1QEMU-CPU-MODELS.7(7)                                      QEMU-CPU-MODELS.7(7)
2
3
4

NAME

6       qemu-cpu-models - QEMU / KVM CPU model configuration
7

SYNOPSIS

9       QEMU / KVM CPU model configuration
10

DESCRIPTION

12       QEMU / KVM virtualization supports two ways to configure CPU models
13
14       Host passthrough
15           This passes the host CPU model features, model, stepping, exactly
16           to the guest. Note that KVM may filter out some host CPU model
17           features if they cannot be supported with virtualization. Live
18           migration is unsafe when this mode is used as libvirt / QEMU cannot
19           guarantee a stable CPU is exposed to the guest across hosts. This
20           is the recommended CPU to use, provided live migration is not
21           required.
22
23       Named model
24           QEMU comes with a number of predefined named CPU models, that
25           typically refer to specific generations of hardware released by
26           Intel and AMD.  These allow the guest VMs to have a degree of
27           isolation from the host CPU, allowing greater flexibility in live
28           migrating between hosts with differing hardware.
29
30       In both cases, it is possible to optionally add or remove individual
31       CPU features, to alter what is presented to the guest by default.
32
33       Libvirt supports a third way to configure CPU models known as "Host
34       model".  This uses the QEMU "Named model" feature, automatically
35       picking a CPU model that is similar the host CPU, and then adding extra
36       features to approximate the host model as closely as possible. This
37       does not guarantee the CPU family, stepping, etc will precisely match
38       the host CPU, as they would with "Host passthrough", but gives much of
39       the benefit of passthrough, while making live migration safe.
40
41       Recommendations for KVM CPU model configuration on x86 hosts
42
43       The information that follows provides recommendations for configuring
44       CPU models on x86 hosts. The goals are to maximise performance, while
45       protecting guest OS against various CPU hardware flaws, and optionally
46       enabling live migration between hosts with hetergeneous CPU models.
47
48       Preferred CPU models for Intel x86 hosts
49
50       The following CPU models are preferred for use on Intel hosts.
51       Administrators / applications are recommended to use the CPU model that
52       matches the generation of the host CPUs in use. In a deployment with a
53       mixture of host CPU models between machines, if live migration
54       compatibility is required, use the newest CPU model that is compatible
55       across all desired hosts.
56
57       "Skylake-Server"
58       "Skylake-Server-IBRS"
59           Intel Xeon Processor (Skylake, 2016)
60
61       "Skylake-Client"
62       "Skylake-Client-IBRS"
63           Intel Core Processor (Skylake, 2015)
64
65       "Broadwell"
66       "Broadwell-IBRS"
67       "Broadwell-noTSX"
68       "Broadwell-noTSX-IBRS"
69           Intel Core Processor (Broadwell, 2014)
70
71       "Haswell"
72       "Haswell-IBRS"
73       "Haswell-noTSX"
74       "Haswell-noTSX-IBRS"
75           Intel Core Processor (Haswell, 2013)
76
77       "IvyBridge"
78       "IvyBridge-IBRS"
79           Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
80
81       "SandyBridge"
82       "SandyBridge-IBRS"
83           Intel Xeon E312xx (Sandy Bridge, 2011)
84
85       "Westmere"
86       "Westmere-IBRS"
87           Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
88
89       "Nehalem"
90       "Nehalem-IBRS"
91           Intel Core i7 9xx (Nehalem Class Core i7, 2008)
92
93       "Penryn"
94           Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
95
96       "Conroe"
97           Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
98
99       Important CPU features for Intel x86 hosts
100
101       The following are important CPU features that should be used on Intel
102       x86 hosts, when available in the host CPU. Some of them require
103       explicit configuration to enable, as they are not included by default
104       in some, or all, of the named CPU models listed above. In general all
105       of these features are included if using "Host passthrough" or "Host
106       model".
107
108       "pcid"
109           Recommended to mitigate the cost of the Meltdown (CVE-2017-5754)
110           fix
111
112           Included by default in Haswell, Broadwell & Skylake Intel CPU
113           models.
114
115           Should be explicitly turned on for Westmere, SandyBridge, and
116           IvyBridge Intel CPU models. Note that some desktop/mobile Westmere
117           CPUs cannot support this feature.
118
119       "spec-ctrl"
120           Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715)
121           fix, in cases where retpolines are not sufficient.
122
123           Included by default in Intel CPU models with -IBRS suffix.
124
125           Must be explicitly turned on for Intel CPU models without -IBRS
126           suffix.
127
128           Requires the host CPU microcode to support this feature before it
129           can be used for guest CPUs.
130
131       "ssbd"
132           Required to enable the CVE-2018-3639 fix
133
134           Not included by default in any Intel CPU model.
135
136           Must be explicitly turned on for all Intel CPU models.
137
138           Requires the host CPU microcode to support this feature before it
139           can be used for guest CPUs.
140
141       "pdpe1gb"
142           Recommended to allow guest OS to use 1GB size pages
143
144           Not included by default in any Intel CPU model.
145
146           Should be explicitly turned on for all Intel CPU models.
147
148           Note that not all CPU hardware will support this feature.
149
150       Preferred CPU models for AMD x86 hosts
151
152       The following CPU models are preferred for use on Intel hosts.
153       Administrators / applications are recommended to use the CPU model that
154       matches the generation of the host CPUs in use. In a deployment with a
155       mixture of host CPU models between machines, if live migration
156       compatibility is required, use the newest CPU model that is compatible
157       across all desired hosts.
158
159       "EPYC"
160       "EPYC-IBPB"
161           AMD EPYC Processor (2017)
162
163       "Opteron_G5"
164           AMD Opteron 63xx class CPU (2012)
165
166       "Opteron_G4"
167           AMD Opteron 62xx class CPU (2011)
168
169       "Opteron_G3"
170           AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
