1QEMU-CPU-MODELS.7(7) QEMU-CPU-MODELS.7(7)
2
6 qemu-cpu-models - QEMU / KVM CPU model configuration
7
9 QEMU / KVM CPU model configuration
10
12 QEMU / KVM virtualization supports two ways to configure CPU models
13 Host passthrough
15 This passes the host CPU model features, model, stepping, exactly
16 to the guest. Note that KVM may filter out some host CPU model
17 features if they cannot be supported with virtualization. Live
18 migration is unsafe when this mode is used as libvirt / QEMU cannot
19 guarantee a stable CPU is exposed to the guest across hosts. This
20 is the recommended CPU to use, provided live migration is not
21 required.
22 Named model
24 QEMU comes with a number of predefined named CPU models, that
25 typically refer to specific generations of hardware released by
26 Intel and AMD. These allow the guest VMs to have a degree of
27 isolation from the host CPU, allowing greater flexibility in live
28 migrating between hosts with differing hardware.
29 In both cases, it is possible to optionally add or remove individual
31 CPU features, to alter what is presented to the guest by default.
32 Libvirt supports a third way to configure CPU models known as "Host
34 model". This uses the QEMU "Named model" feature, automatically
35 picking a CPU model that is similar the host CPU, and then adding extra
36 features to approximate the host model as closely as possible. This
37 does not guarantee the CPU family, stepping, etc will precisely match
38 the host CPU, as they would with "Host passthrough", but gives much of
39 the benefit of passthrough, while making live migration safe.
40 Recommendations for KVM CPU model configuration on x86 hosts
42 The information that follows provides recommendations for configuring
44 CPU models on x86 hosts. The goals are to maximise performance, while
45 protecting guest OS against various CPU hardware flaws, and optionally
46 enabling live migration between hosts with heterogeneous CPU models.
47 Preferred CPU models for Intel x86 hosts
49 The following CPU models are preferred for use on Intel hosts.
51 Administrators / applications are recommended to use the CPU model that
52 matches the generation of the host CPUs in use. In a deployment with a
53 mixture of host CPU models between machines, if live migration
54 compatibility is required, use the newest CPU model that is compatible
55 across all desired hosts.
56 "Skylake-Server"
58 "Skylake-Server-IBRS"
59 Intel Xeon Processor (Skylake, 2016)
60 "Skylake-Client"
62 "Skylake-Client-IBRS"
63 Intel Core Processor (Skylake, 2015)
64 "Broadwell"
66 "Broadwell-IBRS"
67 "Broadwell-noTSX"
68 "Broadwell-noTSX-IBRS"
69 Intel Core Processor (Broadwell, 2014)
70 "Haswell"
72 "Haswell-IBRS"
73 "Haswell-noTSX"
74 "Haswell-noTSX-IBRS"
75 Intel Core Processor (Haswell, 2013)
76 "IvyBridge"
78 "IvyBridge-IBRS"
79 Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
80 "SandyBridge"
82 "SandyBridge-IBRS"
83 Intel Xeon E312xx (Sandy Bridge, 2011)
84 "Westmere"
86 "Westmere-IBRS"
87 Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
88 "Nehalem"
90 "Nehalem-IBRS"
91 Intel Core i7 9xx (Nehalem Class Core i7, 2008)
92 "Penryn"
94 Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
95 "Conroe"
97 Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
98 Important CPU features for Intel x86 hosts
100 The following are important CPU features that should be used on Intel
102 x86 hosts, when available in the host CPU. Some of them require
103 explicit configuration to enable, as they are not included by default
104 in some, or all, of the named CPU models listed above. In general all
105 of these features are included if using "Host passthrough" or "Host
106 model".
107 "pcid"
109 Recommended to mitigate the cost of the Meltdown (CVE-2017-5754)
110 fix
111 Included by default in Haswell, Broadwell & Skylake Intel CPU
113 models.
114 Should be explicitly turned on for Westmere, SandyBridge, and
116 IvyBridge Intel CPU models. Note that some desktop/mobile Westmere
117 CPUs cannot support this feature.
118 "spec-ctrl"
120 Required to enable the Spectre v2 (CVE-2017-5715) fix.
121 Included by default in Intel CPU models with -IBRS suffix.
123 Must be explicitly turned on for Intel CPU models without -IBRS
125 suffix.
126 Requires the host CPU microcode to support this feature before it
128 can be used for guest CPUs.
129 "stibp"
131 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in
132 some operating systems.
133 Must be explicitly turned on for all Intel CPU models.
135 Requires the host CPU microcode to support this feature before it
137 can be used for guest CPUs.
138 "ssbd"
140 Required to enable the CVE-2018-3639 fix
141 Not included by default in any Intel CPU model.
143 Must be explicitly turned on for all Intel CPU models.
145 Requires the host CPU microcode to support this feature before it
147 can be used for guest CPUs.
