Public bug reported:
Ubuntu bionic
qemu-system-x86: 1:2.11+dfsg-1ubuntu7.20
When installing qemu-system-x86, nested KVM will be enabled by default
thanks to the file offered by the package:
/etc/modprobe.d/qemu-system-x86.conf:options kvm_intel nested=1
and postinst (/var/lib/dpkg/info/qemu-system-x86.postinst):
# If the host had already installed kvm_intel.ko without nested=1, then
# re-load it now, honoring whatever is in qemu-system-x86.modprobe
if [ "$1" = configure ] ; then
INTEL_NESTED=/sys/module/kvm_intel/parameters/nested
if grep -q kvm_intel /proc/modules && [ -f $INTEL_NESTED ]; then
v=`cat $INTEL_NESTED`
if [ "x$v" != "xY" ]; then
rmmod kvm_intel && modprobe kvm_intel || true
fi
fi
fi
However, we found that some of the hosts out of 10+ had nested KVM disabled
after the package installation somehow. Then found the error "rmmod: ERROR:
Module kvm_intel is in use" during the phase.
2019-11-18 17:29:55 DEBUG install Setting up qemu-system-x86
(1:2.11+dfsg-1ubuntu7.20) ...
2019-11-18 17:29:55 DEBUG install rmmod: ERROR: Module kvm_intel is in use
2019-11-18 17:29:55 DEBUG install Setting up qemu-kvm (1:2.11+dfsg-1ubuntu7.20)
...
2019-11-18 17:29:55 DEBUG install Setting up libpangocairo-1.0-0:amd64
(1.40.14-1ubuntu0.1) ...
By running `rmmod kvm_intel && modprobe kvm_intel` by hand after that,
nested KVM got enabled properly. So there should be some sort of race
conditions during the installation.
FWIW, at the same timing of the rmmod failure, the kernel seemed running
the L1TF test as follows:
Nov 18 17:29:52 host kernel: [ 347.125789] audit: type=1400
audit(1574098192.232:25): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/sbin/libvirtd//
qemu_bridge_helper" pid=31696 comm="apparmor_parser"
Nov 18 17:29:55 host kernel: [ 350.078487] ip6_tables: (C) 2000-2006 Netfilter
Core Team
Nov 18 17:29:55 host kernel: [ 350.209707] Ebtables v2.0 registered
Nov 18 17:29:55 host kernel: [ 350.464461] L1TF CPU bug present and SMT on,
data leak possible. See CVE-2018-3646 and
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln
/l1tf.html for details.
Nov 18 17:29:56 host kernel: [ 351.438393] bridge: filtering via
arp/ip/ip6tables is no longer available by default. Update your scripts to load
br_netfilter if you need this.
My goal here is to have the consistent status of nested KVM because if it's
inconsistent across multiple hosts, live-migration will fail with the following
error:
[instance: afd27b8f-30df-4eab-b18a-5c269ce97d06] Live Migration failure:
operation failed: guest CPU doesn't match specification: missing
features: vmx: libvirtError: operation failed
The command executed during automated installation with Juju nova-compute charm:
Commandline: apt-get --assume-yes --option=Dpkg::Options::=--force-confold
install nova-compute genisoimage librbd1 python-six python-psutil xfsprogs
nfs-common open-iscsi nova-compute-kvm
# apt policy qemu-system-x86
qemu-system-x86:
Installed: 1:2.11+dfsg-1ubuntu7.20
Candidate: 1:2.11+dfsg-1ubuntu7.20
Version table:
*** 1:2.11+dfsg-1ubuntu7.20 500
500 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
500 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
100 /var/lib/dpkg/status
1:2.11+dfsg-1ubuntu7 500
500 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages
** Affects: qemu (Ubuntu)
Importance: Undecided
Status: New
** Tags: cpe-onsite
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1853465
Title:
Inconsistent nested KVM status with race conditions across multiple
hosts: rmmod: ERROR: Module kvm_intel is in use
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1853465/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
