On Sat, Sep 28, 2013 at 12:49:04PM +0200, Borislav Petkov wrote:
On Fri, Sep 27, 2013 at 11:21:34AM -0300, Eduardo Habkost wrote:
The problem here is that "requested_features" doesn't include just the explicit "+flag" flags, but any flag included in the CPU model definition. See the "-cpu n270" example below.
Oh, you mean if requested_features would contain a flag included from the CPU model definition - a flag which we haven't requested explicitly - and if kvm emulates that flag, then it will get enabled?
Exactly. The code needs to filter/check all feature bits on the CPU, not just the ones requested explicitly in the command-line. [...]
[1] Maybe one source of confusion is that the existing code have two feature-filtering functions doing basically the same thing: filter_features_for_kvm() and kvm_check_features_against_host(). That's
Yes, and the first gets executed unconditionally and does the feature filtering, right after the second has run in the kvm_enabled() branch.
This should be fixed, too: eventually "enforce" should work on TCG mode as well.
something we must clean up, and they should be unified. "enforce" should become synonymous to "make sure filtered_features is all zeroes". This way, libvirt can emulate what 'enforce" does while being able to collect detailed error information (which is not easy to do if QEMU simply aborts).
Ok, maybe someone who's more knowledgeable with this code should do it - not me :)
I have added it to my TODO-list. :-)
Also, there's another aspect, while we're here: now that QEMU emulates MOVBE with TCG too, how do we specify on the command line, which emulation should be used - kvm.ko or QEMU?
You can use accel={tcg,kvm} option on the "-machine" argument, e.g. "-machine pc,accel=kvm". Or the "-enable-kvm" option. -- Eduardo