@@ -1867,6 +1867,16 @@ static inline bool cpu_has_vmx(CPUX86State *env)
return env->features[FEAT_1_ECX] & CPUID_EXT_VMX;
}
+static inline bool cpu_has_svm(CPUX86State *env)
+{
+ return env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM;
+}
+
+static inline bool cpu_has_nested_virt(CPUX86State *env)
+{
+ return (cpu_has_vmx(env) || cpu_has_svm(env));
+}
+
/* fpu_helper.c */
void update_fp_status(CPUX86State *env);
void update_mxcsr_status(CPUX86State *env);
@@ -1640,7 +1640,7 @@ int kvm_arch_init_vcpu(CPUState *cs)
!!(c->ecx & CPUID_EXT_SMX);
}
- if (cpu_has_vmx(env) && !nested_virt_mig_blocker &&
+ if (cpu_has_nested_virt(env) && !nested_virt_mig_blocker &&
((kvm_max_nested_state_length() <= 0) || !has_exception_payload)) {
error_setg(&nested_virt_mig_blocker,
"Kernel do not provide required capabilities for "
@@ -233,7 +233,7 @@ static int cpu_pre_save(void *opaque)
#ifdef CONFIG_KVM
/* Verify we have nested virtualization state from kernel if required */
- if (kvm_enabled() && cpu_has_vmx(env) && !env->nested_state) {
+ if (kvm_enabled() && cpu_has_nested_virt(env) && !env->nested_state) {
error_report("Guest enabled nested virtualization but kernel "
"does not support saving of nested state");
return -EINVAL;
Commit 18ab37ba1cee ("target/i386: kvm: Block migration for vCPUs exposed with nested virtualization") was originally suppose to block migration for vCPUs exposed with nested virtualization, either Intel VMX or AMD SVM. However, during merge to upstream, commit was changed such that it doesn't even compile... This was done unintentionally in an attempt to modify submitted patch-series such that commit 12604092e26c ("target/i386: kvm: Add nested migration blocker only when kernel lacks required capabilities") will only block migration of vCPU exposed with VMX but still allow migration of vCPU exposed with SVM. However, since QEMU commit 75d373ef9729 ("target-i386: Disable SVM by default in KVM mode"), an AMD vCPU that is virtualized by KVM doesn’t expose SVM by default, even if you use "-cpu host". Therefore, it is unlikely that vCPU expose SVM CPUID flag when user is not running an SVM workload inside guest. Therefore, change code back to original intent to block migration in case of vCPU exposed with SVM if kernel does not support required capabilities to save/restore nested-state. Fixes: 12604092e26c ("target/i386: kvm: Add nested migration blocker only when kernel lacks required capabilities") Reviewed-by: Mark Kanda <mark.kanda@oracle.com> Reviewed-by: Karl Heubaum <karl.heubaum@oracle.com> Signed-off-by: Liran Alon <liran.alon@oracle.com> --- target/i386/cpu.h | 10 ++++++++++ target/i386/kvm.c | 2 +- target/i386/machine.c | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-)