Public bug reported: TL;DR this is the time to decide to either drop debian/patches/ubuntu /expose-vmx_qemu64cpu.patch or to update it.
Default nesting issue: uvt-kvm create --memory 2048 --cpu 4 --disk 16 --password=ubuntu focal-kvm release=focal arch=amd64 label=daily Default CPU used is: <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>qemu64</model> <feature policy='require' name='vmx'/> <-- even has VMX enabled <feature policy='require' name='x2apic'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='lahf_lm'/> <feature policy='disable' name='svm'/> </cpu> Guest: uvt-kvm create --disk 5 --machine-type ubuntu --password=ubuntu focal-2nd-lvm release=focal arch=amd64 label=daily It comes down to non-loadable module in the lvl1 guest: $ sudo modprobe kvm_intel modprobe: ERROR: could not insert 'kvm_intel': Input/output error Try the same with host-passthrough to check if it is the (default) cpu type <cpu mode='host-passthrough' check='none'/> $ kvm-ok INFO: /dev/kvm exists KVM acceleration can be used <cpu mode='host-model' check='none'/> Even adapting the qemu64 type to represent the features of Haswell didn't work. <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>qemu64</model> <feature policy='require' name='vmx'/> <feature policy='require' name='x2apic'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='lahf_lm'/> <feature policy='disable' name='svm'/> <feature policy='require' name='aes'/> <feature policy='require' name='avx'/> <feature policy='require' name='avx2'/> <feature policy='require' name='bmi1'/> <feature policy='require' name='bmi2'/> <feature policy='require' name='erms'/> <feature policy='require' name='fma'/> <feature policy='require' name='fsgsbase'/> <feature policy='require' name='invpcid'/> <feature policy='require' name='movbe'/> <feature policy='require' name='pcid'/> <feature policy='require' name='pclmuldq'/> <feature policy='require' name='popcnt'/> <feature policy='require' name='rdtscp'/> <feature policy='require' name='smep'/> <feature policy='require' name='spec-ctrl'/> <feature policy='require' name='sse4.1'/> <feature policy='require' name='sse4.2'/> <feature policy='require' name='ssse3'/> <feature policy='require' name='tsc-deadline'/> <feature policy='require' name='xsave'/> <feature policy='require' name='ss'/> <feature policy='require' name='vme'/> <feature policy='require' name='pat'/> <feature policy='require' name='rdrand'/> <feature policy='require' name='f16c'/> <feature policy='require' name='arat'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='umip'/> <feature policy='require' name='md-clear'/> <feature policy='require' name='stibp'/> <feature policy='require' name='arch-capabilities'/> <feature policy='require' name='ssbd'/> <feature policy='require' name='xsaveopt'/> <feature policy='require' name='pdpe1gb'/> <feature policy='require' name='abm'/> <feature policy='require' name='ibpb'/> <feature policy='require' name='amd-ssbd'/> <feature policy='require' name='skip-l1dfl-vmentry'/> </cpu> The reason is that VMX now is set in subfeatures and therefore even with the same "input" definition the guest looses features. 60a63,68 > tpr_shadow > vnmi > flexpriority > ept > vpid > ept_ad This is just dependent on the userspace stack (qemu upgrade) due to the change: https://git.qemu.org/?p=qemu.git;a=commit;h=0723cc8a5558c94388db75ae1f4991314914edd3 Even the same commandline will deliver different results: Eoan vs Focal E: -cpu qemu64,vmx=on,x2apic=on,hypervisor=on,lahf_lm=on,svm=off,aes=on,avx=on,avx2=on,bmi1=on,bmi2=on,erms=on,fma=on,fsgsbase=on,invpcid=on,movbe=on,pcid=on,pclmuldq=on,popcnt=on,rdtscp=on,smep=on,spec-ctrl=on,sse4.1=on,sse4.2=on,ssse3=on,tsc-deadline=on,xsave=on,ss=on,vme=on,pat=on,rdrand=on,f16c=on,arat=on,tsc_adjust=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaveopt=on,pdpe1gb=on,abm=on,ibpb=on,amd-ssbd=on F: -cpu qemu64,vmx=on,x2apic=on,hypervisor=on,lahf-lm=on,svm=off,aes=on,avx=on,avx2=on,bmi1=on,bmi2=on,erms=on,fma=on,fsgsbase=on,invpcid=on,movbe=on,pcid=on,pclmulqdq=on,popcnt=on,rdtscp=on,smep=on,spec-ctrl=on,sse4.1=on,sse4.2=on,ssse3=on,tsc-deadline=on,xsave=on,ss=on,vme=on,pat=on,rdrand=on,f16c=on,arat=on,tsc-adjust=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaveopt=on,pdpe1gb=on,abm=on,ibpb=on,amd-ssbd=on Just remaining differences: -lahf_lm=on +lahf-lm=on -pclmuldq=on +pclmulqdq=on -tsc_adjust=on +tsc-adjust=on => args renamed But CPU flags change a lot: -tpr_shadow -vnmi -flexpriority -ept -vpid -ept_ad Due to the commit above our old Delta in debian/patches/ubuntu/expose- vmx_qemu64cpu.patch which exposed VMX by default on qemu64 (for ease of use) isn't working as-is anymore. We'll need to accept the degradation (to be closer to upstream) or - this also will be an upgrade regression for some users - fix the bug by changing it to what was added to the kvm64 type in the commit above. + /* VMX features from Cedar Mill/Prescott */ + .features[FEAT_VMX_ENTRY_CTLS] = VMX_VM_ENTRY_IA32E_MODE, + .features[FEAT_VMX_EXIT_CTLS] = VMX_VM_EXIT_ACK_INTR_ON_EXIT, + .features[FEAT_VMX_MISC] = MSR_VMX_MISC_ACTIVITY_HLT, + .features[FEAT_VMX_PINBASED_CTLS] = VMX_PIN_BASED_EXT_INTR_MASK | + VMX_PIN_BASED_NMI_EXITING, + .features[FEAT_VMX_PROCBASED_CTLS] = VMX_CPU_BASED_VIRTUAL_INTR_PENDING | + VMX_CPU_BASED_USE_TSC_OFFSETING | VMX_CPU_BASED_HLT_EXITING | + VMX_CPU_BASED_INVLPG_EXITING | VMX_CPU_BASED_MWAIT_EXITING | + VMX_CPU_BASED_RDPMC_EXITING | VMX_CPU_BASED_RDTSC_EXITING | + VMX_CPU_BASED_CR8_LOAD_EXITING | VMX_CPU_BASED_CR8_STORE_EXITING | + VMX_CPU_BASED_TPR_SHADOW | VMX_CPU_BASED_MOV_DR_EXITING | + VMX_CPU_BASED_UNCOND_IO_EXITING | VMX_CPU_BASED_USE_IO_BITMAPS | + VMX_CPU_BASED_MONITOR_EXITING | VMX_CPU_BASED_PAUSE_EXITING, .xlevel = 0x80000008, .model_id = "Common KVM processor" ** Affects: qemu (Ubuntu) Importance: Undecided Assignee: Christian Ehrhardt (paelzer) Status: Triaged ** Changed in: qemu (Ubuntu) Status: New => Triaged ** Changed in: qemu (Ubuntu) Assignee: (unassigned) => Christian Ehrhardt (paelzer) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1868692 Title: default cpu (qemu64) no more capable of nesting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1868692/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs