libxl: do not enable nested HVM unless global nested_hvm option enabled

Introduce global libxl option for enabling nested HVM feature, similar
to kvm module parameter. This will prevent enabling experimental feature
by mere presence of <cpu mode='host-passthrough'> element in domain
config, unless explicitly enabled. <cpu mode='host-passthrough'> element
may be used to configure other features, like NUMA, or CPUID.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>

src/libxl/libvirtd_libxl.aug

@@ -28,12 +28,14 @@ module Libvirtd_libxl =
    let lock_entry = str_entry "lock_manager"
    let keepalive_interval_entry = int_entry "keepalive_interval"
    let keepalive_count_entry = int_entry "keepalive_count"
+   let nested_hvm_entry = bool_entry "nested_hvm"
 
    (* Each entry in the config is one of the following ... *)
    let entry = autoballoon_entry
              | lock_entry
              | keepalive_interval_entry
              | keepalive_count_entry
+             | nested_hvm_entry
 
    let comment = [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty = [ label "#empty" . eol ]

src/libxl/libxl.conf

@@ -41,3 +41,11 @@
 #
 #keepalive_interval = 5
 #keepalive_count = 5
+
+# Nested HVM default control. In order to use nested HVM feature, this option
+# needs to be enabled, in addition to specifying <cpu mode='host-passthrough'>
+# in domain configuration. This can be overridden in domain configuration by
+# explicitly setting <feature policy='require' name='vmx'/> inside <cpu/>
+# element.
+# By default it is disabled.
+#nested_hvm = 0

src/libxl/libxl_conf.c

@@ -395,10 +395,12 @@ libxlMakeDomBuildInfo(virDomainDefPtr def,
             bool hasHwVirt = false;
             bool svm = false, vmx = false;
 
+            /* enable nested HVM only if global nested_hvm option enable it and
+             * host support it*/
             if (ARCH_IS_X86(def->os.arch)) {
                 vmx = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "vmx");
                 svm = virCPUCheckFeature(caps->host.arch, caps->host.cpu, "svm");
-                hasHwVirt = vmx | svm;
+                hasHwVirt = cfg->nested_hvm && (vmx | svm);
             }
 
             if (def->cpu->nfeatures) {
@@ -415,6 +417,11 @@ libxlMakeDomBuildInfo(virDomainDefPtr def,
 
                         case VIR_CPU_FEATURE_FORCE:
                         case VIR_CPU_FEATURE_REQUIRE:
+                            if ((vmx && STREQ(def->cpu->features[i].name, "vmx")) ||
+                                (svm && STREQ(def->cpu->features[i].name, "svm")))
+                                hasHwVirt = true;
+                            break;
+
                         case VIR_CPU_FEATURE_OPTIONAL:
                         case VIR_CPU_FEATURE_LAST:
                             break;
@@ -1758,6 +1765,9 @@ int libxlDriverConfigLoadFile(libxlDriverConfigPtr cfg,
     if (virConfGetValueUInt(conf, "keepalive_count", &cfg->keepAliveCount) < 0)
         goto cleanup;
 
+    if (virConfGetValueBool(conf, "nested_hvm", &cfg->nested_hvm) < 0)
+        goto cleanup;
+
     ret = 0;
 
  cleanup:

src/libxl/libxl_conf.h

@@ -88,6 +88,8 @@ struct _libxlDriverConfig {
     int keepAliveInterval;
     unsigned int keepAliveCount;
 
+    bool nested_hvm;
+
     /* Once created, caps are immutable */
     virCapsPtr caps;
 

src/libxl/test_libvirtd_libxl.aug.in

@@ -6,3 +6,4 @@ module Test_libvirtd_libxl =
 { "lock_manager" = "lockd" }
 { "keepalive_interval" = "5" }
 { "keepalive_count" = "5" }
+{ "nested_hvm" = "0" }

tests/libxlxml2domconfigtest.c

@@ -76,6 +76,9 @@ testCompareXMLToDomConfig(const char *xmlfile,
     if (!(log = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, XTL_DEBUG, 0)))
         goto cleanup;
 
+    /* for testing nested HVM */
+    cfg->nested_hvm = true;
+
     /* replace logger with stderr one */
     libxl_ctx_free(cfg->ctx);