On Mon, Sep 14, 2020 at 8:42 AM Yedidyah Bar David <[email protected]> wrote:
>
> On Mon, Sep 14, 2020 at 12:28 AM wodel youchi <[email protected]> wrote:
> >
> > Hi,
> >
> > Thanks for the help, I think I found the solution using this link :
> > https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/
> >
> > When executing : virsh dumpxml on my ovirt hypervisor I saw that the mpx
> > flag was disabled, so I edited the XML file of the hypervisor VM and I did
> > this : add the already enabled features and enable mpx with them. I
> > stopped/started my hyerpvisor VM and voila, le nested VM-Manager has booted
> > successfully.
> >
> >
> > <cpu mode="host-model" check="partial">
> > <feature policy="require" name="ss"/>
> > <feature policy="require" name="vmx"/>
> > <feature policy="require" name="pdcm"/>
> > <feature policy="require" name="hypervisor"/>
> > <feature policy="require" name="tsc_adjust"/>
> > <feature policy="require" name="clflushopt"/>
> > <feature policy="require" name="umip"/>
> > <feature policy="require" name="md-clear"/>
> > <feature policy="require" name="stibp"/>
> > <feature policy="require" name="arch-capabilities"/>
> > <feature policy="require" name="ssbd"/>
> > <feature policy="require" name="xsaves"/>
> > <feature policy="require" name="pdpe1gb"/>
> > <feature policy="require" name="ibpb"/>
> > <feature policy="require" name="amd-ssbd"/>
> > <feature policy="require" name="skip-l1dfl-vmentry"/>
> > <feature policy="require" name="mpx"/>
> > </cpu
>
> Thanks for the report!
>
> Would you like to open a bug about this?
>
> A possible fix is probably to pass relevant options to the
> virt-install command in ovirt-ansible-hosted-engine-setup.
> Either always - no idea what the implications are - or
> optionally, or even allow the user to pass arbitrary options.
I don't think we need to do such change on our side. This seems like a
hard to reproduce libvirt bug.
The strange thing is that after playing with the XML generated by
virt-manager, using
[x] Copy host CPU configuration
Creating this XML:
<cpu mode='custom' match='exact' check='full'>
<model fallback='forbid'>Skylake-Client-IBRS</model>
<vendor>Intel</vendor>
<feature policy='require' name='ss'/>
<feature policy='require' name='vmx'/>
<feature policy='require' name='pdcm'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='umip'/>
<feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='ibpb'/>
<feature policy='require' name='amd-stibp'/>
<feature policy='require' name='amd-ssbd'/>
<feature policy='require' name='skip-l1dfl-vmentry'/>
<feature policy='require' name='pschange-mc-no'/>
<feature policy='disable' name='mpx'/>
</cpu>
Or using this XML in virt-manager:
<cpu mode="host-passthrough" check="none" migratable="on"/>
Both work with these cluster CPU Type:
- Secure Intel Skylake Client Family
- Intel Skylake Client Family
I think the best place to discuss this is libvirt-users mailing list:
https://www.redhat.com/mailman/listinfo/libvirt-users
Nir
> Thanks and best regards,
>
> >
> >
> > Regards.
> >
> > Le dim. 13 sept. 2020 à 19:47, Nir Soffer <[email protected]> a écrit :
> >>
> >> On Sun, Sep 13, 2020 at 8:32 PM wodel youchi <[email protected]>
> >> wrote:
> >> >
> >> > Hi,
> >> >
> >> > I've been using my core i5 6500 (skylake-client) for some time now to
> >> > test oVirt on my machine.
> >> > However this is no longer the case.
> >> >
> >> > I am using Fedora 32 as my base system with nested-kvm enabled, when I
> >> > try to install oVirt 4.4 as HCI single node, I get an error in the last
> >> > phase which consists of copying the VM-Manager to the engine volume and
> >> > boot it.
