From nobody Thu Jul 10 00:35:20 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1521649983069317.57431926798324;
 Wed, 21 Mar 2018 09:33:03 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id BA81F7FEA1;
	Wed, 21 Mar 2018 16:33:01 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 91F138CA28;
	Wed, 21 Mar 2018 16:33:01 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 52441181B9FF;
	Wed, 21 Mar 2018 16:33:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w2LGWshe018693 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 21 Mar 2018 12:32:54 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id AEA7584748; Wed, 21 Mar 2018 16:32:54 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx07.extmail.prod.ext.phx2.redhat.com
	[10.5.110.31])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A7EA584742
	for <libvir-list@redhat.com>; Wed, 21 Mar 2018 16:32:52 +0000 (UTC)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com
	[66.111.4.29])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 98CAEC036771
	for <libvir-list@redhat.com>; Wed, 21 Mar 2018 16:32:44 +0000 (UTC)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id EDF8E21174;
	Wed, 21 Mar 2018 12:32:43 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
	by compute7.internal (MEProxy); Wed, 21 Mar 2018 12:32:43 -0400
Received: from localhost.localdomain (ip5b40bfaa.dynamic.kabel-deutschland.de
	[91.64.191.170])
	by mail.messagingengine.com (Postfix) with ESMTPA id 4379A24251;
	Wed, 21 Mar 2018 12:32:43 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:date:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:references:subject:to:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm2; bh=jEg/P2Dz0hiGixebQcuvjvK1xi915bYRUJXGvRwdO
	pk=; b=ic4/4PrQU6KLSX5kZIT7OKpWzdZWetMuF2hQDCE4DnSgAHmdyJvCqbPwd
	lbDcQOk6X3OXA3Qu7JZ9WaR2926l1EkRhWOdG/lBtxDPz32uDry3RPfZDReuNzfW
	Dp8N1UU6MmfEdijvTw5j4ysXXTh8eWLufPGUa2wp5BXhvfSN5b4gbyqVONm2TSYm
	W+HKj+sS/TTAg6zWqZkRG5cl9qewUkOJFr7wYjb7zjuU5yqwZQR+06Sr31mNo5pq
	6v3WbDyegOluOqpwm+JsYZzI6jJ0G1m5u1p1NXwmGuUz8yfZ8/paqLcK3k4HJVMM
	w0iInJvDiz0EXKWiJHdgic6YVtFHA==
X-ME-Sender: <xms:K4myWlUP3pPyBZB3uYOX8EEcOwE5S1gKghH-dcoLQ1x3Y0j62ZcZMA>
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
	<marmarek@invisiblethingslab.com>
To: libvir-list@redhat.com
Date: Wed, 21 Mar 2018 17:32:28 +0100
Message-Id: 
 <18212a10a62c3b5fdf6a56b1a419be16c7b9045f.1521649909.git-series.marmarek@invisiblethingslab.com>
In-Reply-To: 
 <cover.e5f926d3b4f1ba2ec2e1bf3aca7d0a2d0cae0706.1521649909.git-series.marmarek@invisiblethingslab.com>
References: 
 <cover.e5f926d3b4f1ba2ec2e1bf3aca7d0a2d0cae0706.1521649909.git-series.marmarek@invisiblethingslab.com>
MIME-Version: 1.0
In-Reply-To: 
 <cover.e5f926d3b4f1ba2ec2e1bf3aca7d0a2d0cae0706.1521649909.git-series.marmarek@invisiblethingslab.com>
References: 
 <cover.e5f926d3b4f1ba2ec2e1bf3aca7d0a2d0cae0706.1521649909.git-series.marmarek@invisiblethingslab.com>
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.31]); Wed, 21 Mar 2018 16:32:44 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.31]);
	Wed, 21 Mar 2018 16:32:44 +0000 (UTC) for IP:'66.111.4.29'
	DOMAIN:'out5-smtp.messagingengine.com'
	HELO:'out5-smtp.messagingengine.com'
	FROM:'marmarek@invisiblethingslab.com' RCPT:''
X-RedHat-Spam-Score: -0.701  (DKIM_SIGNED, DKIM_VALID, RCVD_IN_DNSWL_LOW,
	SPF_HELO_PASS) 66.111.4.29 out5-smtp.messagingengine.com
	66.111.4.29 out5-smtp.messagingengine.com
	<marmarek@invisiblethingslab.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.31
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v6 4/9] libxl: do not enable nested HVM unless
	global nested_hvm option enabled
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Wed, 21 Mar 2018 16:33:02 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0

Introduce global libxl option for enabling nested HVM feature, similar
to kvm module parameter. This will prevent enabling experimental feature
by mere presence of <cpu mode=3D'host-passthrough'> element in domain
config, unless explicitly enabled. <cpu mode=3D'host-passthrough'> element
may be used to configure other features, like NUMA, or CPUID.

