On 16.01.2012, at 20:33, Anthony Liguori wrote:

> On 01/08/2012 05:52 PM, Alexander Graf wrote:
>> During discussions on whether to make -cpu host the default in SLE, I found
>> myself disagreeing to the thought, because it potentially opens a big can
>> of worms for potential bugs. But if I already am so opposed to it for SLE, 
>> how
>> can it possibly be reasonable to default to -cpu host in upstream QEMU? And
>> what would a sane default look like?
> 
> 
> What are the arguments against -cpu host?

It's hard to test. New CPUs have new features and we're having a hard time to 
catch up. With -cpu best we only select from a pool of known-good CPU types. If 
you want to check that everything works, go to a box that has the maximum 
available features, go through all -cpu options that users could run into and 
you're good. With -cpu host you can't really test (unless you own all possible 
CPUs there are).

We expose CPUID information that doesn't exist that way in the real world.

A small example from today's code.

There are a bunch of CPUID leafs. On Nehalem, one of them is a list of possible 
C-States to go into. With -cpu host we sync feature bits, CPU name, CPU family 
and some other bits of information, but not the C-State information. So we end 
up with a CPU inside the guest that looks and feels like a Nehalem CPU, but 
doesn't expose any C-State information.

Linux now boots, goes in, checks that it's running on Nehalem, sets the 
powersave mechanism to the respective model and fills an internal callback 
table with the C-State information with a loop that ends without any action, 
since we expose 0 C-State bits. When the guest now calls the idle callback, it 
dereferences that table, which contains a NULL pointer, oops.

That is just one example from current Linux. Another one would be my 
development AMD box that when it came out wasn't around in the market yet, so 
guests would just refuse to boot at all. Since they'd just say the CPUID is 
unknown.

Overall, I used to be a big fan of -cpu host, but it's a maintainability 
nightmare. It can be great for testing stuff, so we should definitely keep it 
around. But after thinking about it again, I don't think it should be the 
default. The default should be something safe.


Alex


Reply via email to