On Fri, Nov 29, 2019 at 03:02:41PM +0100, Janosch Frank wrote: > On 11/29/19 1:35 PM, Daniel P. Berrangé wrote:
> > Is there any way to prevent a guest from using protected mode even > > if QEMU supports it ? eg the mgmt app may want to be able to > > guarantee that all VMs are migratable, so don't want a guest OS > > secretly activating protected mode which blocks migration. > > Not enabling facility 161 is enough. Is this facility enabled by default in any scenario ? What happens if the feature is enabled & QEMU is also coinfigured to use huge pages or does not have memory pinned into RAM, given that those features are said to be incompatible ? > > > > >> Such VMs are started like any other VM and run a short "normal" stub > >> that will prepare some things and then requests to be protected. > >> > >> Most of the restrictions are memory related and might be lifted in the > >> future: > >> * No paging > >> * No migration > > > > Presumably QEMU is going to set a migration blocker when a guest > > activates protected mode ? > > Well, that's stuff I still need to figure out :) > > > > >> * No huge page backings > >> * No collaborative memory management Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
