2020-02-28 18:35:50 +03:00
|
|
|
@node cpu_models_x86
|
|
|
|
@section Recommendations for KVM CPU model configuration on x86 hosts
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
QEMU / KVM virtualization supports two ways to configure CPU models
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item Host passthrough
|
|
|
|
|
|
|
|
This passes the host CPU model features, model, stepping, exactly to the
|
|
|
|
guest. Note that KVM may filter out some host CPU model features if they
|
|
|
|
cannot be supported with virtualization. Live migration is unsafe when
|
|
|
|
this mode is used as libvirt / QEMU cannot guarantee a stable CPU is
|
|
|
|
exposed to the guest across hosts. This is the recommended CPU to use,
|
|
|
|
provided live migration is not required.
|
|
|
|
|
|
|
|
@item Named model
|
|
|
|
|
|
|
|
QEMU comes with a number of predefined named CPU models, that typically
|
|
|
|
refer to specific generations of hardware released by Intel and AMD.
|
|
|
|
These allow the guest VMs to have a degree of isolation from the host CPU,
|
|
|
|
allowing greater flexibility in live migrating between hosts with differing
|
|
|
|
hardware.
|
|
|
|
@end table
|
|
|
|
|
|
|
|
In both cases, it is possible to optionally add or remove individual CPU
|
|
|
|
features, to alter what is presented to the guest by default.
|
|
|
|
|
|
|
|
Libvirt supports a third way to configure CPU models known as "Host model".
|
|
|
|
This uses the QEMU "Named model" feature, automatically picking a CPU model
|
|
|
|
that is similar the host CPU, and then adding extra features to approximate
|
|
|
|
the host model as closely as possible. This does not guarantee the CPU family,
|
|
|
|
stepping, etc will precisely match the host CPU, as they would with "Host
|
|
|
|
passthrough", but gives much of the benefit of passthrough, while making
|
|
|
|
live migration safe.
|
|
|
|
|
|
|
|
The information that follows provides recommendations for configuring
|
|
|
|
CPU models on x86 hosts. The goals are to maximise performance, while
|
|
|
|
protecting guest OS against various CPU hardware flaws, and optionally
|
2019-02-20 08:27:26 +03:00
|
|
|
enabling live migration between hosts with heterogeneous CPU models.
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
@menu
|
|
|
|
* preferred_cpu_models_intel_x86:: Preferred CPU models for Intel x86 hosts
|
|
|
|
* important_cpu_features_intel_x86:: Important CPU features for Intel x86 hosts
|
|
|
|
* preferred_cpu_models_amd_x86:: Preferred CPU models for AMD x86 hosts
|
|
|
|
* important_cpu_features_amd_x86:: Important CPU features for AMD x86 hosts
|
|
|
|
* default_cpu_models_x86:: Default x86 CPU models
|
|
|
|
* other_non_recommended_cpu_models_x86:: Other non-recommended x86 CPUs
|
2020-02-28 18:35:50 +03:00
|
|
|
* cpu_model_syntax_apps:: Syntax for configuring CPU models
|
2018-06-27 19:01:03 +03:00
|
|
|
@end menu
|
|
|
|
|
|
|
|
@node preferred_cpu_models_intel_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Preferred CPU models for Intel x86 hosts
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The following CPU models are preferred for use on Intel hosts. Administrators /
|
|
|
|
applications are recommended to use the CPU model that matches the generation
|
|
|
|
of the host CPUs in use. In a deployment with a mixture of host CPU models
|
|
|
|
between machines, if live migration compatibility is required, use the newest
|
|
|
|
CPU model that is compatible across all desired hosts.