148 "pdpe1gb"
150 Recommended to allow guest OS to use 1GB size pages
151 Not included by default in any Intel CPU model.
153 Should be explicitly turned on for all Intel CPU models.
155 Note that not all CPU hardware will support this feature.
157 "md-clear"
159 Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127,
160 CVE-2018-12130, CVE-2019-11091) fixes.
161 Not included by default in any Intel CPU model.
163 Must be explicitly turned on for all Intel CPU models.
165 Requires the host CPU microcode to support this feature before it
167 can be used for guest CPUs.
168 Preferred CPU models for AMD x86 hosts
170 The following CPU models are preferred for use on Intel hosts.
172 Administrators / applications are recommended to use the CPU model that
173 matches the generation of the host CPUs in use. In a deployment with a
174 mixture of host CPU models between machines, if live migration
175 compatibility is required, use the newest CPU model that is compatible
176 across all desired hosts.
177 "EPYC"
179 "EPYC-IBPB"
180 AMD EPYC Processor (2017)
181 "Opteron_G5"
183 AMD Opteron 63xx class CPU (2012)
184 "Opteron_G4"
186 AMD Opteron 62xx class CPU (2011)
187 "Opteron_G3"
189 AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
190 "Opteron_G2"
192 AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
193 "Opteron_G1"
195 AMD Opteron 240 (Gen 1 Class Opteron, 2004)
196 Important CPU features for AMD x86 hosts
198 The following are important CPU features that should be used on AMD x86
200 hosts, when available in the host CPU. Some of them require explicit
201 configuration to enable, as they are not included by default in some,
202 or all, of the named CPU models listed above. In general all of these
203 features are included if using "Host passthrough" or "Host model".
204 "ibpb"
206 Required to enable the Spectre v2 (CVE-2017-5715) fix.
207 Included by default in AMD CPU models with -IBPB suffix.
209 Must be explicitly turned on for AMD CPU models without -IBPB
211 suffix.
212 Requires the host CPU microcode to support this feature before it
214 can be used for guest CPUs.
215 "stibp"
217 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in
218 some operating systems.
219 Must be explicitly turned on for all AMD CPU models.
221 Requires the host CPU microcode to support this feature before it
223 can be used for guest CPUs.
224 "virt-ssbd"
226 Required to enable the CVE-2018-3639 fix
227 Not included by default in any AMD CPU model.
229 Must be explicitly turned on for all AMD CPU models.
231 This should be provided to guests, even if amd-ssbd is also
233 provided, for maximum guest compatibility.
234 Note for some QEMU / libvirt versions, this must be force enabled
236 when when using "Host model", because this is a virtual feature
237 that doesn't exist in the physical host CPUs.
238 "amd-ssbd"
240 Required to enable the CVE-2018-3639 fix
241 Not included by default in any AMD CPU model.
243 Must be explicitly turned on for all AMD CPU models.
245 This provides higher performance than virt-ssbd so should be
247 exposed to guests whenever available in the host. virt-ssbd should
248 none the less also be exposed for maximum guest compatibility as
249 some kernels only know about virt-ssbd.
250 "amd-no-ssb"
252 Recommended to indicate the host is not vulnerable CVE-2018-3639
253 Not included by default in any AMD CPU model.
255 Future hardware generations of CPU will not be vulnerable to
257 CVE-2018-3639, and thus the guest should be told not to enable its
258 mitigations, by exposing amd-no-ssb. This is mutually exclusive
259 with virt-ssbd and amd-ssbd.
260 "pdpe1gb"
262 Recommended to allow guest OS to use 1GB size pages
263 Not included by default in any AMD CPU model.
265 Should be explicitly turned on for all AMD CPU models.
267 Note that not all CPU hardware will support this feature.
269 Default x86 CPU models
271 The default QEMU CPU models are designed such that they can run on all
273 hosts. If an application does not wish to do perform any host
274 compatibility checks before launching guests, the default is guaranteed
275 to work.
276 The default CPU models will, however, leave the guest OS vulnerable to
278 various CPU hardware flaws, so their use is strongly discouraged.
279 Applications should follow the earlier guidance to setup a better CPU
280 configuration, with host passthrough recommended if live migration is
281 not needed.
282 "qemu32"
284 "qemu64"
285 QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
286 qemu64 is used for x86_64 guests and qemu32 is used for i686
288 guests, when no -cpu argument is given to QEMU, or no <cpu> is
289 provided in libvirt XML.
290 Other non-recommended x86 CPUs
292 The following CPUs models are compatible with most AMD and Intel x86
294 hosts, but their usage is discouraged, as they expose a very limited
295 featureset, which prevents guests having optimal performance.
296 "kvm32"
298 "kvm64"
299 Common KVM processor (32 & 64 bit variants)
300 Legacy models just for historical compatibility with ancient QEMU
302 versions.
