From: Liran Alon <liran.alon@oracle.com>
To: "\"Daniel P. Berrangé\"" <berrange@redhat.com>
Cc: ehabkost@redhat.com, kvm@vger.kernel.org, mtosatti@redhat.com,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
rth@twiddle.net, jmattson@google.com
Subject: Re: [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state
Date: Tue, 13 Nov 2018 02:00:22 +0200 [thread overview]
Message-ID: <04AB82C1-F0AC-4BDB-A132-D39A49EA0A9A@oracle.com> (raw)
In-Reply-To: <20181112165437.GW3602@redhat.com>
> On 12 Nov 2018, at 18:54, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Mon, Nov 12, 2018 at 04:50:54PM +0000, Dr. David Alan Gilbert wrote:
>> * Daniel P. Berrangé (berrange@redhat.com) wrote:
>>> On Sun, Nov 04, 2018 at 11:19:57PM +0100, Paolo Bonzini wrote:
>>>> On 02/11/2018 17:54, Daniel P. Berrangé wrote:
>>>>> We have usually followed a rule that new machine types must not
>>>>> affect runability of a VM on a host. IOW new machine types should
>>>>> not introduce dependancies on specific kernels, or hardware features
>>>>> such as CPU flags.
>>>>
>>>>> Anything that requires a new kernel feature thus ought to be an
>>>>> opt-in config tunable on the CLI, separate from machine type
>>>>> choice.
>>>>
>>>> Unless someone tinkered with the module parameters, they could not even
>>>> use nested virtualization before 4.20. So for everyone else, "-cpu
>>>> ...,+vmx" does count as an "opt-in config tunable on the CLI" that
>>>> requires 4.20.
>>>>
>>>> For those that did tinker with module parameters, we can grandfather in
>>>> the old machine types, so that they can use nested virtualization with
>>>> no live migration support. For those that did not, however, I don't
>>>> think it makes sense to say "oh by the way I really want to be able to
>>>> migrate this VM" on the command line, or even worse on the monitor.
>>>
>>> IIUC, 4.20 is only required from POV of migration state. Is it thus
>>> possible to just register a migration blocker if QEMU is launched
>>> on a host with kernel < 4.20.
>>>
>>> Migration has always been busted historically, so those people using
>>> nested VMX already won't be hurt by not having ability to live migrate
>>> their VM, but could otherwise continue using them without being forced
>>> to upgrade their kernel to fix a feature they're not even using.
>>
>> Yes, although I am a bit worried we might have a population of users
>> that:
>> a) Have enabled nesting
>> b) Run VMs with vmx enabled
>
>
>> c) Don't normally actually run nested guests
>> d) Currently happily migrate.
>
> True, and (b) would include anyone using libvirt's host-model CPU. So if
> you enabled nesting, have host-model for all guests, but only use nesting
> in one of the guests, you'd be doomed.
>
> Is it possible for QEMU to determine if there are nested guests running or
> not and conditionally block migration appropriately to ensure safety ?
Only if kernel supports KVM_CAP_NESTED_STATE.
See my reply to Dave in this thread.
-Liran
>
>
> Regards,
> Daniel
> --
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__berrange.com&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=DIzWfmRGWO1b6hzL9NRbIt41fiFcnPt0MC8917u4Qv0&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__www.flickr.com_photos_dberrange&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=CjA-joyt2Y9t5B4YzIiupfY8EEO58m4vbmnd45adzFI&e= :|
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__libvirt.org&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=tD05tikOHMJhh_EeZ2Esoxb0oku3MPFmj-S2YHdUGm0&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__fstop138.berrange.com&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=YAh1WAoXQKEB6hkMmG6ZnJQETOFnq6eqQLmJokME80A&e= :|
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__entangle-2Dphoto.org&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=90Mm1Qb-SHe8P63xwGp6gzMU1I5DEW6YX0ttG6TL_7g&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__www.instagram.com_dberrange&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=l4NrrDdRzPClvYQdxQdfIW0geHPWcukeyOGX8QapwYA&e= :|
WARNING: multiple messages have this Message-ID (diff)
From: Liran Alon <liran.alon@oracle.com>
To: "\"Daniel P. Berrangé\"" <berrange@redhat.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
jmattson@google.com, ehabkost@redhat.com, kvm@vger.kernel.org,
mtosatti@redhat.com, qemu-devel@nongnu.org, rth@twiddle.net
Subject: Re: [Qemu-devel] [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state
Date: Tue, 13 Nov 2018 02:00:22 +0200 [thread overview]
Message-ID: <04AB82C1-F0AC-4BDB-A132-D39A49EA0A9A@oracle.com> (raw)
In-Reply-To: <20181112165437.GW3602@redhat.com>
> On 12 Nov 2018, at 18:54, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> On Mon, Nov 12, 2018 at 04:50:54PM +0000, Dr. David Alan Gilbert wrote:
>> * Daniel P. Berrangé (berrange@redhat.com) wrote:
>>> On Sun, Nov 04, 2018 at 11:19:57PM +0100, Paolo Bonzini wrote:
>>>> On 02/11/2018 17:54, Daniel P. Berrangé wrote:
>>>>> We have usually followed a rule that new machine types must not
>>>>> affect runability of a VM on a host. IOW new machine types should
>>>>> not introduce dependancies on specific kernels, or hardware features
>>>>> such as CPU flags.
