From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56538) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gMFUH-0005VV-RY for qemu-devel@nongnu.org; Mon, 12 Nov 2018 11:54:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gMFUF-0004dX-Qy for qemu-devel@nongnu.org; Mon, 12 Nov 2018 11:54:57 -0500 Received: from mx1.redhat.com ([209.132.183.28]:50564) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gMFUD-0004UI-Qq for qemu-devel@nongnu.org; Mon, 12 Nov 2018 11:54:54 -0500 Date: Mon, 12 Nov 2018 16:54:37 +0000 From: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= Message-ID: <20181112165437.GW3602@redhat.com> Reply-To: Daniel =?utf-8?B?UC4gQmVycmFuZ8Op?= References: <20181102034649.43559-1-liran.alon@oracle.com> <12c26c34-8dd1-a442-7826-86b93ff978f8@redhat.com> <20181102165409.GF21191@redhat.com> <20181112161829.GU3602@redhat.com> <20181112165053.GF2293@work-vm> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20181112165053.GF2293@work-vm> Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Dr. David Alan Gilbert" Cc: Paolo Bonzini , Liran Alon , jmattson@google.com, ehabkost@redhat.com, kvm@vger.kernel.org, mtosatti@redhat.com, qemu-devel@nongnu.org, rth@twiddle.net On Mon, Nov 12, 2018 at 04:50:54PM +0000, Dr. David Alan Gilbert wrote: > * Daniel P. Berrang=C3=A9 (berrange@redhat.com) wrote: > > On Sun, Nov 04, 2018 at 11:19:57PM +0100, Paolo Bonzini wrote: > > > On 02/11/2018 17:54, Daniel P. Berrang=C3=A9 wrote: > > > > We have usually followed a rule that new machine types must not > > > > affect runability of a VM on a host. IOW new machine types should > > > > not introduce dependancies on specific kernels, or hardware featu= res > > > > such as CPU flags. > > >=20 > > > > Anything that requires a new kernel feature thus ought to be an > > > > opt-in config tunable on the CLI, separate from machine type > > > > choice. > > >=20 > > > Unless someone tinkered with the module parameters, they could not = even > > > use nested virtualization before 4.20. So for everyone else, "-cpu > > > ...,+vmx" does count as an "opt-in config tunable on the CLI" that > > > requires 4.20. > > > > > > For those that did tinker with module parameters, we can grandfathe= r in > > > the old machine types, so that they can use nested virtualization w= ith > > > no live migration support. For those that did not, however, I don'= t > > > think it makes sense to say "oh by the way I really want to be able= to > > > migrate this VM" on the command line, or even worse on the monitor. > >=20 > > IIUC, 4.20 is only required from POV of migration state. Is it thus > > possible to just register a migration blocker if QEMU is launched > > on a host with kernel < 4.20. > >=20 > > Migration has always been busted historically, so those people using > > nested VMX already won't be hurt by not having ability to live migrat= e > > their VM, but could otherwise continue using them without being force= d > > to upgrade their kernel to fix a feature they're not even using. >=20 > Yes, although I am a bit worried we might have a population of users > that: > a) Have enabled nesting > b) Run VMs with vmx enabled > c) Don't normally actually run nested guests > d) Currently happily migrate. True, and (b) would include anyone using libvirt's host-model CPU. So if you enabled nesting, have host-model for all guests, but only use nesting in one of the guests, you'd be doomed. Is it possible for QEMU to determine if there are nested guests running o= r not and conditionally block migration appropriately to ensure safety ? Regards, Daniel --=20 |: https://berrange.com -o- https://www.flickr.com/photos/dberran= ge :| |: https://libvirt.org -o- https://fstop138.berrange.c= om :| |: https://entangle-photo.org -o- https://www.instagram.com/dberran= ge :|