Bug 1689216 - A guest with VMX enabled cannot be migrated [NEEDINFO]
Summary: A guest with VMX enabled cannot be migrated
Status: CLOSED DUPLICATE of bug 1559845
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Paolo Bonzini
QA Contact: Virtualization Bugs
Jiri Herrmann
Depends On:
Blocks: 1689227
TreeView+ depends on / blocked
Reported: 2019-03-15 12:58 UTC by Jiri Denemark
Modified: 2019-11-12 00:20 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
.Enabling nested virtualization no longer blocks live migration Previously, the nested virtualization feature was incompatible with live migration. As a consequence, enabling nested virtualization on a RHEL 8 host prevented migrating any virtual machines (VMs) from the host, as well as saving VM state snapshots to disk. This update fixes the described problem, and the impacted VMs are now possible to migrate.
Clone Of:
: 1689227 (view as bug list)
Last Closed: 2019-04-05 12:20:38 UTC
Type: Bug
Target Upstream Version:
jherrman: needinfo? (pbonzini)

Attachments (Terms of Use)

Description Jiri Denemark 2019-03-15 12:58:27 UTC
Description of problem:

Starting a libvirt domain with host-passthrough (equivalent to -cpu host) or
host-model (a CPU model expanded from "host" via query-cpu-model-expansion is
passed to -cpu) on a host with nested VMX enabled cannot be migrated, saved,
or snapshotted. The domain doesn't even need or want to use VMX.

This is a regression introduced in 3.1.0 by

    commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8
    Author:     Paolo Bonzini <pbonzini>
    AuthorDate: Wed Nov 14 10:38:13 2018 +0100
    Commit:     Paolo Bonzini <pbonzini>
    CommitDate: Tue Nov 27 15:06:14 2018 +0100

        target/i386: kvm: add VMX migration blocker

        Nested VMX does not support live migration yet.  Add a blocker
        until that is worked out.

        Nested SVM only does not support it, but unfortunately it is
        enabled by default for -cpu host so we cannot really disable it.

        Signed-off-by: Paolo Bonzini <pbonzini>

Unfortunately, VMX is automatically enabled for -cpu host too. The only
difference between SVM and VMX is that kvm_amd automatically enabled nested,
while it has to be enabled manually for kvm_intel.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. modprobe -r kvm_intel
2. modprobe kvm_intel nested=1
3. /usr/libexec/qemu-kvm -cpu host -qmp stdin
4. {"execute":"qmp_capabilities"}
5. {"execute":"migrate","arguments":{"uri":"tcp://localhost:1234"}}

Alternatively via libvirt:
1. start a domain with either host-passthrough or host-model CPU
2. virsh managedsave $DOM

Actual results:

{"error": {"class": "GenericError", "desc": "Nested VMX virtualization does not support live migration yet"}}

or a corresponding libvirt error:

internal error: unable to execute QEMU command 'migrate': Nested VMX virtualization does not support live migration yet

Additional info:

Openstack uses host-model CPUs by default so it's just a matter of someone
enabled nested on the host and all VMs are doomed.

Comment 1 Paolo Bonzini 2019-03-15 13:01:03 UTC
It's intended. The workaround is to disable nested if they are not using it; it will be fixed in 8.1.

Comment 2 Paolo Bonzini 2019-03-15 13:07:48 UTC
<jdenemar> bonzini: if we want to keep the check in I think we should make sure vmx is not added to -cpu host unless non-migratable features are requested

Comment 7 Paolo Bonzini 2019-04-05 12:20:38 UTC
Done. Jiri (Herrman), this needs release notes.

*** This bug has been marked as a duplicate of bug 1559845 ***

Note You need to log in before you can comment on or make changes to this bug.