>>>>
>>>>> Anything that requires a new kernel feature thus ought to be an
>>>>> opt-in config tunable on the CLI, separate from machine type
>>>>> choice.
>>>>
>>>> Unless someone tinkered with the module parameters, they could not even
>>>> use nested virtualization before 4.20. So for everyone else, "-cpu
>>>> ...,+vmx" does count as an "opt-in config tunable on the CLI" that
>>>> requires 4.20.
>>>>
>>>> For those that did tinker with module parameters, we can grandfather in
>>>> the old machine types, so that they can use nested virtualization with
>>>> no live migration support. For those that did not, however, I don't
>>>> think it makes sense to say "oh by the way I really want to be able to
>>>> migrate this VM" on the command line, or even worse on the monitor.
>>>
>>> IIUC, 4.20 is only required from POV of migration state. Is it thus
>>> possible to just register a migration blocker if QEMU is launched
>>> on a host with kernel < 4.20.
>>>
>>> Migration has always been busted historically, so those people using
>>> nested VMX already won't be hurt by not having ability to live migrate
>>> their VM, but could otherwise continue using them without being forced
>>> to upgrade their kernel to fix a feature they're not even using.
>>
>> Yes, although I am a bit worried we might have a population of users
>> that:
>> a) Have enabled nesting
>> b) Run VMs with vmx enabled
>
>
>> c) Don't normally actually run nested guests
>> d) Currently happily migrate.
>
> True, and (b) would include anyone using libvirt's host-model CPU. So if
> you enabled nesting, have host-model for all guests, but only use nesting
> in one of the guests, you'd be doomed.
>
> Is it possible for QEMU to determine if there are nested guests running or
> not and conditionally block migration appropriately to ensure safety ?
Only if kernel supports KVM_CAP_NESTED_STATE.
See my reply to Dave in this thread.
-Liran
>
>
> Regards,
> Daniel
> --
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__berrange.com&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=DIzWfmRGWO1b6hzL9NRbIt41fiFcnPt0MC8917u4Qv0&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__www.flickr.com_photos_dberrange&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=CjA-joyt2Y9t5B4YzIiupfY8EEO58m4vbmnd45adzFI&e= :|
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__libvirt.org&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=tD05tikOHMJhh_EeZ2Esoxb0oku3MPFmj-S2YHdUGm0&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__fstop138.berrange.com&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=YAh1WAoXQKEB6hkMmG6ZnJQETOFnq6eqQLmJokME80A&e= :|
> |: https://urldefense.proofpoint.com/v2/url?u=https-3A__entangle-2Dphoto.org&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=90Mm1Qb-SHe8P63xwGp6gzMU1I5DEW6YX0ttG6TL_7g&e= -o- https://urldefense.proofpoint.com/v2/url?u=https-3A__www.instagram.com_dberrange&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=Jk6Q8nNzkQ6LJ6g42qARkg6ryIDGQr-yKXPNGZbpTx0&m=eMOrT-7t7-tfRtTw2da9c1YTU0_tOFfkVIhj9mWv-Pc&s=l4NrrDdRzPClvYQdxQdfIW0geHPWcukeyOGX8QapwYA&e= :|
next prev parent reply other threads:[~2018-11-13 0:00 UTC|newest]
Thread overview: 96+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-16 12:46 [QEMU PATCH v2 0/2]: KVM: i386: Add support for save and restore nested state Liran Alon
2018-09-16 12:46 ` [Qemu-devel] " Liran Alon
2018-09-16 12:46 ` [QEMU PATCH v2 1/2] i386: Compile CPUX86State xsave_buf only when support KVM or HVF Liran Alon
2018-09-16 12:46 ` [Qemu-devel] " Liran Alon
2018-09-16 12:46 ` [QEMU PATCH v2 2/2] KVM: i386: Add support for save and restore nested state Liran Alon
2018-09-16 12:46 ` [Qemu-devel] " Liran Alon
2018-10-08 17:21 ` [QEMU PATCH v2 0/2]: " Liran Alon
2018-10-08 17:21 ` [Qemu-devel] " Liran Alon
2018-10-15 18:10 ` Liran Alon
2018-10-15 18:10 ` [Qemu-devel] " Liran Alon
