On Tue, 2018-11-27 at 14:15 -0500, John Ferlan wrote:
On 11/27/18 12:05 PM, Andrea Bolognani wrote:
Oh, wait, I get it now: 'modprobe -c' doesn't dump the *current* host configuration, but the *static* one! So if you enable nested KVM support by doing
# modprobe -r kvm_intel # modprobe kvm_intel nested=1
like I did, then the check above will not report it as enabled even though it is; conversely, if you drop the appropriate config snippet in /etc/modprobe.d/ but don't reload the module it will report it as enabled even though it's not!
Ugh, sigh... Yep, I was thinking primarily the static config option since we had helpers to read. Of course that won't be enough. Joy, more code to probe... Maybe it is easier to just say - clear your capabilities cache if you alter that particular kernel value.
You should be able to just read the contents of /sys/module/kvm_{amd,intel}/parameters/nested for x86_64; not sure whether a similar trick will work on s390, but it will definitely *not* work on ppc64, and I haven't even started thinking about aarch64 yet! Of course there's the usual caveats about whether this has been available in the kernel for a long enough time that it's okay for us to rely on it, and whether the approach is not entirely flawed for reasons that I'm not aware of :) -- Andrea Bolognani / Red Hat / Virtualization