1QEMU-CPU-MODELS(7)                   QEMU                   QEMU-CPU-MODELS(7)
2
3
4

NAME

6       qemu-cpu-models - QEMU CPU Models
7

SYNOPSIS

9       QEMU CPU Modelling Infrastructure manual
10

DESCRIPTION

12   Recommendations for KVM CPU model configuration on x86 hosts
13       The  information  that follows provides recommendations for configuring
14       CPU models on x86 hosts. The goals are to maximise  performance,  while
15       protecting  guest OS against various CPU hardware flaws, and optionally
16       enabling live migration between hosts with heterogeneous CPU models.
17
18   Two ways to configure CPU models with QEMU / KVM
19       1. Host passthrough
20
21          This passes the host CPU model features, model, stepping, exactly to
22          the guest. Note that KVM may filter out some host CPU model features
23          if they cannot be supported with virtualization. Live  migration  is
24          unsafe  when  this mode is used as libvirt / QEMU cannot guarantee a
25          stable CPU is exposed to the guest across hosts. This is the  recom‐
26          mended CPU to use, provided live migration is not required.
27
28       2. Named model
29
30          QEMU  comes with a number of predefined named CPU models, that typi‐
31          cally refer to specific generations of hardware  released  by  Intel
32          and  AMD.   These  allow the guest VMs to have a degree of isolation
33          from the host CPU, allowing greater flexibility  in  live  migrating
34          between hosts with differing hardware.  @end table
35
36       In  both  cases,  it is possible to optionally add or remove individual
37       CPU features, to alter what is presented to the guest by default.
38
39       Libvirt supports a third way to configure CPU  models  known  as  "Host
40       model".   This uses the QEMU "Named model" feature, automatically pick‐
41       ing a CPU model that is similar the host CPU,  and  then  adding  extra
42       features  to  approximate  the  host model as closely as possible. This
43       does not guarantee the CPU family, stepping, etc will  precisely  match
44       the  host CPU, as they would with "Host passthrough", but gives much of
45       the benefit of passthrough, while making live migration safe.
46
47   Preferred CPU models for Intel x86 hosts
48       The following CPU models are preferred for use on Intel hosts.   Admin‐
49       istrators  /  applications  are  recommended  to use the CPU model that
50       matches the generation of the host CPUs in use. In a deployment with  a
51       mixture of host CPU models between machines, if live migration compati‐
52       bility is required, use the newest CPU model that is compatible  across
53       all desired hosts.
54
55       Cascadelake-Server, Cascadelake-Server-noTSX
56              Intel  Xeon Processor (Cascade Lake, 2019), with "stepping" lev‐
57              els 6 or 7 only.  (The Cascade Lake Xeon processor with stepping
58              5 is vulnerable to MDS variants.)
59
60       Skylake-Server, Skylake-Server-IBRS, Skylake-Server-IBRS-noTSX
61              Intel Xeon Processor (Skylake, 2016)
62
63       Skylake-Client, Skylake-Client-IBRS, Skylake-Client-noTSX-IBRS}
64              Intel Core Processor (Skylake, 2015)
65
66       Broadwell, Broadwell-IBRS, Broadwell-noTSX, Broadwell-noTSX-IBRS
67              Intel Core Processor (Broadwell, 2014)
68
69       Haswell, Haswell-IBRS, Haswell-noTSX, Haswell-noTSX-IBRS
70              Intel Core Processor (Haswell, 2013)
71
72       IvyBridge, IvyBridge-IBR
73              Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
74
75       SandyBridge, SandyBridge-IBRS
76              Intel Xeon E312xx (Sandy Bridge, 2011)
77
78       Westmere, Westmere-IBRS
79              Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
80
81       Nehalem, Nehalem-IBRS
82              Intel Core i7 9xx (Nehalem Class Core i7, 2008)
83
84       Penryn Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
85
86       Conroe Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
87
88   Important CPU features for Intel x86 hosts
89       The  following  are important CPU features that should be used on Intel
90       x86 hosts, when available in the host CPU. Some  of  them  require  ex‐
91       plicit  configuration to enable, as they are not included by default in
92       some, or all, of the named CPU models listed above. In general  all  of
93       these  features  are  included  if  using  "Host  passthrough" or "Host
94       model".
95
96       pcid   Recommended to mitigate the cost of the Meltdown (CVE-2017-5754)
97              fix.
98
99              Included  by  default  in Haswell, Broadwell & Skylake Intel CPU
100              models.
101
102              Should be explicitly turned on for  Westmere,  SandyBridge,  and
103              IvyBridge  Intel CPU models. Note that some desktop/mobile West‐
104              mere CPUs cannot support this feature.
105
106       spec-ctrl
