New subject: [PATCH] cpu_map: Add more -noTSX x86 CPU models (Sapphire and Granite rapids)

1 Jun 2025

Several Intel CPU models with TSX technology (HLE & RTM features) are
affected by the vulnerability TAA[1]. One of the mitigation methods
for TAA is to disable TSX support on the host system. For that purpose,
in 2021, Intel published a microcode update to disable TSX. Linux kernel
also disables TSX globally by default. Even though TSX can be activated via
the kernel command line (tsx=on), many Linux distributions stick with
this default behavior and have TSX disabled. This makes existing CPU
models that have HLE and RTM enabled not correctly detected by
libvirt.

This commit adds 2 remaining -noTSX models:
- SapphireRapids-noTSX
- GraniteRapids-noTSX

Hopefully, this is the last effort on adding noTSX variants since
Granite Rapids should be the last CPU model to have the TSX feature
and is consequently affected by TAA. Indeed, SierraForest does not
have RTM and HLE enabled.

References:

    [1] TAA, TSX asynchronous Abort:
        https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.h...
---
 src/cpu_map/index.xml                    |   2 +
 src/cpu_map/meson.build                  |   2 +
 src/cpu_map/x86_GraniteRapids-noTSX.xml  | 197 +++++++++++++++++++++++
 src/cpu_map/x86_SapphireRapids-noTSX.xml | 190 ++++++++++++++++++++++
 4 files changed, 391 insertions(+)
 create mode 100644 src/cpu_map/x86_GraniteRapids-noTSX.xml
 create mode 100644 src/cpu_map/x86_SapphireRapids-noTSX.xml

diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml
index 87db338cee..03a2c73ba5 100644
--- a/src/cpu_map/index.xml
+++ b/src/cpu_map/index.xml
@@ -116,10 +116,12 @@
       <include filename='x86_Snowridge-v3.xml'/>
       <include filename='x86_Snowridge-v4.xml'/>
       <include filename='x86_SapphireRapids.xml'/>
+      <include filename='x86_SapphireRapids-noTSX.xml'/>
       <include filename='x86_SapphireRapids-v1.xml'/>
       <include filename='x86_SapphireRapids-v2.xml'/>
       <include filename='x86_SapphireRapids-v3.xml'/>
       <include filename='x86_GraniteRapids.xml'/>
+      <include filename='x86_GraniteRapids-noTSX.xml'/>
       <include filename='x86_GraniteRapids-v1.xml'/>
       <include filename='x86_GraniteRapids-v2.xml'/>
       <include filename='x86_SierraForest.xml'/>
diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build
index dee8441a13..414cad7352 100644
--- a/src/cpu_map/meson.build
+++ b/src/cpu_map/meson.build
@@ -80,6 +80,7 @@ cpumap_data = [
   'x86_features.xml',
   'x86_GraniteRapids-v1.xml',
   'x86_GraniteRapids-v2.xml',
+  'x86_GraniteRapids-noTSX.xml',
   'x86_GraniteRapids.xml',
   'x86_Haswell-IBRS.xml',
   'x86_Haswell-noTSX-IBRS.xml',
@@ -148,6 +149,7 @@ cpumap_data = [
   'x86_SapphireRapids-v1.xml',
   'x86_SapphireRapids-v2.xml',
   'x86_SapphireRapids-v3.xml',
+  'x86_SapphireRapids-noTSX.xml',
   'x86_SapphireRapids.xml',
   'x86_SierraForest-v1.xml',
   'x86_SierraForest.xml',
diff --git a/src/cpu_map/x86_GraniteRapids-noTSX.xml b/src/cpu_map/x86_GraniteRapids-noTSX.xml
new file mode 100644
index 0000000000..085b012f83
--- /dev/null
+++ b/src/cpu_map/x86_GraniteRapids-noTSX.xml
@@ -0,0 +1,197 @@
+<cpus>
+  <model name='GraniteRapids-noTSX'>
+    <check partial='compat'/>
+    <decode host='on' guest='off'/>
+    <signature family='6' model='173'/>
+    <vendor name='Intel'/>
+    <feature name='3dnowprefetch'/>
+    <feature name='abm'/>
+    <feature name='adx'/>
+    <feature name='aes'/>
+    <feature name='amx-bf16'/>
+    <feature name='amx-fp16'/>
+    <feature name='amx-int8'/>
+    <feature name='amx-tile'/>
+    <feature name='apic'/>
+    <feature name='arat'/>
+    <feature name='arch-capabilities'/>
+    <feature name='avx'/>
+    <feature name='avx-vnni'/>
+    <feature name='avx2'/>
+    <feature name='avx512-bf16'/>
+    <feature name='avx512-fp16'/>
+    <feature name='avx512-vpopcntdq'/>
+    <feature name='avx512bitalg'/>
+    <feature name='avx512bw'/>
+    <feature name='avx512cd'/>
+    <feature name='avx512dq'/>
+    <feature name='avx512f'/>
+    <feature name='avx512ifma'/>
+    <feature name='avx512vbmi'/>
+    <feature name='avx512vbmi2'/>
+    <feature name='avx512vl'/>
+    <feature name='avx512vnni'/>
+    <feature name='bmi1'/>
+    <feature name='bmi2'/>
+    <feature name='bus-lock-detect'/>
+    <feature name='clflush'/>
+    <feature name='clflushopt'/>
+    <feature name='clwb'/>
+    <feature name='cmov'/>
+    <feature name='cx16'/>
+    <feature name='cx8'/>
+    <feature name='de'/>
+    <feature name='erms'/>
+    <feature name='f16c'/>
+    <feature name='fbsdp-no'/>
+    <feature name='fma'/>
+    <feature name='fpu'/>
+    <feature name='fsgsbase'/>
+    <feature name='fsrc'/>
+    <feature name='fsrm'/>
+    <feature name='fsrs'/>
+    <feature name='fxsr'/>
+    <feature name='fzrm'/>
+    <feature name='gfni'/>
+    <feature name='ibrs-all'/>
+    <feature name='invpcid'/>
+    <feature name='la57'/>
+    <feature name='lahf_lm'/>
+    <feature name='lm'/>
+    <feature name='mca'/>
+    <feature name='mcdt-no'/>
+    <feature name='mce'/>
+    <feature name='mds-no'/>
+    <feature name='mmx'/>
+    <feature name='movbe'/>
+    <feature name='msr'/>
+    <feature name='mtrr'/>
+    <feature name='nx'/>
+    <feature name='pae'/>
+    <feature name='pat'/>
+    <feature name='pbrsb-no'/>
+    <feature name='pcid'/>
+    <feature name='pclmuldq'/>
+    <feature name='pdpe1gb'/>
+    <feature name='pge'/>
+    <feature name='pku'/>
+    <feature name='pni'/>
