Bug 1689216

Summary: A guest with VMX enabled cannot be migrated
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Jiri Denemark <jdenemar>
Component: qemu-kvmAssignee: Paolo Bonzini <pbonzini>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact: Jiri Herrmann <jherrman>
Priority: high    
Version: 8.0CC: chayang, igkioka, jherrman, jinzhao, juzhang, kchamart, knoel, lmanasko, mtessun, pasik, pbonzini, virt-maint, xiaohli, zhguo
Target Milestone: rcKeywords: Regression
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
.Enabling nested virtualization no longer blocks live migration Previously, the nested virtualization feature was incompatible with live migration. As a consequence, enabling nested virtualization on a RHEL 8 host prevented migrating any virtual machines (VMs) from the host, as well as saving VM state snapshots to disk. This update fixes the described problem, and the impacted VMs are now possible to migrate.
Story Points: ---
Clone Of:
: 1689227 (view as bug list) Environment:
Last Closed: 2019-04-05 12:20:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1689227    

Description Jiri Denemark 2019-03-15 12:58:27 UTC
Description of problem:

Starting a libvirt domain with host-passthrough (equivalent to -cpu host) or
host-model (a CPU model expanded from "host" via query-cpu-model-expansion is
passed to -cpu) on a host with nested VMX enabled cannot be migrated, saved,
or snapshotted. The domain doesn't even need or want to use VMX.

This is a regression introduced in 3.1.0 by

    commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8
    Author:     Paolo Bonzini <pbonzini>
    AuthorDate: Wed Nov 14 10:38:13 2018 +0100
    Commit:     Paolo Bonzini <pbonzini>
    CommitDate: Tue Nov 27 15:06:14 2018 +0100

        target/i386: kvm: add VMX migration blocker

        Nested VMX does not support live migration yet.  Add a blocker
        until that is worked out.

        Nested SVM only does not support it, but unfortunately it is
        enabled by default for -cpu host so we cannot really disable it.

        Signed-off-by: Paolo Bonzini <pbonzini>

Unfortunately, VMX is automatically enabled for -cpu host too. The only
difference between SVM and VMX is that kvm_amd automatically enabled nested,
while it has to be enabled manually for kvm_intel.

Version-Release number of selected component (if applicable):

qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64

How reproducible:

100%

Steps to Reproduce:
1. modprobe -r kvm_intel
2. modprobe kvm_intel nested=1
3. /usr/libexec/qemu-kvm -cpu host -qmp stdin
4. {"execute":"qmp_capabilities"}
5. {"execute":"migrate","arguments":{"uri":"tcp://localhost:1234"}}

Alternatively via libvirt:
1. start a domain with either host-passthrough or host-model CPU
2. virsh managedsave $DOM

Actual results:

{"error": {"class": "GenericError", "desc": "Nested VMX virtualization does not support live migration yet"}}

or a corresponding libvirt error:

internal error: unable to execute QEMU command 'migrate': Nested VMX virtualization does not support live migration yet


Additional info:

Openstack uses host-model CPUs by default so it's just a matter of someone
enabled nested on the host and all VMs are doomed.

Comment 1 Paolo Bonzini 2019-03-15 13:01:03 UTC
It's intended. The workaround is to disable nested if they are not using it; it will be fixed in 8.1.

Comment 2 Paolo Bonzini 2019-03-15 13:07:48 UTC
<jdenemar> bonzini: if we want to keep the check in I think we should make sure vmx is not added to -cpu host unless non-migratable features are requested

Comment 7 Paolo Bonzini 2019-04-05 12:20:38 UTC
Done. Jiri (Herrman), this needs release notes.

*** This bug has been marked as a duplicate of bug 1559845 ***

Comment 10 Red Hat Bugzilla 2023-09-14 05:25:30 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days