On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: > Hi, > > I've met two situations with NVDIMM support in libvirt where I'm not > sure all the parties (libvirt & I) do the things correctly. > > The first problem is with memory alignment and size changes. In > addition to the size changes applied to NVDIMMs by QEMU, libvirt also > makes some NVDIMM size changes for better alignments, in > qemuDomainMemoryDeviceAlignSize. This can lead to the size being > rounded up, exceeding the size of the backing device and QEMU failing to > start the VM for that reason (I've experienced that actually). I work > with emulated NVDIMM devices, not a bare metal hardware, so one might > argue that in practice the device sizes should already be aligned, but > I'm not sure it must be always the case considering labels or whatever > else the user decides to set up. And I still don't feel very > comfortable that I have to count with two internal size adjustments > (libvirt & QEMU) to the `size' value I specify, with the ultimate goal > of getting the VM started and having the NVDIMM aligned properly to make > (non-NVDIMM) memory hot plug working. Is the size alignment performed > by libvirt, especially rounding up, completely correct for NVDIMMs? The comment on the function says QEMU aligns to "page size", which is something that can vary depending not only on architecture, and also the build config options for the kernel on that architecture. eg aarch64 has different page size in RHEL than other distros because of different choice of page size in kernel config. Libvirt rounds up to 1 MB, essentially so that the size works no matter what architecture or build options were used. I think this is quite compelling as I don't think mgmt apps are likely to care enough about non-x86 architectures to pick the right rounded sizes. If we're enforcing this 1 MB rounding though, we really should be documenting it clearly, so that apps can pick the right backing file size. I think we dropped the ball on docs. > The second problem is that a VM fails to start with a backing NVDIMM in > devdax mode due to SELinux preventing access to the /dev/dax* device (it > doesn't happen with any other NVDIMM modes). Who should be responsible > for handling the SELinux label appropriately in that case? libvirt, the > system administrator, anybody else? Using <seclabel> in NVDIMM's source > doesn't seem to be accepted by the domain XML schema. The expectation is that out of the box SELinux will "just work". So anything that is broken is a bug in either libvirt or selinux policy. There is no expectation/requirement to use <seclabel> unless you want to setup non-default behaviour which isn't the case here. IOW this sounds like a genuine bug. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|