+    <feature name='popcnt'/>
+    <feature name='prefetchiti'/>
+    <feature name='pschange-mc-no'/>
+    <feature name='psdp-no'/>
+    <feature name='pse'/>
+    <feature name='pse36'/>
+    <feature name='rdctl-no'/>
+    <feature name='rdpid'/>
+    <feature name='rdrand'/>
+    <feature name='rdseed'/>
+    <feature name='rdtscp'/>
+    <feature name='sbdr-ssdp-no'/>
+    <feature name='sep'/>
+    <feature name='serialize'/>
+    <feature name='sha-ni'/>
+    <feature name='skip-l1dfl-vmentry'/>
+    <feature name='smap'/>
+    <feature name='smep'/>
+    <feature name='spec-ctrl'/>
+    <feature name='ssbd'/>
+    <feature name='sse'/>
+    <feature name='sse2'/>
+    <feature name='sse4.1'/>
+    <feature name='sse4.2'/>
+    <feature name='ssse3'/>
+    <feature name='syscall'/>
+    <feature name='taa-no'/>
+    <feature name='tsc'/>
+    <feature name='tsc-deadline'/>
+    <feature name='tsx-ldtrk'/>
+    <feature name='umip'/>
+    <feature name='vaes'/>
+    <feature name='vme'/>
+    <feature name='vmx-activity-hlt'/>
+    <feature name='vmx-apicv-register'/>
+    <feature name='vmx-apicv-vid'/>
+    <feature name='vmx-apicv-x2apic'/>
+    <feature name='vmx-apicv-xapic'/>
+    <feature name='vmx-cr3-load-noexit'/>
+    <feature name='vmx-cr3-store-noexit'/>
+    <feature name='vmx-cr8-load-exit'/>
+    <feature name='vmx-cr8-store-exit'/>
+    <feature name='vmx-desc-exit'/>
+    <feature name='vmx-entry-ia32e-mode'/>
+    <feature name='vmx-entry-load-efer'/>
+    <feature name='vmx-entry-load-pat'/>
+    <feature name='vmx-entry-load-perf-global-ctrl'/>
+    <feature name='vmx-entry-noload-debugctl'/>
+    <feature name='vmx-ept'/>
+    <feature name='vmx-ept-1gb'/>
+    <feature name='vmx-ept-2mb'/>
+    <feature name='vmx-ept-execonly'/>
+    <feature name='vmx-eptad'/>
+    <feature name='vmx-eptp-switching'/>
+    <feature name='vmx-exit-ack-intr'/>
+    <feature name='vmx-exit-load-efer'/>
+    <feature name='vmx-exit-load-pat'/>
+    <feature name='vmx-exit-load-perf-global-ctrl'/>
+    <feature name='vmx-exit-nosave-debugctl'/>
+    <feature name='vmx-exit-save-efer'/>
+    <feature name='vmx-exit-save-pat'/>
+    <feature name='vmx-exit-save-preemption-timer'/>
+    <feature name='vmx-flexpriority'/>
+    <feature name='vmx-hlt-exit'/>
+    <feature name='vmx-ins-outs'/>
+    <feature name='vmx-intr-exit'/>
+    <feature name='vmx-invept'/>
+    <feature name='vmx-invept-all-context'/>
+    <feature name='vmx-invept-single-context'/>
+    <feature name='vmx-invlpg-exit'/>
+    <feature name='vmx-invpcid-exit'/>
+    <feature name='vmx-invvpid'/>
+    <feature name='vmx-invvpid-all-context'/>
+    <feature name='vmx-invvpid-single-addr'/>
+    <feature name='vmx-invvpid-single-context-noglobals'/>
+    <feature name='vmx-io-bitmap'/>
+    <feature name='vmx-io-exit'/>
+    <feature name='vmx-monitor-exit'/>
+    <feature name='vmx-movdr-exit'/>
+    <feature name='vmx-msr-bitmap'/>
+    <feature name='vmx-mtf'/>
+    <feature name='vmx-mwait-exit'/>
+    <feature name='vmx-nmi-exit'/>
+    <feature name='vmx-page-walk-4'/>
+    <feature name='vmx-page-walk-5'/>
+    <feature name='vmx-pause-exit'/>
+    <feature name='vmx-pml'/>
+    <feature name='vmx-posted-intr'/>
+    <feature name='vmx-preemption-timer'/>
+    <feature name='vmx-rdpmc-exit'/>
+    <feature name='vmx-rdrand-exit'/>
+    <feature name='vmx-rdseed-exit'/>
+    <feature name='vmx-rdtsc-exit'/>
+    <feature name='vmx-rdtscp-exit'/>
+    <feature name='vmx-secondary-ctls'/>
+    <feature name='vmx-shadow-vmcs'/>
+    <feature name='vmx-store-lma'/>
+    <feature name='vmx-true-ctls'/>
+    <feature name='vmx-tsc-offset'/>
+    <feature name='vmx-unrestricted-guest'/>
+    <feature name='vmx-vintr-pending'/>
+    <feature name='vmx-vmfunc'/>
+    <feature name='vmx-vmwrite-vmexit-fields'/>
+    <feature name='vmx-vnmi'/>
+    <feature name='vmx-vnmi-pending'/>
+    <feature name='vmx-vpid'/>
+    <feature name='vmx-wbinvd-exit'/>
+    <feature name='vmx-xsaves'/>
