[libvirt] [PATCH v4 4/8] libxl: do not enable nested HVM unless global nested_hvm option enabled

Mon Feb 26 23:51:49 UTC 2018

On Mon, Feb 26, 2018 at 04:23:18PM -0700, Jim Fehlig wrote:
> On 02/26/2018 04:10 PM, Marek Marczykowski-Górecki wrote:
> > On Mon, Feb 26, 2018 at 03:47:11PM -0700, Jim Fehlig wrote:
> > > On 02/08/2018 03:58 PM, Marek Marczykowski-Górecki wrote:
> > > > +
> > > > +# Nested HVM global control. In order to use nested HVM feature, this option
> > > > +# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'>
> > > > +# in domain configuration.
> > > > +# By default it is disabled.
> > > > +#nested_hvm = 0
> > > 
> > > I think per-domain settings should override this one. Users would find it
> > > odd that they don't have vmx in their hvm guest with
> > > 
> > >    <cpu mode='host-passthrough'>
> > >      <feature policy='require' name='vmx'/>
> > >    </cpu>
> > 
> > I like this one :) It means that by just introducing global
> > "nested_hvm = 0", we can have what I've originally proposed - nested HVM
> > disabled until explicitly enabled with exactly this config snippet.
> 
> Yes. Sorry if we've been going around in circles on some of these topics.

Ok, so before I go with v5 being mainly revert to v3 (+global config),
can you confirm that it is really ok? Will it be consistent enough with
KVM case? Not sure how it's handled there, but I'd guess if _kernel
module_ parameter is set to 0 (is it where the global switch is?), it
will stay disabled regardless of what you specify in libvirt domain XML.

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180227/413c9e68/attachment-0001.sig>