Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1689227

Summary: A guest with VMX enabled cannot be migrated
Product: Red Hat Enterprise Linux 8 Reporter: Paolo Bonzini <pbonzini>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: high    
Version: 8.0CC: jdenemar, kchamart, pbonzini, rbalakri, virt-bugs, virt-maint
Target Milestone: rcKeywords: Regression
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1689216 Environment:
Last Closed: 2019-03-15 13:20:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1559845, 1689216    
Bug Blocks:    

Description Paolo Bonzini 2019-03-15 13:11:27 UTC
+++ This bug was initially created as a clone of Bug #1689216 +++

Description of problem:

Starting a libvirt domain with host-passthrough (equivalent to -cpu host) or
host-model (a CPU model expanded from "host" via query-cpu-model-expansion is
passed to -cpu) on a host with nested VMX enabled cannot be migrated, saved,
or snapshotted. The domain doesn't even need or want to use VMX.

This is a regression introduced in 3.1.0 by

    commit d98f26073bebddcd3da0ba1b86c3a34e840c0fb8
    Author:     Paolo Bonzini <pbonzini@redhat.com>
    AuthorDate: Wed Nov 14 10:38:13 2018 +0100
    Commit:     Paolo Bonzini <pbonzini@redhat.com>
    CommitDate: Tue Nov 27 15:06:14 2018 +0100

        target/i386: kvm: add VMX migration blocker

        Nested VMX does not support live migration yet.  Add a blocker
        until that is worked out.

        Nested SVM only does not support it, but unfortunately it is
        enabled by default for -cpu host so we cannot really disable it.

        Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Unfortunately, VMX is automatically enabled for -cpu host too. The only
difference between SVM and VMX is that kvm_amd automatically enabled nested,
while it has to be enabled manually for kvm_intel.

Version-Release number of selected component (if applicable):

qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64

How reproducible:

100%

Steps to Reproduce:
1. modprobe -r kvm_intel
2. modprobe kvm_intel nested=1
3. /usr/libexec/qemu-kvm -cpu host -qmp stdin
4. {"execute":"qmp_capabilities"}
5. {"execute":"migrate","arguments":{"uri":"tcp://localhost:1234"}}

Alternatively via libvirt:
1. start a domain with either host-passthrough or host-model CPU
2. virsh managedsave $DOM

Actual results:

{"error": {"class": "GenericError", "desc": "Nested VMX virtualization does not support live migration yet"}}

or a corresponding libvirt error:

internal error: unable to execute QEMU command 'migrate': Nested VMX virtualization does not support live migration yet

----

<jdenemar> bonzini: if we want to keep the check in I think we should make sure vmx is not added to -cpu host unless non-migratable features are requested