+    <feature name='vpclmulqdq'/>
+    <feature name='wbnoinvd'/>
+    <feature name='x2apic'/>
+    <feature name='xfd'/>
+    <feature name='xgetbv1'/>
+    <feature name='xsave'/>
+    <feature name='xsavec'/>
+    <feature name='xsaveopt'/>
+    <feature name='xsaves'/>
+  </model>
+</cpus>
diff --git a/src/cpu_map/x86_SapphireRapids-noTSX.xml b/src/cpu_map/x86_SapphireRapids-noTSX.xml
new file mode 100644
index 0000000000..de56826741
--- /dev/null
+++ b/src/cpu_map/x86_SapphireRapids-noTSX.xml
@@ -0,0 +1,190 @@
+<cpus>
+  <model name='SapphireRapids-noTSX'>
+    <check partial='compat'/>
+    <decode host='on' guest='off'/>
+    <signature family='6' model='143'/>
+    <vendor name='Intel'/>
+    <feature name='3dnowprefetch'/>
+    <feature name='abm'/>
+    <feature name='adx'/>
+    <feature name='aes'/>
+    <feature name='amx-bf16'/>
+    <feature name='amx-int8'/>
+    <feature name='amx-tile'/>
+    <feature name='apic'/>
+    <feature name='arat'/>
+    <feature name='arch-capabilities'/>
+    <feature name='avx'/>
+    <feature name='avx-vnni'/>
+    <feature name='avx2'/>
+    <feature name='avx512-bf16'/>
+    <feature name='avx512-fp16'/>
+    <feature name='avx512-vpopcntdq'/>
+    <feature name='avx512bitalg'/>
+    <feature name='avx512bw'/>
+    <feature name='avx512cd'/>
+    <feature name='avx512dq'/>
+    <feature name='avx512f'/>
+    <feature name='avx512ifma'/>
+    <feature name='avx512vbmi'/>
+    <feature name='avx512vbmi2'/>
+    <feature name='avx512vl'/>
+    <feature name='avx512vnni'/>
+    <feature name='bmi1'/>
+    <feature name='bmi2'/>
+    <feature name='bus-lock-detect'/>
+    <feature name='clflush'/>
+    <feature name='clflushopt'/>
+    <feature name='clwb'/>
+    <feature name='cmov'/>
+    <feature name='cx16'/>
+    <feature name='cx8'/>
+    <feature name='de'/>
+    <feature name='erms'/>
+    <feature name='f16c'/>
+    <feature name='fma'/>
+    <feature name='fpu'/>
+    <feature name='fsgsbase'/>
+    <feature name='fsrc'/>
+    <feature name='fsrm'/>
+    <feature name='fsrs'/>
+    <feature name='fxsr'/>
+    <feature name='fzrm'/>
+    <feature name='gfni'/>
+    <feature name='ibrs-all'/>
+    <feature name='invpcid'/>
+    <feature name='la57'/>
+    <feature name='lahf_lm'/>
+    <feature name='lm'/>
+    <feature name='mca'/>
+    <feature name='mce'/>
+    <feature name='mds-no'/>
+    <feature name='mmx'/>
+    <feature name='movbe'/>
+    <feature name='msr'/>
+    <feature name='mtrr'/>
+    <feature name='nx'/>
+    <feature name='pae'/>
+    <feature name='pat'/>
+    <feature name='pcid'/>
+    <feature name='pclmuldq'/>
+    <feature name='pdpe1gb'/>
+    <feature name='pge'/>
+    <feature name='pku'/>
+    <feature name='pni'/>
+    <feature name='popcnt'/>
+    <feature name='pschange-mc-no'/>
+    <feature name='pse'/>
+    <feature name='pse36'/>
+    <feature name='rdctl-no'/>
+    <feature name='rdpid'/>
+    <feature name='rdrand'/>
+    <feature name='rdseed'/>
+    <feature name='rdtscp'/>
+    <feature name='sep'/>
+    <feature name='serialize'/>
+    <feature name='sha-ni'/>
+    <feature name='skip-l1dfl-vmentry'/>
+    <feature name='smap'/>
+    <feature name='smep'/>
+    <feature name='spec-ctrl'/>
+    <feature name='ssbd'/>
+    <feature name='sse'/>
+    <feature name='sse2'/>
+    <feature name='sse4.1'/>
+    <feature name='sse4.2'/>
+    <feature name='ssse3'/>
+    <feature name='syscall'/>
+    <feature name='taa-no'/>
+    <feature name='tsc'/>
+    <feature name='tsc-deadline'/>
+    <feature name='tsx-ldtrk'/>
+    <feature name='umip'/>
+    <feature name='vaes'/>
+    <feature name='vme'/>
+    <feature name='vmx-activity-hlt' added='yes'/>
+    <feature name='vmx-apicv-register' added='yes'/>
+    <feature name='vmx-apicv-vid' added='yes'/>
+    <feature name='vmx-apicv-x2apic' added='yes'/>
+    <feature name='vmx-apicv-xapic' added='yes'/>
+    <feature name='vmx-cr3-load-noexit' added='yes'/>
+    <feature name='vmx-cr3-store-noexit' added='yes'/>
+    <feature name='vmx-cr8-load-exit' added='yes'/>