Signed-off-by: Marek Marczykowski-G=C3=B3recki <marmarek@invisiblethingslab=
.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
Changes since v4:
 - add nested_hvm option to test_libvirtd_libxl.aug.in and libvirtd_libxl.a=
ug
 - make it possible to override nested_hvm=3D0 with explicit <feature
   policy=3D'require' name=3D'vmx'/>
 - split xenconfig changes into separate commits
Changes since v3:
 - use config option nested_hvm, instead of requiring explicit <feature
   ...> entries
 - title changed from "libxl: do not enable nested HVM by mere presence
   of <cpu> element"
 - xenconfig: don't add <feature policy=3D'force' name=3D'vmx'/> since it is
   implied by presence of <cpu> element
 - xenconfig: produce <cpu> element even when converting on host not
   supporting vmx/svm, to not lose setting value
Changes since v2:
 - new patch
---
 src/libxl/libvirtd_libxl.aug         |  2 ++
 src/libxl/libxl.conf                 |  8 ++++++++
 src/libxl/libxl_conf.c               | 12 +++++++++++-
 src/libxl/libxl_conf.h               |  2 ++
 src/libxl/test_libvirtd_libxl.aug.in |  1 +
 tests/libxlxml2domconfigtest.c       |  3 +++
 6 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/libxl/libvirtd_libxl.aug b/src/libxl/libvirtd_libxl.aug
index b31cc07..58b9af3 100644
--- a/src/libxl/libvirtd_libxl.aug
+++ b/src/libxl/libvirtd_libxl.aug
@@ -28,12 +28,14 @@ module Libvirtd_libxl =3D
    let lock_entry =3D str_entry "lock_manager"
    let keepalive_interval_entry =3D int_entry "keepalive_interval"
    let keepalive_count_entry =3D int_entry "keepalive_count"
+   let nested_hvm_entry =3D bool_entry "nested_hvm"
=20
    (* Each entry in the config is one of the following ... *)
    let entry =3D autoballoon_entry
              | lock_entry
              | keepalive_interval_entry
              | keepalive_count_entry
+             | nested_hvm_entry
=20
    let comment =3D [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \=
t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty =3D [ label "#empty" . eol ]
diff --git a/src/libxl/libxl.conf b/src/libxl/libxl.conf
index 264af7c..72825a7 100644
--- a/src/libxl/libxl.conf
+++ b/src/libxl/libxl.conf
@@ -41,3 +41,11 @@
 #
 #keepalive_interval =3D 5
 #keepalive_count =3D 5
+
+# Nested HVM default control. In order to use nested HVM feature, this opt=
ion
+# needs to be enabled, in addition to specifying <cpu mode=3D'host-passthr=
ough'>
+# in domain configuration. This can be overridden in domain configuration =
by
+# explicitly setting <feature policy=3D'require' name=3D'vmx'/> inside <cp=
u/>
+# element.
+# By default it is disabled.
+#nested_hvm =3D 0
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index dcfdd67..3b9e828 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -360,7 +360,9 @@ libxlMakeDomBuildInfo(virDomainDefPtr def,
             bool hasHwVirt =3D false;
             bool svm =3D false, vmx =3D false;
=20
-            if (ARCH_IS_X86(def->os.arch)) {
+            /* enable nested HVM only if global nested_hvm option enable i=
t and
+             * host support it*/
+            if (cfg->nested_hvm && ARCH_IS_X86(def->os.arch)) {
                 vmx =3D virCPUCheckFeature(caps->host.arch, caps->host.cpu=
, "vmx");
                 svm =3D virCPUCheckFeature(caps->host.arch, caps->host.cpu=
, "svm");
                 hasHwVirt =3D vmx | svm;
@@ -380,6 +382,11 @@ libxlMakeDomBuildInfo(virDomainDefPtr def,
=20
                         case VIR_CPU_FEATURE_FORCE:
                         case VIR_CPU_FEATURE_REQUIRE:
+                            if ((vmx && STREQ(def->cpu->features[i].name, =
"vmx")) ||
+                                (svm && STREQ(def->cpu->features[i].name, =
"svm")))
+                                hasHwVirt =3D true;
+                            break;
+
                         case VIR_CPU_FEATURE_OPTIONAL:
                         case VIR_CPU_FEATURE_LAST:
                             break;
@@ -1699,6 +1706,9 @@ int libxlDriverConfigLoadFile(libxlDriverConfigPtr cf=
g,
     if (virConfGetValueUInt(conf, "keepalive_count", &cfg->keepAliveCount)=
 < 0)
         goto cleanup;
=20
+    if (virConfGetValueBool(conf, "nested_hvm", &cfg->nested_hvm) < 0)
+        goto cleanup;
+
     ret =3D 0;
=20
  cleanup:
diff --git a/src/libxl/libxl_conf.h b/src/libxl/libxl_conf.h
index ce9db26..27cfc1a 100644
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -88,6 +88,8 @@ struct _libxlDriverConfig {
     int keepAliveInterval;
     unsigned int keepAliveCount;
=20
+    bool nested_hvm;
+
     /* Once created, caps are immutable */
     virCapsPtr caps;
=20
diff --git a/src/libxl/test_libvirtd_libxl.aug.in b/src/libxl/test_libvirtd=
_libxl.aug.in
index 63558e5..9106abe 100644
--- a/src/libxl/test_libvirtd_libxl.aug.in
+++ b/src/libxl/test_libvirtd_libxl.aug.in
@@ -6,3 +6,4 @@ module Test_libvirtd_libxl =3D
 { "lock_manager" =3D "lockd" }
 { "keepalive_interval" =3D "5" }
 { "keepalive_count" =3D "5" }
+{ "nested_hvm" =3D "1" }
diff --git a/tests/libxlxml2domconfigtest.c b/tests/libxlxml2domconfigtest.c
index cfbc37c..8819032 100644
--- a/tests/libxlxml2domconfigtest.c
+++ b/tests/libxlxml2domconfigtest.c
@@ -76,6 +76,9 @@ testCompareXMLToDomConfig(const char *xmlfile,
     if (!(log =3D (xentoollog_logger *)xtl_createlogger_stdiostream(stderr=
, XTL_DEBUG, 0)))
         goto cleanup;
=20
+    /* for testing nested HVM */
+    cfg->nested_hvm =3D true;
+
     /* replace logger with stderr one */
     libxl_ctx_free(cfg->ctx);
=20
--=20
git-series 0.9.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list