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
@item @code{Skylake-Server}
|
|
|
|
@item @code{Skylake-Server-IBRS}
|
|
|
|
|
|
|
|
Intel Xeon Processor (Skylake, 2016)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Skylake-Client}
|
|
|
|
@item @code{Skylake-Client-IBRS}
|
|
|
|
|
|
|
|
Intel Core Processor (Skylake, 2015)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Broadwell}
|
|
|
|
@item @code{Broadwell-IBRS}
|
|
|
|
@item @code{Broadwell-noTSX}
|
|
|
|
@item @code{Broadwell-noTSX-IBRS}
|
|
|
|
|
|
|
|
Intel Core Processor (Broadwell, 2014)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Haswell}
|
|
|
|
@item @code{Haswell-IBRS}
|
|
|
|
@item @code{Haswell-noTSX}
|
|
|
|
@item @code{Haswell-noTSX-IBRS}
|
|
|
|
|
|
|
|
Intel Core Processor (Haswell, 2013)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{IvyBridge}
|
|
|
|
@item @code{IvyBridge-IBRS}
|
|
|
|
|
|
|
|
Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{SandyBridge}
|
|
|
|
@item @code{SandyBridge-IBRS}
|
|
|
|
|
|
|
|
Intel Xeon E312xx (Sandy Bridge, 2011)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Westmere}
|
|
|
|
@item @code{Westmere-IBRS}
|
|
|
|
|
|
|
|
Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Nehalem}
|
|
|
|
@item @code{Nehalem-IBRS}
|
|
|
|
|
|
|
|
Intel Core i7 9xx (Nehalem Class Core i7, 2008)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Penryn}
|
|
|
|
|
|
|
|
Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Conroe}
|
|
|
|
|
|
|
|
Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
|
|
|
|
|
|
|
|
@end table
|
|
|
|
|
|
|
|
@node important_cpu_features_intel_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Important CPU features for Intel x86 hosts
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The following are important CPU features that should be used on Intel x86
|
|
|
|
hosts, when available in the host CPU. Some of them require explicit
|
|
|
|
configuration to enable, as they are not included by default in some, or all,
|
|
|
|
of the named CPU models listed above. In general all of these features are
|
|
|
|
included if using "Host passthrough" or "Host model".
|
|
|
|
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item @code{pcid}
|
|
|
|
|
|
|
|
Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix
|
|
|
|
|
|
|
|
Included by default in Haswell, Broadwell & Skylake Intel CPU models.
|
|
|
|
|
|
|
|
Should be explicitly turned on for Westmere, SandyBridge, and IvyBridge
|
|
|
|
Intel CPU models. Note that some desktop/mobile Westmere CPUs cannot
|
|
|
|
support this feature.
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{spec-ctrl}
|
|
|
|
|
2019-03-07 15:18:37 +03:00
|
|
|
Required to enable the Spectre v2 (CVE-2017-5715) fix.
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
Included by default in Intel CPU models with -IBRS suffix.
|
|
|
|
|
|
|
|
Must be explicitly turned on for Intel CPU models without -IBRS suffix.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
|
|
|
|
|
|
|
|
2019-03-07 15:18:38 +03:00
|
|
|
@item @code{stibp}
|
|
|
|
|
|
|
|
Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
|
|
|
|
operating systems.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all Intel CPU models.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
|
|
|
|
|
|
|
|
2018-06-27 19:01:03 +03:00
|
|
|
@item @code{ssbd}
|
|
|
|
|
|
|
|
Required to enable the CVE-2018-3639 fix
|
|
|
|
|
|
|
|
Not included by default in any Intel CPU model.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all Intel CPU models.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{pdpe1gb}
|
|
|
|
|
|
|
|
Recommended to allow guest OS to use 1GB size pages
|
|
|
|
|
|
|
|
Not included by default in any Intel CPU model.
|
|
|
|
|
|
|
|
Should be explicitly turned on for all Intel CPU models.
|
|
|
|
|
|
|
|
Note that not all CPU hardware will support this feature.
|
2019-05-15 17:10:11 +03:00
|
|
|
|
|
|
|
@item @code{md-clear}
|
|
|
|
|
|
|
|
Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130,
|
|
|
|
CVE-2019-11091) fixes.
|
|
|
|
|
|
|
|
Not included by default in any Intel CPU model.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all Intel CPU models.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
2018-06-27 19:01:03 +03:00
|
|
|
@end table
|
|
|
|
|
|
|
|
|
|
|
|
@node preferred_cpu_models_amd_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Preferred CPU models for AMD x86 hosts
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The following CPU models are preferred for use on Intel hosts. Administrators /
|
|
|
|
applications are recommended to use the CPU model that matches the generation
|
|
|
|
of the host CPUs in use. In a deployment with a mixture of host CPU models
|
|
|
|
between machines, if live migration compatibility is required, use the newest
|
|
|
|
CPU model that is compatible across all desired hosts.