> >> > It is the boot that causes the problem, I get an error about the CPU :
> >> > the CPU is incompatible with host CPU: Host CPU does not provide
> >> > required features: mpx
> >> >
> >> > This is the CPU part from virsh domcapabilities on my physical machine
> >> > <cpu>
> >> > <mode name='host-passthrough' supported='yes'/>
> >> > <mode name='host-model' supported='yes'>
> >> > <model fallback='forbid'>Skylake-Client-IBRS</model>
> >> > <vendor>Intel</vendor>
> >> > <feature policy='require' name='ss'/>
> >> > <feature policy='require' name='vmx'/>
> >> > <feature policy='require' name='pdcm'/>
> >> > <feature policy='require' name='hypervisor'/>
> >> > <feature policy='require' name='tsc_adjust'/>
> >> > <feature policy='require' name='clflushopt'/>
> >> > <feature policy='require' name='umip'/>
> >> > <feature policy='require' name='md-clear'/>
> >> > <feature policy='require' name='stibp'/>
> >> > <feature policy='require' name='arch-capabilities'/>
> >> > <feature policy='require' name='ssbd'/>
> >> > <feature policy='require' name='xsaves'/>
> >> > <feature policy='require' name='pdpe1gb'/>
> >> > <feature policy='require' name='invtsc'/>
> >> > <feature policy='require' name='ibpb'/>
> >> > <feature policy='require' name='amd-ssbd'/>
> >> > <feature policy='require' name='skip-l1dfl-vmentry'/>
> >> > </mode>
> >> > <mode name='custom' supported='yes'>
> >> > <model usable='yes'>qemu64</model>
> >> > <model usable='yes'>qemu32</model>
> >> > <model usable='no'>phenom</model>
> >> > <model usable='yes'>pentium3</model>
> >> > <model usable='yes'>pentium2</model>
> >> > <model usable='yes'>pentium</model>
> >> > <model usable='yes'>n270</model>
> >> > <model usable='yes'>kvm64</model>
> >> > <model usable='yes'>kvm32</model>
> >> > <model usable='yes'>coreduo</model>
> >> > <model usable='yes'>core2duo</model>
> >> > <model usable='no'>athlon</model>
> >> > <model usable='yes'>Westmere-IBRS</model>
> >> > <model usable='yes'>Westmere</model>
> >> > <model usable='no'>Skylake-Server-IBRS</model>
> >> > <model usable='no'>Skylake-Server</model>
> >> > <model usable='yes'>Skylake-Client-IBRS</model>
> >> > <model usable='yes'>Skylake-Client</model>
> >> > <model usable='yes'>SandyBridge-IBRS</model>
> >> > <model usable='yes'>SandyBridge</model>
> >> > <model usable='yes'>Penryn</model>
> >> > <model usable='no'>Opteron_G5</model>
> >> > <model usable='no'>Opteron_G4</model>
> >> > <model usable='no'>Opteron_G3</model>
> >> > <model usable='yes'>Opteron_G2</model>
> >> > <model usable='yes'>Opteron_G1</model>
> >> > <model usable='yes'>Nehalem-IBRS</model>
> >> > <model usable='yes'>Nehalem</model>
> >> > <model usable='yes'>IvyBridge-IBRS</model>
> >> > <model usable='yes'>IvyBridge</model>
> >> > <model usable='no'>Icelake-Server</model>
> >> > <model usable='no'>Icelake-Client</model>
> >> > <model usable='yes'>Haswell-noTSX-IBRS</model>
> >> > <model usable='yes'>Haswell-noTSX</model>
> >> > <model usable='yes'>Haswell-IBRS</model>
> >> > <model usable='yes'>Haswell</model>
> >> > <model usable='no'>EPYC-IBPB</model>
> >> > <model usable='no'>EPYC</model>
> >> > <model usable='no'>Dhyana</model>
> >> > <model usable='yes'>Conroe</model>
> >> > <model usable='no'>Cascadelake-Server</model>
> >> > <model usable='yes'>Broadwell-noTSX-IBRS</model>
> >> > <model usable='yes'>Broadwell-noTSX</model>
> >> > <model usable='yes'>Broadwell-IBRS</model>
> >> > <model usable='yes'>Broadwell</model>
> >> > <model usable='yes'>486</model>
> >> > </mode>
> >> > </cpu>
> >> >
> >> > Here is the lscpu of my physical machine
> >> > # lscpu
> >> > Architecture: x86_64
> >> > CPU op-mode(s): 32-bit, 64-bit
> >> > Byte Order: Little Endian
> >> > Address sizes: 39 bits physical, 48 bits virtual
> >> > CPU(s): 4
> >> > On-line CPU(s) list: 0-3
> >> > Thread(s) per core: 1
> >> > Core(s) per socket: 4
> >> > Socket(s): 1
> >> > NUMA node(s): 1
> >> > Vendor ID: GenuineIntel
> >> > CPU family: 6
> >> > Model: 94
> >> > Model name: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
> >> > Stepping: 3
> >> > CPU MHz: 954.588
> >> > CPU max MHz: 3600.0000
> >> > CPU min MHz: 800.0000
> >> > BogoMIPS: 6399.96
> >> > Virtualization: VT-x
> >> > L1d cache: 128 KiB
> >> > L1i cache: 128 KiB
> >> > L2 cache: 1 MiB
> >> > L3 cache: 6 MiB
> >> > NUMA node0 CPU(s): 0-3
> >> > Vulnerability Itlb multihit: KVM: Mitigation: Split huge pages
> >> > Vulnerability L1tf: Mitigation; PTE Inversion; VMX
> >> > conditional cache flushes, SMT disabled
> >> > Vulnerability Mds: Mitigation; Clear CPU buffers; SMT
> >> > disabled
> >> > Vulnerability Meltdown: Mitigation; PTI
> >> > Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass
> >> > disabled via prctl and seccomp
> >> > Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers
> >> > and __user pointer sanitization
> >> > Vulnerability Spectre v2: Mitigation; Full generic retpoline,
> >> > IBPB conditional, IBRS_FW, STIBP disabled, RSB filling
> >> > Vulnerability Srbds: Vulnerable: No microcode
> >> > Vulnerability Tsx async abort: Mitigation; Clear CPU buffers; SMT
> >> > disabled
> >> > Flags: fpu vme de pse tsc msr pae mce cx8 apic
> >> > sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht
> >> > tm pbe syscall nx pdpe1gb rdtscp lm constan
> >> > t_tsc art arch_perfmon pebs bts rep_good
> >> > nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor
> >> > ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16
> >> > xtpr pdcm pcid sse4_1 sse4_2 x2apic
> >> > movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm
> >> > 3dnowprefetch cpuid_fault invpcid_single pti ssbd
> >> > ibrs ibpb stibp tpr_shadow vnmi
> >> > flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2
> >> > erms invpcid rtm mpx rdseed adx smap clflushopt in
> >> > tel_pt xsaveopt xsavec xgetbv1 xsaves
> >> > dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear
> >> > flush_l1d
> >> >
> >> >
> >> >
> >> > Here is the CPU part from virsh dumpxml of my ovirt hypervisor
> >> > <cpu mode='custom' match='exact' check='full'>
> >> > <model fallback='forbid'>Skylake-Client-IBRS</model>
> >> > <vendor>Intel</vendor>
> >> > <feature policy='require' name='ss'/>
> >> > <feature policy='require' name='vmx'/>
> >> > <feature policy='require' name='pdcm'/>
> >> > <feature policy='require' name='hypervisor'/>
> >> > <feature policy='require' name='tsc_adjust'/>
> >> > <feature policy='require' name='clflushopt'/>
> >> > <feature policy='require' name='umip'/>
> >> > <feature policy='require' name='md-clear'/>
> >> > <feature policy='require' name='stibp'/>
> >> > <feature policy='require' name='arch-capabilities'/>
> >> > <feature policy='require' name='ssbd'/>
> >> > <feature policy='require' name='xsaves'/>
> >> > <feature policy='require' name='pdpe1gb'/>
> >> > <feature policy='require' name='ibpb'/>
> >> > <feature policy='require' name='amd-ssbd'/>
> >> > <feature policy='require' name='skip-l1dfl-vmentry'/>
> >> > <feature policy='disable' name='mpx'/>
> >> > </cpu>
> >> >
> >> > Here is the lcpu of my ovirt hypervisor
> >> > [root@node1 ~]# lscpu
> >> > Architecture : x86_64
> >> > Mode(s) opératoire(s) des processeurs : 32-bit, 64-bit
> >> > Boutisme : Little Endian
> >> > Processeur(s) : 4
> >> > Liste de processeur(s) en ligne : 0-3
> >> > Thread(s) par cœur : 1
> >> > Cœur(s) par socket : 1
> >> > Socket(s) : 4
> >> > Nœud(s) NUMA : 1
> >> > Identifiant constructeur : GenuineIntel
> >> > Famille de processeur : 6
> >> > Modèle : 94
> >> > Nom de modèle : Intel Core Processor (Skylake,
> >> > IBRS)
> >> > Révision : 3
> >> > Vitesse du processeur en MHz : 3191.998
> >> > BogoMIPS : 6383.99
> >> > Virtualisation : VT-x
> >> > Constructeur d'hyperviseur : KVM
> >> > Type de virtualisation : complet
> >> > Cache L1d : 32K
> >> > Cache L1i : 32K
> >> > Cache L2 : 4096K
> >> > Cache L3 : 16384K
> >> > Nœud NUMA 0 de processeur(s) : 0-3
> >> > Drapaux : fpu vme de pse tsc msr pae mce
> >> > cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss
> >> > syscall nx pdpe1gb rdtscp lm constant_tsc rep_go
> >> > od nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16
> >> > pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave
> >> > avx f16c rdrand hypervisor lahf_lm abm 3dnow
> >> > prefetch cpuid_fault invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow
> >> > vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2
> >> > erms invpcid rtm rdseed adx smap clflushopt xs
> >> > aveopt xsavec xgetbv1 xsaves arat umip md_clear arch_capabilities
> >> >
> >> > it seems not all the flags are presented to the hypervisor especially
> >> > the mpx which causes the error
> >> >
> >> > Is there a workaround for this?
> >>
> >> I'm using a similar setup, using older generation CPU works.
> >>
> >> Cluster CPU Type:
> >> Intel Broadwell Family
> >>
> >> It looks like this bug:
> >> https://bugzilla.redhat.com/1609818
> >>
> >> But it cannot be fixed by resetting the cpu type, suggested in:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1609818#c9
> >>
> >> Nir
> >>
> >>
> >> Nir
> >>
> > _______________________________________________
> > Users mailing list -- [email protected]
> > To unsubscribe send an email to [email protected]
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> > https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
>
>
>
> --
> Didi
>
