CCing mskrivanek, danpb, libvir-list. On Fri, Oct 25, 2019 at 10:02:29AM +0200, David Hildenbrand wrote: > On 25.10.19 09:55, Christian Borntraeger wrote: > > > > > > On 25.10.19 09:17, David Hildenbrand wrote: > > > On 25.10.19 04:25, Eduardo Habkost wrote: > > > > We had introduced versioned CPU models in QEMU 4.1, including a > > > > method for querying for CPU model versions using > > > > > > Interesting, I was not aware of that. > > > > > > On s390x, we somewhat have versioned CPU models, but we decided against > > > giving them explicit names (e.g., z13-v1 or z13-4.1.0), because it didn't > > > really seem to be necessary. (and we often implement/add features for > > > older CPU models, there is a lot of fluctuation) Actually, you would have > > > had to add "z13-z/VM-x.x.x" or "z13-LPAR-x.x.x" or "z13-KVM-x.x.x" to > > > model the features you actually see in all the different virtual > > > environments ("what a CPU looks like"). Not to talk about QEMU versions > > > in addition to that. So we decided to always model what you would see > > > under LPAR and are able to specify for a KVM guest. So you can use "z13" > > > in an up-to-date LPAR environment, but not in a z/VM environment (you > > > would have to disable features). > > > > > > Each (!base) CPU model has a specific feature set per machine. Libvirt > > > uses query-cpu-model-expansion() to convert this model+machine to a > > > machine-independent representation. That representation is sufficient for > > > all use cases we were aware of (esp. "virsh domcapabilities", the host > > > CPU model, migration). > > > > > > While s390x has versioned CPU models, we have no explicit way of > > > specifying them for older machines, besides going over > > > query-cpu-model-expansion and using expanded "base model + features". > > > > > > I can see that this might make sense on x86-64, where you only have maybe > > > 3 versions of a CPU (e.g., the one Intel messed up first - Haswell, the > > > one Intel messed up next - Haswell-noTSX, and the one that Intel > > > eventually did right - Haswell-noTSX-IBRS) and you might want to specify > > > "Haswell" vs. "Haswell-IBRS" vs. "Haswell-noTSX-IBRS". But actually, you > > > will always want to go for "Haswell-noTSX-IBRS", because you can expect > > > to run in updated environments if I am not wrong, everything else are > > > corner cases. > > > > > > Of course, versioned CPU model are neat to avoid "base model + list of > > > features", but at least for expanding the host model on s390x, it is not > > > really helpful. When migrating, the model expansion does the trick. > > > > > > I haven't looked into details of "how to specify or model versions". > > > Maybe IBM wants to look into creating versions for all the old models we > > > had. But again, not sure if that is of any help for s390x. CCing IBM. > > > > I agree that this does not look very helpful. > > Especially as several things depend on the kernel version a QEMU version is > > not sufficient to be guarantee construction success. > > So we would need something like z14-qemu4.0-kernel-5.2-suse-flavour-onLPAR > > > > Instead we do check if we can construct an equivalent model on the > > migration target. > > And that model is precise. We do even have versions. > > Right now with QEMU on s390 our models are versioned in a way that we > > fence of > > facilities for old machine versions. > > > > For example > > -machine s390-virtio-ccw-3.1 -cpu z14 will not have the multiple epoch > > facility > > and > > -machine s390-virtio-ccw-4.0 -cpu z14 will have the multiple epoch facility. > > As migration does always require the tuple of machine and cpu this is save. > > I fail > > to see what the benefit of an explicit z14-3.1 would be. > > > > AFAIKS the only real benefit of versioned CPU models is that you can add new > CPU model versions without new QEMU version. > > Then you can specify "-cpu z13-vX" or "-cpu z13 -cpuv X" (no idea how > versioned CPU model were implemented) on any QEMU machine. Which is the same > as telling your customer "please use z13,featX=on" in case you have a good > reason to not use the host model (along with baselining) but use an explicit > model.
Exactly. oVirt, specifically, don't use host-model. > > If you can change the default model of QEMU machines, you can automate this > process. I am pretty sure this is a corner case, though (e.g., IBRS). > Usually you have a new QEMU machine and can simply enable the new feature > from that point on. When -noTSX happened, we thought it was a corner case. Then we had -IBRS & -IBPB. Then we had SSBD (with no new CPU models). Then we had MD_CLEAR (with no new CPU models). It's now very easy to get an insecure VM created if you are not using host-model. -- Eduardo -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list