+    <feature name='vmx-cr8-store-exit' added='yes'/>
+    <feature name='vmx-desc-exit' added='yes'/>
+    <feature name='vmx-entry-ia32e-mode' added='yes'/>
+    <feature name='vmx-entry-load-efer' added='yes'/>
+    <feature name='vmx-entry-load-pat' added='yes'/>
+    <feature name='vmx-entry-load-perf-global-ctrl' added='yes'/>
+    <feature name='vmx-entry-noload-debugctl' added='yes'/>
+    <feature name='vmx-ept' added='yes'/>
+    <feature name='vmx-ept-1gb' added='yes'/>
+    <feature name='vmx-ept-2mb' added='yes'/>
+    <feature name='vmx-ept-execonly' added='yes'/>
+    <feature name='vmx-eptad' added='yes'/>
+    <feature name='vmx-eptp-switching' added='yes'/>
+    <feature name='vmx-exit-ack-intr' added='yes'/>
+    <feature name='vmx-exit-load-efer' added='yes'/>
+    <feature name='vmx-exit-load-pat' added='yes'/>
+    <feature name='vmx-exit-load-perf-global-ctrl' added='yes'/>
+    <feature name='vmx-exit-nosave-debugctl' added='yes'/>
+    <feature name='vmx-exit-save-efer' added='yes'/>
+    <feature name='vmx-exit-save-pat' added='yes'/>
+    <feature name='vmx-exit-save-preemption-timer' added='yes'/>
+    <feature name='vmx-flexpriority' added='yes'/>
+    <feature name='vmx-hlt-exit' added='yes'/>
+    <feature name='vmx-ins-outs' added='yes'/>
+    <feature name='vmx-intr-exit' added='yes'/>
+    <feature name='vmx-invept' added='yes'/>
+    <feature name='vmx-invept-all-context' added='yes'/>
+    <feature name='vmx-invept-single-context' added='yes'/>
+    <feature name='vmx-invlpg-exit' added='yes'/>
+    <feature name='vmx-invpcid-exit' added='yes'/>
+    <feature name='vmx-invvpid' added='yes'/>
+    <feature name='vmx-invvpid-all-context' added='yes'/>
+    <feature name='vmx-invvpid-single-addr' added='yes'/>
+    <feature name='vmx-invvpid-single-context-noglobals' added='yes'/>
+    <feature name='vmx-io-bitmap' added='yes'/>
+    <feature name='vmx-io-exit' added='yes'/>
+    <feature name='vmx-monitor-exit' added='yes'/>
+    <feature name='vmx-movdr-exit' added='yes'/>
+    <feature name='vmx-msr-bitmap' added='yes'/>
+    <feature name='vmx-mtf' added='yes'/>
+    <feature name='vmx-mwait-exit' added='yes'/>
+    <feature name='vmx-nmi-exit' added='yes'/>
+    <feature name='vmx-page-walk-4' added='yes'/>
+    <feature name='vmx-page-walk-5' added='yes'/>
+    <feature name='vmx-pause-exit' added='yes'/>
+    <feature name='vmx-pml' added='yes'/>
+    <feature name='vmx-posted-intr' added='yes'/>
+    <feature name='vmx-preemption-timer' added='yes'/>
+    <feature name='vmx-rdpmc-exit' added='yes'/>
+    <feature name='vmx-rdrand-exit' added='yes'/>
+    <feature name='vmx-rdseed-exit' added='yes'/>
+    <feature name='vmx-rdtsc-exit' added='yes'/>
+    <feature name='vmx-rdtscp-exit' added='yes'/>
+    <feature name='vmx-secondary-ctls' added='yes'/>
+    <feature name='vmx-shadow-vmcs' added='yes'/>
+    <feature name='vmx-store-lma' added='yes'/>
+    <feature name='vmx-true-ctls' added='yes'/>
+    <feature name='vmx-tsc-offset' added='yes'/>
+    <feature name='vmx-unrestricted-guest' added='yes'/>
+    <feature name='vmx-vintr-pending' added='yes'/>
+    <feature name='vmx-vmfunc' added='yes'/>
+    <feature name='vmx-vmwrite-vmexit-fields' added='yes'/>
+    <feature name='vmx-vnmi' added='yes'/>
+    <feature name='vmx-vnmi-pending' added='yes'/>
+    <feature name='vmx-vpid' added='yes'/>
+    <feature name='vmx-wbinvd-exit' added='yes'/>
+    <feature name='vmx-xsaves' added='yes'/>
+    <feature name='vpclmulqdq'/>
+    <feature name='wbnoinvd'/>
+    <feature name='x2apic'/>
+    <feature name='xfd'/>
+    <feature name='xgetbv1'/>
+    <feature name='xsave'/>
+    <feature name='xsavec'/>
+    <feature name='xsaveopt'/>
+    <feature name='xsaves'/>
+  </model>
+</cpus>
-- 
2.45.2

    

[PATCH] cpu_map: Add more -noTSX x86 CPU models (Sapphire and Granite rapids)

Hector Cao

Jiri Denemark

Hector Cao

Jiří Denemark

Hector Cao

Jiří Denemark

Hector Cao

Jiří Denemark

tags

participants (3)