From: David Hildenbrand <david@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: Thomas Huth <thuth@redhat.com>,
Janosch Frank <frankja@linux.ibm.com>,
Cornelia Huck <cohuck@redhat.com>,
qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Igor Mammedov <imammedo@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jiri Denemark <jdenemar@redhat.com>,
Richard Henderson <rth@twiddle.net>,
Eduardo Habkost <ehabkost@redhat.com>
Subject: Re: [PATCH 0/7] i386: Add `machine` parameter to query-cpu-definitions
Date: Fri, 25 Oct 2019 16:23:59 +0200 [thread overview]
Message-ID: <7a29438c-572d-5a26-a14f-717a177af4d1@redhat.com> (raw)
In-Reply-To: <20191025140310.GB3581@redhat.com>
>>> For example
>>> -machine s390-virtio-ccw-3.1 -cpu z14 will not have the multiple epoch facility
>>> and
>>> -machine s390-virtio-ccw-4.0 -cpu z14 will have the multiple epoch facility.
>>> As migration does always require the tuple of machine and cpu this is save. I fail
>>> to see what the benefit of an explicit z14-3.1 would be.
>>>
>>
>> AFAIKS the only real benefit of versioned CPU models is that you can add new
>> CPU model versions without new QEMU version.
>
> This is very important for backporting CPU security fixes to existing QEMU
> releases.
I'd say it's not really relevant for backporting per se. It's relevant
for automatically enabling security fixes when not using the host model.
That part I understand. Less likely to make mistakes when explicitly
specifying CPU models.
I once was told that if a user actually specified an explicit CPU model
in the libvirt XML ("haswell-whatever"), you should not go ahead and
make any later changes to that model (guest ABI should not change when
you update/restart the guest ...). So this only applies when creating
new guests? Or will you change existing model definitions implicitly?
>
>>
>> Then you can specify "-cpu z13-vX" or "-cpu z13 -cpuv X" (no idea how
>> versioned CPU model were implemented) on any QEMU machine. Which is the same
>> as telling your customer "please use z13,featX=on" in case you have a good
>> reason to not use the host model (along with baselining) but use an explicit
>> model.
>>
>> If you can change the default model of QEMU machines, you can automate this
>> process. I am pretty sure this is a corner case, though (e.g., IBRS).
>> Usually you have a new QEMU machine and can simply enable the new feature
>> from that point on.
>
> There are now 4 Haswell variants, only some of which are runnable
> on any given host, depending on what microcode the user has installed
> or what particular Haswell silicon SKU the user purchased. Given the
> frequency of new CPU flaws arrived since the first Meltdown/Spectre,
> this isn't a corner case, at least for the x86 world & Intel in
> particular. Other arches/vendors haven't been quite so badly affected
> in this way.
On s390x you can assume that such firmware/microcode updates will be on
any machine after some time. That is a big difference to x86-64 AFAIK.
>
> If we tied each new Haswell variant to a machine type, then users would
> be blocked from consuming a new machine type depending on runnability of
> the CPU model. This is not at all desirable, as mgmt apps now have complex
> rules on what machine type they can use.
So you actually want different CPU variants, which you have already,
just in a different form. (e.g., "haswell" will be mapped to
"haswell-whatever", just differently via versions)
>
> When dealing with backporting patches for new CPU hardware flaws, the
> new CPU features are backported to many old QEMU versions. The new
> machine types are not backportable.
That part I understand.
>
> Both these called for making CPU versioning independant of machine
> type versioning.
>
> Essentially the goal with CPU versioning is that the user can request
> a bare "Haswell" and libvirt (or the mgmt app) will automatically
> expand this to the best Haswell version that the host is able to
> support with its CPUs / microcode / BIOS config combination.
So if I do a "-cpu haswell -M whatever-machine", as far as I understood
reading this, I get the "default CPU model alias for that QEMU machine"
and *not* the "best Haswell version that the host is able to support".
Or does the default actually also depend on the current host?
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2019-10-25 14:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 2:25 [PATCH 0/7] i386: Add `machine` parameter to query-cpu-definitions Eduardo Habkost
2019-10-25 2:25 ` [PATCH 1/7] i386: Use g_autofree at x86_cpu_list_entry() Eduardo Habkost
2019-10-25 2:25 ` [PATCH 2/7] i386: Add default_version parameter to CPU version functions Eduardo Habkost
2019-10-25 2:25 ` [PATCH 3/7] i386: Don't use default_cpu_version at "-cpu help" Eduardo Habkost
2019-10-25 2:25 ` [PATCH 4/7] machine: machine_find_class() function Eduardo Habkost
2019-10-25 2:25 ` [PATCH 5/7] i386: Remove x86_cpu_set_default_version() function Eduardo Habkost
2019-10-25 2:25 ` [PATCH 6/7] i386: Don't use default_cpu_version() inside query-cpu-definitions Eduardo Habkost
2019-10-25 2:25 ` [PATCH 7/7] cpu: Add `machine` parameter to query-cpu-definitions Eduardo Habkost
2019-10-25 6:36 ` Markus Armbruster
2019-10-25 13:22 ` Eduardo Habkost
2019-10-25 7:17 ` [PATCH 0/7] i386: " David Hildenbrand
2019-10-25 7:55 ` Christian Borntraeger
2019-10-25 8:02 ` David Hildenbrand
2019-10-25 13:49 ` Eduardo Habkost
2019-10-25 14:03 ` Daniel P. Berrangé
2019-10-25 14:23 ` David Hildenbrand [this message]
2019-10-25 15:00 ` Daniel P. Berrangé
2019-10-25 17:19 ` David Hildenbrand
2019-10-25 13:38 ` Eduardo Habkost
2019-10-25 14:10 ` David Hildenbrand
2019-10-25 19:02 ` no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a29438c-572d-5a26-a14f-717a177af4d1@redhat.com \
--to=david@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=ehabkost@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=imammedo@redhat.com \
--cc=jdenemar@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.