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item @code{EPYC}
|
|
|
|
@item @code{EPYC-IBPB}
|
|
|
|
|
|
|
|
AMD EPYC Processor (2017)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Opteron_G5}
|
|
|
|
|
|
|
|
AMD Opteron 63xx class CPU (2012)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Opteron_G4}
|
|
|
|
|
|
|
|
AMD Opteron 62xx class CPU (2011)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Opteron_G3}
|
|
|
|
|
|
|
|
AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Opteron_G2}
|
|
|
|
|
|
|
|
AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{Opteron_G1}
|
|
|
|
|
|
|
|
AMD Opteron 240 (Gen 1 Class Opteron, 2004)
|
|
|
|
@end table
|
|
|
|
|
|
|
|
@node important_cpu_features_amd_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Important CPU features for AMD x86 hosts
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The following are important CPU features that should be used on AMD x86
|
|
|
|
hosts, when available in the host CPU. Some of them require explicit
|
|
|
|
configuration to enable, as they are not included by default in some, or all,
|
|
|
|
of the named CPU models listed above. In general all of these features are
|
|
|
|
included if using "Host passthrough" or "Host model".
|
|
|
|
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item @code{ibpb}
|
|
|
|
|
2019-03-07 15:18:37 +03:00
|
|
|
Required to enable the Spectre v2 (CVE-2017-5715) fix.
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
Included by default in AMD CPU models with -IBPB suffix.
|
|
|
|
|
|
|
|
Must be explicitly turned on for AMD CPU models without -IBPB suffix.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
|
|
|
|
|
|
|
|
2019-03-07 15:18:38 +03:00
|
|
|
@item @code{stibp}
|
|
|
|
|
|
|
|
Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
|
|
|
|
operating systems.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all AMD CPU models.
|
|
|
|
|
|
|
|
Requires the host CPU microcode to support this feature before it
|
|
|
|
can be used for guest CPUs.
|
|
|
|
|
|
|
|
|
2018-06-27 19:01:03 +03:00
|
|
|
@item @code{virt-ssbd}
|
|
|
|
|
|
|
|
Required to enable the CVE-2018-3639 fix
|
|
|
|
|
|
|
|
Not included by default in any AMD CPU model.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all AMD CPU models.
|
|
|
|
|
|
|
|
This should be provided to guests, even if amd-ssbd is also
|
|
|
|
provided, for maximum guest compatibility.
|
|
|
|
|
|
|
|
Note for some QEMU / libvirt versions, this must be force enabled
|
|
|
|
when when using "Host model", because this is a virtual feature
|
|
|
|
that doesn't exist in the physical host CPUs.
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{amd-ssbd}
|
|
|
|
|
|
|
|
Required to enable the CVE-2018-3639 fix
|
|
|
|
|
|
|
|
Not included by default in any AMD CPU model.
|
|
|
|
|
|
|
|
Must be explicitly turned on for all AMD CPU models.
|
|
|
|
|
|
|
|
This provides higher performance than virt-ssbd so should be
|
|
|
|
exposed to guests whenever available in the host. virt-ssbd
|
|
|
|
should none the less also be exposed for maximum guest
|
2019-02-20 08:27:26 +03:00
|
|
|
compatibility as some kernels only know about virt-ssbd.
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
|
|
|
|
@item @code{amd-no-ssb}
|
|
|
|
|
|
|
|
Recommended to indicate the host is not vulnerable CVE-2018-3639
|
|
|
|
|
|
|
|
Not included by default in any AMD CPU model.
|
|
|
|
|
2019-02-20 08:27:26 +03:00
|
|
|
Future hardware generations of CPU will not be vulnerable to
|
2018-06-27 19:01:03 +03:00
|
|
|
CVE-2018-3639, and thus the guest should be told not to enable
|
|
|
|
its mitigations, by exposing amd-no-ssb. This is mutually
|
|
|
|
exclusive with virt-ssbd and amd-ssbd.
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{pdpe1gb}
|
|
|
|
|
|
|
|
Recommended to allow guest OS to use 1GB size pages
|
|
|
|
|
|
|
|
Not included by default in any AMD CPU model.
|
|
|
|
|
|
|
|
Should be explicitly turned on for all AMD CPU models.
|
|
|
|
|
|
|
|
Note that not all CPU hardware will support this feature.
|
|
|
|
@end table
|
|
|
|
|
|
|
|
|
|
|
|
@node default_cpu_models_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Default x86 CPU models
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The default QEMU CPU models are designed such that they can run on all hosts.
|
|
|
|
If an application does not wish to do perform any host compatibility checks
|
|
|
|
before launching guests, the default is guaranteed to work.
|
|
|
|
|
|
|
|
The default CPU models will, however, leave the guest OS vulnerable to various
|
|
|
|
CPU hardware flaws, so their use is strongly discouraged. Applications should
|
|
|
|
follow the earlier guidance to setup a better CPU configuration, with host
|
|
|
|
passthrough recommended if live migration is not needed.
