From nobody Sat Feb 7 13:56:58 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1543456558802743.2417526484659; Wed, 28 Nov 2018 17:55:58 -0800 (PST) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C0A6B3084244; Thu, 29 Nov 2018 01:55:55 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D0EF7601B9; Thu, 29 Nov 2018 01:55:54 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 517A13F954; Thu, 29 Nov 2018 01:55:50 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id wAT1tmc1008115 for ; Wed, 28 Nov 2018 20:55:48 -0500 Received: by smtp.corp.redhat.com (Postfix) id AC6647E3C6; Thu, 29 Nov 2018 01:55:48 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-203.phx2.redhat.com [10.3.116.203]) by smtp.corp.redhat.com (Postfix) with ESMTP id 69A9D5F702 for ; Thu, 29 Nov 2018 01:55:45 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 28 Nov 2018 20:55:43 -0500 Message-Id: <20181129015543.340-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v3] qemu: Add check for whether KVM nesting is enabled X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Thu, 29 Nov 2018 01:55:57 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Support for nested KVM is handled via a kernel module configuration parameters values for kvm_intel, kvm_amd, kvm_hv (PPC), or kvm (s390). While it's possible to fetch the kmod config values via virKModConfig, unfortunately that is the static value and we need to get the current/dynamic value from the kernel file system. So this patch adds a new API virHostKVMSupportsNesting that will search the 3 kernel modules to get the nesting value and check if it is 'Y' (or 'y' just in case) or '1' to return a true/false whether the KVM kernel supports nesting. We need to do this in order to handle cases where adjustments to the value are made after libvirtd is started to force a refetch of the latest QEMU capabilities since the correct CPU settings need to be made for a guest to add the "vmx=3Don" to/for the guest config. Signed-off-by: John Ferlan NB to be removed before push - I got data from: (IBM Z) https://access.redhat.com/documentation/en-us/red_hat_enterprise_li= nux/7/html/virtualization_deployment_and_administration_guide/appe-kvm_on_z= systems (PPC slide 131) https://events.linuxfoundation.org/wp-content/uploads/2017/= 12/Taking-it-to-the-Nest-Level-Nested-KVM-on-the-POWER9-Processor-Suraj-Jit= indar-Singh-IBM.pdf Signed-off-by: John Ferlan --- v2: https://www.redhat.com/archives/libvir-list/2018-November/msg00955.html Changes from code review... - Rename variables/API's to KVMSupportsNested - Movement of logic to check/set the 'nested' to inside locations that ensure KVM was enabled (via capability). - Change of logic to not use virKModConfig and instead look at the running kernel value for /sys/module/*/parameters/nested where * is kvm_intel, kvm_amd, kvm_hv, or kvm src/qemu/qemu_capabilities.c | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index 20a1a0c201..bef92a679f 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -558,6 +558,7 @@ struct _virQEMUCaps { virObject parent; =20 bool usedQMP; + bool kvmSupportsNesting; =20 char *binary; time_t ctime; @@ -1530,6 +1531,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEMUCapsPtr qemu= Caps) return NULL; =20 ret->usedQMP =3D qemuCaps->usedQMP; + ret->kvmSupportsNesting =3D qemuCaps->kvmSupportsNesting; =20 if (VIR_STRDUP(ret->binary, qemuCaps->binary) < 0) goto error; @@ -3589,6 +3591,9 @@ virQEMUCapsLoadCache(virArch hostArch, virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_KVM); virQEMUCapsInitHostCPUModel(qemuCaps, hostArch, VIR_DOMAIN_VIRT_QEMU); =20 + if (virXPathBoolean("boolean(./kvmSupportsNesting)", ctxt) > 0) + qemuCaps->kvmSupportsNesting =3D true; + ret =3D 0; cleanup: VIR_FREE(str); @@ -3808,6 +3813,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qemuCaps) if (qemuCaps->sevCapabilities) virQEMUCapsFormatSEVInfo(qemuCaps, &buf); =20 + if (qemuCaps->kvmSupportsNesting) + virBufferAddLit(&buf, "\n"); + virBufferAdjustIndent(&buf, -2); virBufferAddLit(&buf, "\n"); =20 @@ -3848,6 +3856,41 @@ virQEMUCapsSaveFile(void *data, } =20 =20 +/* Check the kernel module parameters 'nested' file to determine if enabled + * + * Intel: 'kvm_intel' uses 'Y' + * AMD: 'kvm_amd' uses '1' + * PPC64: 'kvm_hv' uses 'Y' + * S390: 'kvm' uses '1' + */ +static bool +virQEMUCapsKVMSupportsNesting(void) +{ + static char const * const kmod[] =3D {"kvm_intel", "kvm_amd", + "kvm_hv", "kvm"}; + VIR_AUTOFREE(char *) value =3D NULL; + int rc; + size_t i; + + for (i =3D 0; i < ARRAY_CARDINALITY(kmod); i++) { + VIR_FREE(value); + rc =3D virFileReadValueString(&value, "/sys/module/%s/parameters/n= ested", + kmod[i]); + if (rc =3D=3D -2) + continue; + if (rc < 0) { + virResetLastError(); + return false; + } + + if (value[0] =3D=3D 'Y' || value[0] =3D=3D 'y' || value[0] =3D=3D = '1') + return true; + } + + return false; +} + + static bool virQEMUCapsIsValid(void *data, void *privData) @@ -3856,6 +3899,7 @@ virQEMUCapsIsValid(void *data, virQEMUCapsCachePrivPtr priv =3D privData; bool kvmUsable; struct stat sb; + bool kvmSupportsNesting; =20 if (!qemuCaps->binary) return true; @@ -3933,6 +3977,14 @@ virQEMUCapsIsValid(void *data, qemuCaps->kernelVersion); return false; } + + kvmSupportsNesting =3D virQEMUCapsKVMSupportsNesting(); + if (kvmSupportsNesting !=3D qemuCaps->kvmSupportsNesting) { + VIR_DEBUG("Outdated capabilities for '%s': kvm kernel nested " + "value changed from %d", + qemuCaps->binary, qemuCaps->kvmSupportsNesting); + return false; + } } =20 return true; @@ -4576,6 +4628,8 @@ virQEMUCapsNewForBinaryInternal(virArch hostArch, =20 if (VIR_STRDUP(qemuCaps->kernelVersion, kernelVersion) < 0) goto error; + + qemuCaps->kvmSupportsNesting =3D virQEMUCapsKVMSupportsNesting(); } =20 cleanup: --=20 2.17.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list