107              Required to enable the Spectre v2 (CVE-2017-5715) fix.
108
109              Included by default in Intel CPU models with -IBRS suffix.
110
111              Must be explicitly turned on for Intel CPU models without  -IBRS
112              suffix.
113
114              Requires  the  host CPU microcode to support this feature before
115              it can be used for guest CPUs.
116
117       stibp  Required to enable stronger Spectre v2 (CVE-2017-5715) fixes  in
118              some operating systems.
119
120              Must be explicitly turned on for all Intel CPU models.
121
122              Requires  the  host CPU microcode to support this feature before
123              it can be used for guest CPUs.
124
125       ssbd   Required to enable the CVE-2018-3639 fix.
126
127              Not included by default in any Intel CPU model.
128
129              Must be explicitly turned on for all Intel CPU models.
130
131              Requires the host CPU microcode to support this  feature  before
132              it can be used for guest CPUs.
133
134       pdpe1gb
135              Recommended to allow guest OS to use 1GB size pages.
136
137              Not included by default in any Intel CPU model.
138
139              Should be explicitly turned on for all Intel CPU models.
140
141              Note that not all CPU hardware will support this feature.
142
143       md-clear
144              Required  to  confirm  the  MDS (CVE-2018-12126, CVE-2018-12127,
145              CVE-2018-12130, CVE-2019-11091) fixes.
146
147              Not included by default in any Intel CPU model.
148
149              Must be explicitly turned on for all Intel CPU models.
150
151              Requires the host CPU microcode to support this  feature  before
152              it can be used for guest CPUs.
153
154       mds-no Recommended to inform the guest OS that the host is not vulnera‐
155              ble to any of the MDS variants ([MFBDS] CVE-2018-12130,  [MLPDS]
156              CVE-2018-12127, [MSBDS] CVE-2018-12126).
157
158              This  is  an MSR (Model-Specific Register) feature rather than a
159              CPUID feature, so it will not appear in the Linux  /proc/cpuinfo
160              in the host or guest.  Instead, the host kernel uses it to popu‐
161              late the MDS vulnerability file in sysfs.
162
163              So it should only  be  enabled  for  VMs  if  the  host  reports
164              @code{Not  affected} in the /sys/devices/system/cpu/vulnerabili‐
165              ties/mds file.
166
167       taa-no Recommended to inform that the guest that the host is  not  vul‐
168              nerable to CVE-2019-11135, TSX Asynchronous Abort (TAA).
169
170              This  too is an MSR feature, so it does not show up in the Linux
171              /proc/cpuinfo in the host or guest.
172
173              It should only be enabled for VMs if the host  reports  Not  af‐
174              fected      in      the     /sys/devices/system/cpu/vulnerabili‐
175              ties/tsx_async_abort file.
176
177       tsx-ctrl
178              Recommended to inform the guest that it can  disable  the  Intel
179              TSX  (Transactional  Synchronization Extensions) feature; or, if
180              the processor is vulnerable, use the Intel VERW  instruction  (a
181              processor-level  instruction  that performs checks on memory ac‐
182              cess) as a mitigation for the TAA vulnerability.  (For  details,
183              refer to Intel's deep dive into MDS.)
184
185              Expose this to the guest OS if and only if: (a) the host has TSX
186              enabled; and (b) the guest has rtm CPU flag enabled.
187
188              By disabling TSX, KVM-based guests can avoid paying the price of
189              mitigating TSX-based attacks.
190
191              Note that tsx-ctrl too is an MSR feature, so it does not show up
192              in the Linux /proc/cpuinfo in the host or guest.
193
194              To validate that Intel TSX is indeed  disabled  for  the  guest,
195              there  are  two  ways:  (a)  check for the absence of rtm in the
196              guest's /proc/cpuinfo; or (b)  the  /sys/devices/system/cpu/vul‐
197              nerabilities/tsx_async_abort  file  in  the  guest should report
198              Mitigation: TSX disabled.
199
200   Preferred CPU models for AMD x86 hosts
201       The following CPU models are preferred for use on Intel hosts.   Admin‐
202       istrators  /  applications  are  recommended  to use the CPU model that
203       matches the generation of the host CPUs in use. In a deployment with  a
204       mixture of host CPU models between machines, if live migration compati‐
205       bility is required, use the newest CPU model that is compatible  across
206       all desired hosts.
207
208       EPYC, EPYC-IBPB
209              AMD EPYC Processor (2017)
210
211       Opteron_G5
212              AMD Opteron 63xx class CPU (2012)
213
214       Opteron_G4
215              AMD Opteron 62xx class CPU (2011)
216
217       Opteron_G3
