Bug 1689227

Summary: [Intel 8.0 Bug]A guest with VMX enabled cannot be migrated
Product: Red Hat Enterprise Linux 8 Reporter: Paolo Bonzini <pbonzini>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: high    
Version: 8.0CC: jdenemar, kchamart, pbonzini, plai, rbalakri, virt-bugs, virt-maint, xuelian.guo
Target Milestone: rcKeywords: Regression
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1689216 Environment:
Last Closed: 2019-03-15 13:20:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1559845, 1689216    
Bug Blocks:    

Description Paolo Bonzini 2019-03-15 13:11:27 UTC 
+++ This bug was initially created as a clone of Bug #1689216 +++

Description of problem:

Starting a libvirt domain with host-passthrough (equivalent to -cpu host) or
host-model (a CPU model expanded from "host" via query-cpu-model-expansion is
passed to -cpu) on a host with nested VMX enabled cannot be migrated, saved,
or snapshotted. The domain doesn't even need or want to use VMX.

This is a regression introduced in 3.1.0 by

    commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8
    Author:     Paolo Bonzini <pbonzini>
    AuthorDate: Wed Nov 14 10:38:13 2018 +0100
    Commit:     Paolo Bonzini <pbonzini>
    CommitDate: Tue Nov 27 15:06:14 2018 +0100

        target/i386: kvm: add VMX migration blocker

        Nested VMX does not support live migration yet.  Add a blocker
        until that is worked out.

        Nested SVM only does not support it, but unfortunately it is
        enabled by default for -cpu host so we cannot really disable it.

        Signed-off-by: Paolo Bonzini <pbonzini>

Unfortunately, VMX is automatically enabled for -cpu host too. The only
difference between SVM and VMX is that kvm_amd automatically enabled nested,
while it has to be enabled manually for kvm_intel.

Version-Release number of selected component (if applicable):

qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64

How reproducible:

100%

Steps to Reproduce:
1. modprobe -r kvm_intel
2. modprobe kvm_intel nested=1
3. /usr/libexec/qemu-kvm -cpu host -qmp stdin
4. {"execute":"qmp_capabilities"}
5. {"execute":"migrate","arguments":{"uri":"tcp://localhost:1234"}}

Alternatively via libvirt:
1. start a domain with either host-passthrough or host-model CPU
2. virsh managedsave $DOM

Actual results:

{"error": {"class": "GenericError", "desc": "Nested VMX virtualization does not support live migration yet"}}

or a corresponding libvirt error:

internal error: unable to execute QEMU command 'migrate': Nested VMX virtualization does not support live migration yet

----

<jdenemar> bonzini: if we want to keep the check in I think we should make sure vmx is not added to -cpu host unless non-migratable features are requested
Comment 2 Paolo Bonzini 2019-07-25 22:07:55 UTC 
*** Bug 1732670 has been marked as a duplicate of this bug. ***
Comment 3 Paul Lai (Intel) 2019-09-06 15:50:04 UTC 
Duplicate BZ 1732670 comment 5 https://bugzilla.redhat.com/show_bug.cgi?id=1732670#c5 says:

we verified this issue disappeared for qemu (fast train)on RHEL 8.1 snapshot2.
Environment:
Platform:ICX-2S
Host Kernel: 4.18.0-135.el8.x86_64
Host QEMU emulator version 4.1.0 (qemu-kvm-4.1.0-4.module+el8.1.0+4020+16089f93)

Result : pass/no reproduced