303 486
305 "athlon"
306 "phenom"
307 "coreduo"
308 "core2duo"
309 "n270"
310 "pentium"
311 "pentium2"
312 "pentium3"
313 Various very old x86 CPU models, mostly predating the introduction
314 of hardware assisted virtualization, that should thus not be
315 required for running virtual machines.
316 Supported CPU model configurations on MIPS hosts
318 QEMU supports variety of MIPS CPU models:
320 Supported CPU models for MIPS32 hosts
322 The following CPU models are supported for use on MIPS32 hosts.
324 Administrators / applications are recommended to use the CPU model that
325 matches the generation of the host CPUs in use. In a deployment with a
326 mixture of host CPU models between machines, if live migration
327 compatibility is required, use the newest CPU model that is compatible
328 across all desired hosts.
329 "mips32r6-generic"
331 MIPS32 Processor (Release 6, 2015)
332 "P5600"
334 MIPS32 Processor (P5600, 2014)
335 "M14K"
337 "M14Kc"
338 MIPS32 Processor (M14K, 2009)
339 "74Kf"
341 MIPS32 Processor (74K, 2007)
342 "34Kf"
344 MIPS32 Processor (34K, 2006)
345 "24Kc"
347 "24KEc"
348 "24Kf"
349 MIPS32 Processor (24K, 2003)
350 "4Kc"
352 "4Km"
353 "4KEcR1"
354 "4KEmR1"
355 "4KEc"
356 "4KEm"
357 MIPS32 Processor (4K, 1999)
358 Supported CPU models for MIPS64 hosts
360 The following CPU models are supported for use on MIPS64 hosts.
362 Administrators / applications are recommended to use the CPU model that
363 matches the generation of the host CPUs in use. In a deployment with a
364 mixture of host CPU models between machines, if live migration
365 compatibility is required, use the newest CPU model that is compatible
366 across all desired hosts.
367 "I6400"
369 MIPS64 Processor (Release 6, 2014)
370 "Loongson-2F"
372 MIPS64 Processor (Loongson 2, 2008)
373 "Loongson-2E"
375 MIPS64 Processor (Loongson 2, 2006)
376 "mips64dspr2"
378 MIPS64 Processor (Release 2, 2006)
379 "MIPS64R2-generic"
381 "5KEc"
382 "5KEf"
383 MIPS64 Processor (Release 2, 2002)
384 "20Kc"
386 MIPS64 Processor (20K, 2000)
387 "5Kc"
389 "5Kf"
390 MIPS64 Processor (5K, 1999)
391 "VR5432"
393 MIPS64 Processor (VR, 1998)
394 "R4000"
396 MIPS64 Processor (MIPS III, 1991)
397 Supported CPU models for nanoMIPS hosts
399 The following CPU models are supported for use on nanoMIPS hosts.
401 Administrators / applications are recommended to use the CPU model that
402 matches the generation of the host CPUs in use. In a deployment with a
403 mixture of host CPU models between machines, if live migration
404 compatibility is required, use the newest CPU model that is compatible
405 across all desired hosts.
406 "I7200"
408 MIPS I7200 (nanoMIPS, 2018)
409 Preferred CPU models for MIPS hosts
411 The following CPU models are preferred for use on different MIPS hosts:
413 "MIPS III"
415 R4000
416 "MIPS32R2"
418 34Kf
419 "MIPS64R6"
421 I6400
422 "nanoMIPS"
424 I7200
425 Syntax for configuring CPU models
427 The example below illustrate the approach to configuring the various
429 CPU models / features in QEMU and libvirt
430 QEMU command line
432 Host passthrough
434 $ qemu-system-x86_64 -cpu host
435 With feature customization:
437 $ qemu-system-x86_64 -cpu host,-vmx,...
439 Named CPU models
441 $ qemu-system-x86_64 -cpu Westmere
442 With feature customization:
444 $ qemu-system-x86_64 -cpu Westmere,+pcid,...
446 Libvirt guest XML
448 Host passthrough
450 <cpu mode='host-passthrough'/>
451 With feature customization:
453 <cpu mode='host-passthrough'>
455 <feature name="vmx" policy="disable"/>
456 ...
457 </cpu>
458 Host model
460 <cpu mode='host-model'/>
461 With feature customization:
463 <cpu mode='host-model'>
465 <feature name="vmx" policy="disable"/>
466 ...
467 </cpu>
468 Named model
470 <cpu mode='custom'>
471 <model name="Westmere"/>
472 </cpu>
473 With feature customization:
475 <cpu mode='custom'>
477 <model name="Westmere"/>
478 <feature name="pcid" policy="require"/>
479 ...
480 </cpu>
481
483 The HTML documentation of QEMU for more precise information and Linux
484 user mode emulator invocation.
485
487 Daniel P. Berrange
488 2019-11-15 QEMU-CPU-MODELS.7(7)