218              AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
219
220       Opteron_G2
221              AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
222
223       Opteron_G1
224              AMD Opteron 240 (Gen 1 Class Opteron, 2004)
225
226   Important CPU features for AMD x86 hosts
227       The following are important CPU features that should be used on AMD x86
228       hosts, when available in the host CPU. Some of  them  require  explicit
229       configuration  to  enable, as they are not included by default in some,
230       or all, of the named CPU models listed above. In general all  of  these
231       features are included if using "Host passthrough" or "Host model".
232
233       ibpb   Required to enable the Spectre v2 (CVE-2017-5715) fix.
234
235              Included by default in AMD CPU models with -IBPB suffix.
236
237              Must  be  explicitly  turned on for AMD CPU models without -IBPB
238              suffix.
239
240              Requires the host CPU microcode to support this  feature  before
241              it can be used for guest CPUs.
242
243       stibp  Required  to enable stronger Spectre v2 (CVE-2017-5715) fixes in
244              some operating systems.
245
246              Must be explicitly turned on for all AMD CPU models.
247
248              Requires the host CPU microcode to support this  feature  before
249              it can be used for guest CPUs.
250
251       virt-ssbd
252              Required to enable the CVE-2018-3639 fix
253
254              Not included by default in any AMD CPU model.
255
256              Must be explicitly turned on for all AMD CPU models.
257
258              This should be provided to guests, even if amd-ssbd is also pro‐
259              vided, for maximum guest compatibility.
260
261              Note for some QEMU / libvirt versions, this must  be  force  en‐
262              abled  when  when  using "Host model", because this is a virtual
263              feature that doesn't exist in the physical host CPUs.
264
265       amd-ssbd
266              Required to enable the CVE-2018-3639 fix
267
268              Not included by default in any AMD CPU model.
269
270              Must be explicitly turned on for all AMD CPU models.
271
272              This provides higher performance than virt-ssbd so should be ex‐
273              posed to guests whenever available in the host. virt-ssbd should
274              none the less also be exposed for maximum guest compatibility as
275              some kernels only know about virt-ssbd.
276
277       amd-no-ssb
278              Recommended to indicate the host is not vulnerable CVE-2018-3639
279
280              Not included by default in any AMD CPU model.
281
282              Future  hardware  generations  of  CPU will not be vulnerable to
283              CVE-2018-3639, and thus the guest should be told not  to  enable
284              its mitigations, by exposing amd-no-ssb. This is mutually exclu‐
285              sive with virt-ssbd and amd-ssbd.
286
287       pdpe1gb
288              Recommended to allow guest OS to use 1GB size pages
289
290              Not included by default in any AMD CPU model.
291
292              Should be explicitly turned on for all AMD CPU models.
293
294              Note that not all CPU hardware will support this feature.
295
296   Default x86 CPU models
297       The default QEMU CPU models are designed such that they can run on  all
298       hosts.  If an application does not wish to do perform any host compati‐
299       bility checks before launching guests, the  default  is  guaranteed  to
300       work.
301
302       The  default CPU models will, however, leave the guest OS vulnerable to
303       various CPU hardware flaws, so their use is strongly discouraged.   Ap‐
304       plications  should  follow  the  earlier guidance to setup a better CPU
305       configuration, with host passthrough recommended if live  migration  is
306       not needed.
307
308       qemu32, qemu64
309              QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
310
311       qemu64  is  used  for x86_64 guests and qemu32 is used for i686 guests,
312       when no -cpu argument is given to QEMU, or no <cpu> is provided in lib‐
313       virt XML.
314
315   Other non-recommended x86 CPUs
316       The  following  CPUs  models are compatible with most AMD and Intel x86
317       hosts, but their usage is discouraged, as they expose  a  very  limited
318       featureset, which prevents guests having optimal performance.
319
320       kvm32, kvm64
321              Common KVM processor (32 & 64 bit variants).
322
323              Legacy  models  just  for  historical compatibility with ancient
324              QEMU versions.
325
326       486, athlon, phenom, coreduo, core2duo, n270, pentium,  pentium2,  pen‐
327       tium3
328              Various  very old x86 CPU models, mostly predating the introduc‐
329              tion of hardware assisted virtualization, that should  thus  not
