On 11/28/18 5:02 AM, Daniel P. Berrangé wrote:
> On Tue, Nov 27, 2018 at 02:15:39PM -0500, John Ferlan wrote:
>>
>>
>> On 11/27/18 12:05 PM, Andrea Bolognani wrote:
>>> On Mon, 2018-11-26 at 18:38 -0500, John Ferlan wrote:
>>> [...]
>>>> +static bool
>>>> +virQEMUCapsKVMIsNested(void)
>>>> +{
>>>> + VIR_AUTOFREE(char *) kConfig = NULL;
>>>> +
>>>> + /* Intel, AMD, and s390 related checks */
>>>> + if ((kConfig = virKModConfig()) &&
>>>> + (strstr(kConfig, "kvm_intel nested=1") ||
>>>> + strstr(kConfig, "kvm_amd nested=1") ||
>>>> + strstr(kConfig, "kvm nested=1")))
>>>> + return true;
>>>> + return false;
>>>> +}
>>>
>>> I might be doing it wrong, but I'm pretty sure I've enabled nested
>>> virtualization properly on my laptop given that I can successfully
>>> run 'modprobe kvm_intel' inside the L1 guest, and yet I get
>>>
>>> # modprobe -c | grep -c nested=1
>>> 0
>>>
>>> both in the L0 host and the L1 guest, so this check doesn't seem
>>> accurate to me.
>>>
>>> Oh, wait, I get it now: 'modprobe -c' doesn't dump the *current* host
>>> configuration, but the *static* one! So if you enable nested KVM
>>> support by doing
>>>
>>> # modprobe -r kvm_intel
>>> # modprobe kvm_intel nested=1
>>>
>>> like I did, then the check above will not report it as enabled even
>>> though it is; conversely, if you drop the appropriate config snippet
>>> in /etc/modprobe.d/ but don't reload the module it will report it as
>>> enabled even though it's not!
>>
>> Ugh, sigh... Yep, I was thinking primarily the static config option
>> since we had helpers to read. Of course that won't be enough. Joy, more
>> code to probe... Maybe it is easier to just say - clear your
>> capabilities cache if you alter that particular kernel value.
>
> Surely its already easier just to ask the kernel for the live status
>
> $ cat /sys/module/kvm_intel/parameters/nested
> 1
>
My commentary was more towards I was hoping to "reuse" the exising kmod
helpers ;-) before I had thought about or written any code to read the
live data.
The other "annoying" part is that you have "1" in your output and I have
"Y" or "N". So much for "consistency".
John
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
