Re: [PATCH] cpu_map: Add -noMPX models for x86 Icelake Server

On Wed, Dec 07, 2022 at 10:23:17AM -0700, Lena Voytek wrote: > Hello all, > > Over the past few months there have been a few more reports of > users unable > to use Openstack Nova on their Icelake CPU. Updating virsh > capabilities to > properly display that mpx is unavailable fixes it. Is there an > ideal way to > update this change such that it gets accepted into libvirt? I'm just curious if you tried deploying instances by explicitly disbaling the "mpx" flag on the compute nodes:     [libvirt]     cpu_mode = custom     cpu_models = Icelake-Server     cpu_model_extra_flags = -mpx

(As Jiri points out an additional complication elsewhere in this thread, apparently Intel disabled "mpx" only on 10nm CPUs, while 14nm CPUs of the same generation still retain it.) And this was the decision[1] that Daniel was pointing out about QEMU's decision to not include more named CPU models with specific flags enabled or disabled:     "[...] Then a recently along came the Speculative Store Bypass     hardware vulnerability requiring addition of yet another CPU flag to     guest configs. This required use of 'ssbd' on Intel and 'virt- ssbd'     on AMD.  While QEMU could have now added yet more CPU models, eg     Westmere-SSBD, this does not feel like a winning strategy long term.     Looking at the models how would a user have any clue whether the     -IBRS or -SSBD or -NEXT-FLAW or -YET-ANOTHER-FLAW suffix is "better"     ? So QEMU and libvirt took the joint decision to stop adding new     named CPU models when CPU vulnerabilities are discovered from this     point forwards. Applications / users would be expected to turn on     CPU features explicitly as needed and are considered broken if they     don't provide this functionality." [1] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg08422.html [...]