330              be required for running virtual machines.
331
332   Syntax for configuring CPU models
333       The  examples  below illustrate the approach to configuring the various
334       CPU models / features in QEMU and libvirt.
335
336   QEMU command line
337       Host passthrough:
338
339          qemu-system-x86_64 -cpu host
340
341       Host passthrough with feature customization:
342
343          qemu-system-x86_64 -cpu host,-vmx,...
344
345       Named CPU models:
346
347          qemu-system-x86_64 -cpu Westmere
348
349       Named CPU models with feature customization:
350
351          qemu-system-x86_64 -cpu Westmere,+pcid,...
352
353   Libvirt guest XML
354       Host passthrough:
355
356          <cpu mode='host-passthrough'/>
357
358       Host passthrough with feature customization:
359
360          <cpu mode='host-passthrough'>
361              <feature name="vmx" policy="disable"/>
362              ...
363          </cpu>
364
365       Host model:
366
367          <cpu mode='host-model'/>
368
369       Host model with feature customization:
370
371          <cpu mode='host-model'>
372              <feature name="vmx" policy="disable"/>
373              ...
374          </cpu>
375
376       Named model:
377
378          <cpu mode='custom'>
379              <model name="Westmere"/>
380          </cpu>
381
382       Named model with feature customization:
383
384          <cpu mode='custom'>
385              <model name="Westmere"/>
386              <feature name="pcid" policy="require"/>
387              ...
388          </cpu>
389
390   Supported CPU model configurations on MIPS hosts
391       QEMU supports variety of MIPS CPU models:
392
393   Supported CPU models for MIPS32 hosts
394       The following CPU models are supported for use on MIPS32 hosts.  Admin‐
395       istrators  /  applications  are  recommended  to use the CPU model that
396       matches the generation of the host CPUs in use. In a deployment with  a
397       mixture of host CPU models between machines, if live migration compati‐
398       bility is required, use the newest CPU model that is compatible  across
399       all desired hosts.
400
401       mips32r6-generic
402              MIPS32 Processor (Release 6, 2015)
403
404       P5600  MIPS32 Processor (P5600, 2014)
405
406       M14K, M14Kc
407              MIPS32 Processor (M14K, 2009)
408
409       74Kf   MIPS32 Processor (74K, 2007)
410
411       34Kf   MIPS32 Processor (34K, 2006)
412
413       24Kc, 24KEc, 24Kf
414              MIPS32 Processor (24K, 2003)
415
416       4Kc, 4Km, 4KEcR1, 4KEmR1, 4KEc, 4KEm
417              MIPS32 Processor (4K, 1999)
418
419   Supported CPU models for MIPS64 hosts
420       The following CPU models are supported for use on MIPS64 hosts.  Admin‐
421       istrators / applications are recommended to  use  the  CPU  model  that
422       matches  the generation of the host CPUs in use. In a deployment with a
423       mixture of host CPU models between machines, if live migration compati‐
424       bility  is required, use the newest CPU model that is compatible across
425       all desired hosts.
426
427       I6400  MIPS64 Processor (Release 6, 2014)
428
429       Loongson-2E
430              MIPS64 Processor (Loongson 2, 2006)
431
432       Loongson-2F
433              MIPS64 Processor (Loongson 2, 2008)
434
435       Loongson-3A1000
436              MIPS64 Processor (Loongson 3, 2010)
437
438       Loongson-3A4000
439              MIPS64 Processor (Loongson 3, 2018)
440
441       mips64dspr2
442              MIPS64 Processor (Release 2, 2006)
443
444       MIPS64R2-generic, 5KEc, 5KEf
445              MIPS64 Processor (Release 2, 2002)
446
447       20Kc   MIPS64 Processor (20K, 2000
448
449       5Kc, 5Kf
450              MIPS64 Processor (5K, 1999)
451
452       VR5432 MIPS64 Processor (VR, 1998)
453
454       R4000  MIPS64 Processor (MIPS III, 1991)
455
456   Supported CPU models for nanoMIPS hosts
457       The following CPU models are supported for use on nanoMIPS hosts.   Ad‐
458       ministrators  /  applications are recommended to use the CPU model that
459       matches the generation of the host CPUs in use. In a deployment with  a
460       mixture of host CPU models between machines, if live migration compati‐
461       bility is required, use the newest CPU model that is compatible  across
462       all desired hosts.
463
464       I7200  MIPS I7200 (nanoMIPS, 2018)
465
466   Preferred CPU models for MIPS hosts
467       The following CPU models are preferred for use on different MIPS hosts:
468
469       MIPS III
470              R4000
471
472       MIPS32R2
473              34Kf
474
475       MIPS64R6
476              I6400
477
478       nanoMIPS
479              I7200
480

SEE ALSO

482       The  HTML  documentation of QEMU for more precise information and Linux
483       user mode emulator invocation.
484

AUTHOR

486       The QEMU Project developers
487
489       2021, The QEMU Project Developers
490
491
492
493
4945.2.0                            May 19, 2021               QEMU-CPU-MODELS(7)
Impressum