On Sat, Sep 28, 2013 at 12:49:04PM +0200, Borislav Petkov wrote: > On Fri, Sep 27, 2013 at 11:21:34AM -0300, Eduardo Habkost wrote: > > The problem here is that "requested_features" doesn't include just > > the explicit "+flag" flags, but any flag included in the CPU model > > definition. See the "-cpu n270" example below. > > Oh, you mean if requested_features would contain a flag included from > the CPU model definition - a flag which we haven't requested explicitly > - and if kvm emulates that flag, then it will get enabled?
Exactly. The code needs to filter/check all feature bits on the CPU, not just the ones requested explicitly in the command-line. [...] > > [1] Maybe one source of confusion is that the existing code have two > > feature-filtering functions doing basically the same thing: > > filter_features_for_kvm() and kvm_check_features_against_host(). That's > > Yes, and the first gets executed unconditionally and does the feature > filtering, right after the second has run in the kvm_enabled() branch. This should be fixed, too: eventually "enforce" should work on TCG mode as well. > > > something we must clean up, and they should be unified. "enforce" should > > become synonymous to "make sure filtered_features is all zeroes". This > > way, libvirt can emulate what 'enforce" does while being able to collect > > detailed error information (which is not easy to do if QEMU simply > > aborts). > > Ok, maybe someone who's more knowledgeable with this code should do it - > not me :) I have added it to my TODO-list. :-) > > Also, there's another aspect, while we're here: now that QEMU emulates > MOVBE with TCG too, how do we specify on the command line, which > emulation should be used - kvm.ko or QEMU? You can use accel={tcg,kvm} option on the "-machine" argument, e.g. "-machine pc,accel=kvm". Or the "-enable-kvm" option. -- Eduardo