[pve-devel] applied: [PATCH kernel] revert KVM nested param back to off as default, for now

Sat Jun 8 20:16:02 CEST 2019

Else everyone booting the 5.0 based kernel will have nesting
activated by default[0], and this break live migration for all VMs
with CPU type host, even if they do not host KVM (nested) guests
themself and never made a VMX call, at least with newer QEMU versions
>= 3.1 [1]

While the kernel now may had good reasons to change the default to
true for this[0], i.e., it can now handle nested guest migrations in
a nice and sane way, the user space side of this in QEMU is not yet
ready, and may only become so with or even after 4.1.

After we have a working qemu which can also live migrate arbitrary
nested guest we may well enable this as default, but until then it
brings just pain but no advantage.

So let's protect people which did not manually enabled nesting for
a live-migration breakage. All those who enabled nesting manually
them self knew that it was still experimental and thus will have to
live with their decision and have a live migration breakage (for
those VMs with CPU type 'host')

[0]: https://git.kernel.org/torvalds/c/1e58e5e59148916fa43444a406335a990783fb78
[1]: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=d98f26073bebddcd3da0ba1b86c3a34e840c0fb8

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 ...nable-nested-virtualization-by-defau.patch | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch

diff --git a/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch b/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch
new file mode 100644
index 0000000..9a7b046
--- /dev/null
+++ b/patches/kernel/0005-Revert-KVM-VMX-enable-nested-virtualization-by-defau.patch
@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Thomas Lamprecht <t.lamprecht at proxmox.com>
+Date: Fri, 7 Jun 2019 21:16:42 +0200
+Subject: [PATCH] Revert "KVM: VMX: enable nested virtualization by default"
+
+This reverts commit 1e58e5e59148916fa43444a406335a990783fb78
+
+As we're not yet there, and this effectively breaks live migration
+for all VMs using host or +vmx which did not manually enabled nesting
+
+Those which already enabled nesting manually have already breakage,
+but that was something to expect. The situation will get better in
+the future (probably post qemu 4.1).
+
+Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
+---
+ arch/x86/kvm/vmx/vmx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
+index c2e017de4541..08bf16f447ab 100644
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -106,7 +106,7 @@ module_param(enable_apicv, bool, S_IRUGO);
+  * VMX and be a hypervisor for its own guests. If nested=0, guests may not
+  * use VMX instructions.
+  */
+-static bool __read_mostly nested = 1;
++static bool __read_mostly nested = 0;
+ module_param(nested, bool, S_IRUGO);
+ 
+ static u64 __read_mostly host_xss;
-- 
2.20.1