171
172       "Opteron_G2"
173           AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
174
175       "Opteron_G1"
176           AMD Opteron 240 (Gen 1 Class Opteron, 2004)
177
178       Important CPU features for AMD x86 hosts
179
180       The following are important CPU features that should be used on AMD x86
181       hosts, when available in the host CPU. Some of them require explicit
182       configuration to enable, as they are not included by default in some,
183       or all, of the named CPU models listed above. In general all of these
184       features are included if using "Host passthrough" or "Host model".
185
186       "ibpb"
187           Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715)
188           fix, in cases where retpolines are not sufficient.
189
190           Included by default in AMD CPU models with -IBPB suffix.
191
192           Must be explicitly turned on for AMD CPU models without -IBPB
193           suffix.
194
195           Requires the host CPU microcode to support this feature before it
196           can be used for guest CPUs.
197
198       "virt-ssbd"
199           Required to enable the CVE-2018-3639 fix
200
201           Not included by default in any AMD CPU model.
202
203           Must be explicitly turned on for all AMD CPU models.
204
205           This should be provided to guests, even if amd-ssbd is also
206           provided, for maximum guest compatibility.
207
208           Note for some QEMU / libvirt versions, this must be force enabled
209           when when using "Host model", because this is a virtual feature
210           that doesn't exist in the physical host CPUs.
211
212       "amd-ssbd"
213           Required to enable the CVE-2018-3639 fix
214
215           Not included by default in any AMD CPU model.
216
217           Must be explicitly turned on for all AMD CPU models.
218
219           This provides higher performance than virt-ssbd so should be
220           exposed to guests whenever available in the host. virt-ssbd should
221           none the less also be exposed for maximum guest compatability as
222           some kernels only know about virt-ssbd.
223
224       "amd-no-ssb"
225           Recommended to indicate the host is not vulnerable CVE-2018-3639
226
227           Not included by default in any AMD CPU model.
228
229           Future hardware genarations of CPU will not be vulnerable to
230           CVE-2018-3639, and thus the guest should be told not to enable its
231           mitigations, by exposing amd-no-ssb. This is mutually exclusive
232           with virt-ssbd and amd-ssbd.
233
234       "pdpe1gb"
235           Recommended to allow guest OS to use 1GB size pages
236
237           Not included by default in any AMD CPU model.
238
239           Should be explicitly turned on for all AMD CPU models.
240
241           Note that not all CPU hardware will support this feature.
242
243       Default x86 CPU models
244
245       The default QEMU CPU models are designed such that they can run on all
246       hosts.  If an application does not wish to do perform any host
247       compatibility checks before launching guests, the default is guaranteed
248       to work.
249
250       The default CPU models will, however, leave the guest OS vulnerable to
251       various CPU hardware flaws, so their use is strongly discouraged.
252       Applications should follow the earlier guidance to setup a better CPU
253       configuration, with host passthrough recommended if live migration is
254       not needed.
255
256       "qemu32"
257       "qemu64"
258           QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
259
260           qemu64 is used for x86_64 guests and qemu32 is used for i686
261           guests, when no -cpu argument is given to QEMU, or no <cpu> is
262           provided in libvirt XML.
263
264       Other non-recommended x86 CPUs
265
266       The following CPUs models are compatible with most AMD and Intel x86
267       hosts, but their usage is discouraged, as they expose a very limited
268       featureset, which prevents guests having optimal performance.
269
270       "kvm32"
271       "kvm64"
272           Common KVM processor (32 & 64 bit variants)
273
274           Legacy models just for historical compatibility with ancient QEMU
275           versions.
276
277       486
278       "athlon"
279       "phenom"
280       "coreduo"
281       "core2duo"
282       "n270"
283       "pentium"
284       "pentium2"
285       "pentium3"
286           Various very old x86 CPU models, mostly predating the introduction
287           of hardware assisted virtualization, that should thus not be
288           required for running virtual machines.
289
290       Syntax for configuring CPU models
291
292       The example below illustrate the approach to configuring the various
293       CPU models / features in QEMU and libvirt
294
295       QEMU command line
296
297       Host passthrough
298                      $ qemu-system-x86_64 -cpu host
299
300           With feature customization:
301
302                      $ qemu-system-x86_64 -cpu host,-vmx,...
303
304       Named CPU models
305                      $ qemu-system-x86_64 -cpu Westmere
306
307           With feature customization:
308
309                      $ qemu-system-x86_64 -cpu Westmere,+pcid,...
310
311       Libvirt guest XML
312
313       Host passthrough
314                      <cpu mode='host-passthrough'/>
315
316           With feature customization:
317
318                      <cpu mode='host-passthrough'>
319                          <feature name="vmx" policy="disable"/>
320                          ...
321                      </cpu>
322
323       Host model
324                      <cpu mode='host-model'/>
325
326           With feature customization:
327
328                      <cpu mode='host-model'>
329                          <feature name="vmx" policy="disable"/>
330                          ...
331                      </cpu>
332
333       Named model
334                      <cpu mode='custom'>
335                          <model name="Westmere"/>
336                      </cpu>
337
338           With feature customization:
339
340                      <cpu mode='custom'>
341                          <model name="Westmere"/>
342                          <feature name="pcid" policy="require"/>
343                          ...
344                      </cpu>
345

SEE ALSO

347       The HTML documentation of QEMU for more precise information and Linux
348       user mode emulator invocation.
349

AUTHOR

351       Daniel P. Berrange
352
353
354
355                                  2019-05-14              QEMU-CPU-MODELS.7(7)
Impressum