ought to be an > > > > opt-in config tunable on the CLI, separate from machine type > > > > choice. > > >=20 > > > Unless someone tinkered with the module parameters, they could not = even > > > use nested virtualization before 4.20. So for everyone else, "-cpu > > > ...,+vmx" does count as an "opt-in config tunable on the CLI" that > > > requires 4.20. > > > > > > For those that did tinker with module parameters, we can grandfathe= r in > > > the old machine types, so that they can use nested virtualization w= ith > > > no live migration support. For those that did not, however, I don'= t > > > think it makes sense to say "oh by the way I really want to be able= to > > > migrate this VM" on the command line, or even worse on the monitor. > >=20 > > IIUC, 4.20 is only required from POV of migration state. Is it thus > > possible to just register a migration blocker if QEMU is launched > > on a host with kernel < 4.20. > >=20 > > Migration has always been busted historically, so those people using > > nested VMX already won't be hurt by not having ability to live migrat= e > > their VM, but could otherwise continue using them without being force= d > > to upgrade their kernel to fix a feature they're not even using. >=20 > Yes, although I am a bit worried we might have a population of users > that: > a) Have enabled nesting > b) Run VMs with vmx enabled > c) Don't normally actually run nested guests > d) Currently happily migrate. True, and (b) would include anyone using libvirt's host-model CPU. So if you enabled nesting, have host-model for all guests, but only use nesting in one of the guests, you'd be doomed. Is it possible for QEMU to determine if there are nested guests running o= r not and conditionally block migration appropriately to ensure safety ? Regards, Daniel --=20 |: https://berrange.com -o- https://www.flickr.com/photos/dberran= ge :| |: https://libvirt.org -o- https://fstop138.berrange.c= om :| |: https://entangle-photo.org -o- https://www.instagram.com/dberran= ge :|