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
@item @code{qemu32}
|
|
|
|
@item @code{qemu64}
|
|
|
|
|
|
|
|
QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
|
|
|
|
|
|
|
|
qemu64 is used for x86_64 guests and qemu32 is used for i686 guests, when no
|
|
|
|
-cpu argument is given to QEMU, or no <cpu> is provided in libvirt XML.
|
|
|
|
@end table
|
|
|
|
|
|
|
|
|
|
|
|
@node other_non_recommended_cpu_models_x86
|
2020-02-28 18:35:50 +03:00
|
|
|
@subsection Other non-recommended x86 CPUs
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
The following CPUs models are compatible with most AMD and Intel x86 hosts, but
|
|
|
|
their usage is discouraged, as they expose a very limited featureset, which
|
|
|
|
prevents guests having optimal performance.
|
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item @code{kvm32}
|
|
|
|
@item @code{kvm64}
|
|
|
|
|
|
|
|
Common KVM processor (32 & 64 bit variants)
|
|
|
|
|
|
|
|
Legacy models just for historical compatibility with ancient QEMU versions.
|
|
|
|
|
|
|
|
|
|
|
|
@item @code{486}
|
|
|
|
@item @code{athlon}
|
|
|
|
@item @code{phenom}
|
|
|
|
@item @code{coreduo}
|
|
|
|
@item @code{core2duo}
|
|
|
|
@item @code{n270}
|
|
|
|
@item @code{pentium}
|
|
|
|
@item @code{pentium2}
|
|
|
|
@item @code{pentium3}
|
|
|
|
|
|
|
|
Various very old x86 CPU models, mostly predating the introduction of
|
|
|
|
hardware assisted virtualization, that should thus not be required for
|
|
|
|
running virtual machines.
|
|
|
|
@end table
|
|
|
|
|
|
|
|
@node cpu_model_syntax_apps
|
|
|
|
@subsection Syntax for configuring CPU models
|
|
|
|
|
|
|
|
The example below illustrate the approach to configuring the various
|
2020-02-28 18:35:50 +03:00
|
|
|
CPU models / features in QEMU and libvirt.
|
2018-06-27 19:01:03 +03:00
|
|
|
|
2020-02-28 18:35:50 +03:00
|
|
|
QEMU command line:
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item Host passthrough
|
|
|
|
|
|
|
|
@example
|
2019-07-30 18:08:26 +03:00
|
|
|
$ @value{qemu_system_x86} -cpu host
|
2018-06-27 19:01:03 +03:00
|
|
|
@end example
|
|
|
|
|
|
|
|
With feature customization:
|
|
|
|
|
|
|
|
@example
|
2019-07-30 18:08:26 +03:00
|
|
|
$ @value{qemu_system_x86} -cpu host,-vmx,...
|
2018-06-27 19:01:03 +03:00
|
|
|
@end example
|
|
|
|
|
|
|
|
@item Named CPU models
|
|
|
|
|
|
|
|
@example
|
2019-07-30 18:08:26 +03:00
|
|
|
$ @value{qemu_system_x86} -cpu Westmere
|
2018-06-27 19:01:03 +03:00
|
|
|
@end example
|
|
|
|
|
|
|
|
With feature customization:
|
|
|
|
|
|
|
|
@example
|
2019-07-30 18:08:26 +03:00
|
|
|
$ @value{qemu_system_x86} -cpu Westmere,+pcid,...
|
2018-06-27 19:01:03 +03:00
|
|
|
@end example
|
|
|
|
|
|
|
|
@end table
|
|
|
|
|
2020-02-28 18:35:50 +03:00
|
|
|
|
|
|
|
Libvirt guest XML:
|
2018-06-27 19:01:03 +03:00
|
|
|
|
|
|
|
@table @option
|
|
|
|
|
|
|
|
@item Host passthrough
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='host-passthrough'/>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
With feature customization:
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='host-passthrough'>
|
|
|
|
<feature name="vmx" policy="disable"/>
|
|
|
|
...
|
|
|
|
</cpu>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
@item Host model
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='host-model'/>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
With feature customization:
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='host-model'>
|
|
|
|
<feature name="vmx" policy="disable"/>
|
|
|
|
...
|
|
|
|
</cpu>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
@item Named model
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='custom'>
|
|
|
|
<model name="Westmere"/>
|
|
|
|
</cpu>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
With feature customization:
|
|
|
|
|
|
|
|
@example
|
|
|
|
<cpu mode='custom'>
|
|
|
|
<model name="Westmere"/>
|
|
|
|
<feature name="pcid" policy="require"/>
|
|
|
|
...
|
|
|
|
</cpu>
|
|
|
|
@end example
|
|
|
|
|
|
|
|
@end table
|