2018-10-31 1:03 ` Liran Alon
2018-10-31 1:03 ` [Qemu-devel] " Liran Alon
2018-10-31 18:17 ` Eduardo Habkost
2018-10-31 18:17 ` [Qemu-devel] " Eduardo Habkost
2018-10-31 18:19 ` Paolo Bonzini
2018-10-31 18:19 ` [Qemu-devel] " Paolo Bonzini
2018-10-31 18:50 ` Liran Alon
2018-10-31 18:50 ` [Qemu-devel] " Liran Alon
2018-10-31 18:59 ` Dr. David Alan Gilbert
2018-10-31 18:59 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-10-31 23:17 ` Liran Alon
2018-10-31 23:17 ` [Qemu-devel] " Liran Alon
2018-11-01 13:10 ` Dr. David Alan Gilbert
2018-11-01 13:10 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-01 15:23 ` Liran Alon
2018-11-01 15:23 ` [Qemu-devel] " Liran Alon
2018-11-01 15:56 ` Dr. David Alan Gilbert
2018-11-01 15:56 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-01 16:45 ` Jim Mattson via Qemu-devel
2018-11-01 16:45 ` [Qemu-devel] " Jim Mattson
2018-11-02 3:46 ` Liran Alon
2018-11-02 3:46 ` [Qemu-devel] " Liran Alon
2018-11-02 9:40 ` Paolo Bonzini
2018-11-02 9:40 ` [Qemu-devel] " Paolo Bonzini
2018-11-02 12:35 ` Dr. David Alan Gilbert
2018-11-02 12:35 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-02 12:40 ` Daniel P. Berrangé
2018-11-02 12:40 ` [Qemu-devel] " Daniel P. Berrangé
2018-11-04 22:12 ` Paolo Bonzini
2018-11-04 22:12 ` [Qemu-devel] " Paolo Bonzini
2018-11-02 12:59 ` Liran Alon
2018-11-02 12:59 ` [Qemu-devel] " Liran Alon
2018-11-02 16:44 ` Jim Mattson via Qemu-devel
2018-11-02 16:44 ` [Qemu-devel] " Jim Mattson
2018-11-02 16:58 ` Daniel P. Berrangé
2018-11-02 16:58 ` [Qemu-devel] " Daniel P. Berrangé
2018-11-02 17:01 ` Jim Mattson via Qemu-devel
2018-11-02 17:01 ` [Qemu-devel] " Jim Mattson
2018-11-02 16:54 ` Daniel P. Berrangé
2018-11-02 16:54 ` [Qemu-devel] " Daniel P. Berrangé
2018-11-02 16:58 ` Dr. David Alan Gilbert
2018-11-02 16:58 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-04 22:19 ` Paolo Bonzini
2018-11-04 22:19 ` [Qemu-devel] " Paolo Bonzini
2018-11-12 16:18 ` Daniel P. Berrangé
2018-11-12 16:18 ` [Qemu-devel] " Daniel P. Berrangé
2018-11-12 16:50 ` Dr. David Alan Gilbert
2018-11-12 16:50 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-12 16:53 ` Paolo Bonzini
2018-11-12 16:53 ` [Qemu-devel] " Paolo Bonzini
2018-11-12 16:54 ` Daniel P. Berrangé
2018-11-12 16:54 ` [Qemu-devel] " Daniel P. Berrangé
2018-11-13 0:00 ` Liran Alon [this message]
2018-11-13 0:00 ` Liran Alon
2018-11-13 0:07 ` Jim Mattson via Qemu-devel
2018-11-13 0:07 ` [Qemu-devel] " Jim Mattson
2018-11-13 0:09 ` Liran Alon
2018-11-13 0:09 ` [Qemu-devel] " Liran Alon
2018-11-12 23:58 ` Liran Alon
2018-11-12 23:58 ` [Qemu-devel] " Liran Alon
2018-11-02 16:39 ` Jim Mattson via Qemu-devel
2018-11-02 16:39 ` [Qemu-devel] " Jim Mattson
2018-11-03 2:02 ` Liran Alon
2018-11-03 2:02 ` [Qemu-devel] " Liran Alon
2018-11-08 0:13 ` Liran Alon
2018-11-08 0:13 ` [Qemu-devel] " Liran Alon
2018-11-08 0:45 ` Jim Mattson via Qemu-devel
2018-11-08 0:45 ` [Qemu-devel] " Jim Mattson
2018-11-08 9:50 ` Paolo Bonzini
2018-11-08 9:50 ` [Qemu-devel] " Paolo Bonzini
2018-11-08 9:57 ` Liran Alon
2018-11-08 9:57 ` [Qemu-devel] " Liran Alon
2018-11-08 17:02 ` Paolo Bonzini
2018-11-08 17:02 ` [Qemu-devel] " Paolo Bonzini
2018-11-08 18:41 ` Liran Alon
2018-11-08 18:41 ` [Qemu-devel] " Liran Alon
2018-11-08 20:34 ` Paolo Bonzini
2018-11-08 20:34 ` [Qemu-devel] " Paolo Bonzini
2018-11-12 14:51 ` Dr. David Alan Gilbert
2018-11-12 14:51 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-01 19:03 ` Liran Alon
2018-11-01 19:03 ` [Qemu-devel] " Liran Alon
2018-11-01 19:07 ` Dr. David Alan Gilbert
2018-11-01 19:07 ` [Qemu-devel] " Dr. David Alan Gilbert
2018-11-01 19:41 ` Jim Mattson via Qemu-devel
2018-11-01 19:41 ` [Qemu-devel] " Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=04AB82C1-F0AC-4BDB-A132-D39A49EA0A9A@oracle.com \
--to=liran.alon@oracle.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.