On Wed, Feb 14, 2024 at 02:16:58PM +0100, Jiri Denemark wrote:
On Wed, Feb 14, 2024 at 13:23:09 +0100, Tim Wiederhake wrote:
> On Wed, 2024-02-14 at 12:39 +0100, Jiri Denemark wrote:
> > On Wed, Feb 14, 2024 at 12:07:46 +0100, Michal Prívozník wrote:
> > > On 2/9/24 11:52, Tim Wiederhake wrote:
> > > > The mpx feature was removed from the corresponding qemu cpu
> > > > models.
> > > > With mpx in the libvirt cpu models, libvirt believes the feature
> > > > to be implicitly enabled when creating qemu VMs, while in fact it
> > > > is
> > > > disabled.
> > > >
> > > > This became an issue when commit 94eacd5a5f introduced new vmx-*
> > > > features, of which some are dependent on mpx (see
> > > > "feature_dependencies"
> > > > table in qemu target/i386/cpu.c), e.g. vmx-exit-clear-bndcfgs and
> > > > vmx-entry-load-bndcfgs. These features cannot be enabled by qemu
> > > > without also mpx being enabled, leading to the error message
> > > >
> > > > error: Failed to create domain from testdomain.xml
> > > > error: operation failed: guest CPU doesn't match
> > > > specification: missing features: mpx,vmx-exit-clear-bndcfgs,
> > > > vmx-entry-load-bndcfgs
> > > >
> > > > when trying to create a VM with a "host-model" cpu on a
host that
> > > > does support mpx and the mentioned vmx-* features:
> > > >
> > > > <domain>
> > > > ...
> > > > <cpu mode='host-model' check='full' />
> > > > ...
> > > > </domain>
> > > >
> > > > Resolve the issue by removing mpx from libvirt's cpu models as
> > > > well.
> > >
> > > Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
> >
> > Hold on. I was trying to think whether this is safe for migrations,
> > but
> > have to act fast now. Could you please explain in the commit message
> > that nothing breaks during migration no matter what CPU configuration
> > is
> > used in a domain XML when migrating between all combinations of
> > libvirt
> > with/without this change? In case some configurations would be
> > refused
> > we need to make sure those are impossible to hit in real world.
> >
> > Jirka
>
> My knowledge about migration is limited, hence I am hesitant to make
> factual claims. That being said, my understanding is that by requesting
> e.g. a Skylake-Client cpu 'mpx' was never actually enabled in the VM as
> qemu's version of the same cpu model did not include that feature.
Well, if our CPU model has mpx than QEMU must have had it too at some
point. The question is whether it was ever released. And also whether
the feature could have ever been enabled in any running domain or trying
to enable it caused the domain to fail to start anyway.
QEMU CPUs originally had 'mpx', and it was later turned off by
a 4.0 machine type versions.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|