** Description changed: [impact] libvirt caches the 'nested vmx' capability of the host and does not update that even if the host's capability to handle nested vmx changes. Having this domcapability missing means no guests are able to start any nested, kvm-accelerated, guests. Additionally, since openstack live migration requires matching cpu features, this makes migrating guests that do have vmx enabled impossible to hosts where libvirt thinks nested vmx is disabled. Once the kernel module (kvm_intel) is reloaded with 'nested' enabled, libvirt does not update its domcapabilities cache, even over a libvirtd restart, or even over an entire system reboot. Only certain conditions cause libvirt to update its capabilities cache (possibly libvirt upgrade, or qemu upgrade, or kernel upgrade...I haven't verified any of those yet) libvirt creates caches for its domcapabilities at /var/cache/libvirt/qemu/capabilities/. removing the cache xml files there and restarting libvirtd will cause the caches to be recreated with the correct current values. [test case] check the kvm_intel module nested parameter: $ cat /sys/module/kvm_intel/parameters/nested Y it can be Y or N. make sure libvirt agrees with the current setting: $ virsh domcapabilities | grep vmx - <feature policy='require' name='vmx'/> + <feature policy='require' name='vmx'/> if 'nested' is Y, domcapabilities should include a vmx feature line; if 'nested' is N, it should have no output (i.e. vmx not supported in guests). Then, change the kernel nested setting, and re-check domcapabilities. Restarting libvirtd doesn't update the cache, and even rebooting the entire system doesn't update the cache. $ virsh domcapabilities | grep vmx - $ cat /sys/module/kvm_intel/parameters/nested + $ cat /sys/module/kvm_intel/parameters/nested N $ sudo rmmod kvm_intel $ sudo modprobe kvm_intel nested=1 - $ cat /sys/module/kvm_intel/parameters/nested + $ cat /sys/module/kvm_intel/parameters/nested Y $ virsh domcapabilities | grep vmx $ sudo systemctl restart libvirtd $ virsh domcapabilities | grep vmx $ [regression potential] TBD, but this should only require better invalidating of the caps cache, which seems very low for any regression potential. More overhead to regenerate the cache more often maybe. [other info] + + related RH bugs, though no changes appear to have resulted from either: + https://bugzilla.redhat.com/show_bug.cgi?id=1474874 + https://bugzilla.redhat.com/show_bug.cgi?id=1650950
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1830268 Title: libvirt caches nested vmx capability (in domcapabilities) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1830268/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
