On 03/21/2018 06:05 PM, Marek Marczykowski-Górecki wrote:
On Wed, Mar 21, 2018 at 05:55:28PM -0600, Jim Fehlig wrote:
On 03/21/2018 10:32 AM, Marek Marczykowski-Górecki wrote:
Introduce global libxl option for enabling nested HVM feature, similar to kvm module parameter. This will prevent enabling experimental feature by mere presence of <cpu mode='host-passthrough'> element in domain config, unless explicitly enabled. <cpu mode='host-passthrough'> element may be used to configure other features, like NUMA, or CPUID.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> --- Changes since v4: - add nested_hvm option to test_libvirtd_libxl.aug.in and libvirtd_libxl.aug - make it possible to override nested_hvm=0 with explicit <feature policy='require' name='vmx'/> - split xenconfig changes into separate commits Changes since v3: - use config option nested_hvm, instead of requiring explicit <feature ...> entries - title changed from "libxl: do not enable nested HVM by mere presence of <cpu> element" - xenconfig: don't add <feature policy='force' name='vmx'/> since it is implied by presence of <cpu> element - xenconfig: produce <cpu> element even when converting on host not supporting vmx/svm, to not lose setting value Changes since v2: - new patch --- src/libxl/libvirtd_libxl.aug | 2 ++ src/libxl/libxl.conf | 8 ++++++++ src/libxl/libxl_conf.c | 12 +++++++++++- src/libxl/libxl_conf.h | 2 ++ src/libxl/test_libvirtd_libxl.aug.in | 1 + tests/libxlxml2domconfigtest.c | 3 +++ 6 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/src/libxl/libvirtd_libxl.aug b/src/libxl/libvirtd_libxl.aug index b31cc07..58b9af3 100644 --- a/src/libxl/libvirtd_libxl.aug +++ b/src/libxl/libvirtd_libxl.aug @@ -28,12 +28,14 @@ module Libvirtd_libxl = let lock_entry = str_entry "lock_manager" let keepalive_interval_entry = int_entry "keepalive_interval" let keepalive_count_entry = int_entry "keepalive_count" + let nested_hvm_entry = bool_entry "nested_hvm" (* Each entry in the config is one of the following ... *) let entry = autoballoon_entry | lock_entry | keepalive_interval_entry | keepalive_count_entry + | nested_hvm_entry let comment = [ label "#comment" . del /#[ \t]*/ "# " . store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ] let empty = [ label "#empty" . eol ] diff --git a/src/libxl/libxl.conf b/src/libxl/libxl.conf index 264af7c..72825a7 100644 --- a/src/libxl/libxl.conf +++ b/src/libxl/libxl.conf @@ -41,3 +41,11 @@ # #keepalive_interval = 5 #keepalive_count = 5 + +# Nested HVM default control. In order to use nested HVM feature, this option +# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'> +# in domain configuration. This can be overridden in domain configuration by +# explicitly setting <feature policy='require' name='vmx'/> inside <cpu/> +# element.
Cool, the setting can be overridden by per-domain config.
+# By default it is disabled. +#nested_hvm = 0 diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index dcfdd67..3b9e828 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -360,7 +360,9 @@ libxlMakeDomBuildInfo(virDomainDefPtr def, bool hasHwVirt = false; bool svm = false, vmx = false; - if (ARCH_IS_X86(def->os.arch)) { + /* enable nested HVM only if global nested_hvm option enable it and + * host support it*/ + if (cfg->nested_hvm && ARCH_IS_X86(def->os.arch)) { vmx = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "vmx"); svm = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "svm"); hasHwVirt = vmx | svm;
But IIUC this change will not allow per-domain config to override the global setting. If cfg->nested_hvm is false, svm and vmx are both false and FEATURE_REQUIRE is not honored.
Ough, conflict resolution went wrong after changing 3/9 :/ Fixed patch will follow.
Ok. No need to send the whole series again. Just a followup to this patch will do. Thanks! Regards, Jim