1QEMU-CPU-MODELS(7) QEMU QEMU-CPU-MODELS(7)
2
6 qemu-cpu-models - QEMU CPU Models
7
9 QEMU CPU Modelling Infrastructure manual
10
12 Recommendations for KVM CPU model configuration on x86 hosts
13 The information that follows provides recommendations for configuring
14 CPU models on x86 hosts. The goals are to maximise performance, while
15 protecting guest OS against various CPU hardware flaws, and optionally
16 enabling live migration between hosts with heterogeneous CPU models.
17 Two ways to configure CPU models with QEMU / KVM
19 1. Host passthrough
20 This passes the host CPU model features, model, stepping, exactly to
22 the guest. Note that KVM may filter out some host CPU model features
23 if they cannot be supported with virtualization. Live migration is
24 unsafe when this mode is used as libvirt / QEMU cannot guarantee a
25 stable CPU is exposed to the guest across hosts. This is the recom‐
26 mended CPU to use, provided live migration is not required.
27 2. Named model
29 QEMU comes with a number of predefined named CPU models, that typi‐
31 cally refer to specific generations of hardware released by Intel
32 and AMD. These allow the guest VMs to have a degree of isolation
33 from the host CPU, allowing greater flexibility in live migrating
34 between hosts with differing hardware. @end table
35 In both cases, it is possible to optionally add or remove individual
37 CPU features, to alter what is presented to the guest by default.
38 Libvirt supports a third way to configure CPU models known as "Host
40 model". This uses the QEMU "Named model" feature, automatically pick‐
41 ing a CPU model that is similar the host CPU, and then adding extra
42 features to approximate the host model as closely as possible. This
43 does not guarantee the CPU family, stepping, etc will precisely match
44 the host CPU, as they would with "Host passthrough", but gives much of
45 the benefit of passthrough, while making live migration safe.
46 Preferred CPU models for Intel x86 hosts
48 The following CPU models are preferred for use on Intel hosts. Admin‐
49 istrators / applications are recommended to use the CPU model that
50 matches the generation of the host CPUs in use. In a deployment with a
51 mixture of host CPU models between machines, if live migration compati‐
52 bility is required, use the newest CPU model that is compatible across
53 all desired hosts.
54 Cascadelake-Server, Cascadelake-Server-noTSX
56 Intel Xeon Processor (Cascade Lake, 2019), with "stepping" lev‐
57 els 6 or 7 only. (The Cascade Lake Xeon processor with stepping
58 5 is vulnerable to MDS variants.)
59 Skylake-Server, Skylake-Server-IBRS, Skylake-Server-IBRS-noTSX
61 Intel Xeon Processor (Skylake, 2016)
62 Skylake-Client, Skylake-Client-IBRS, Skylake-Client-noTSX-IBRS}
64 Intel Core Processor (Skylake, 2015)
65 Broadwell, Broadwell-IBRS, Broadwell-noTSX, Broadwell-noTSX-IBRS
67 Intel Core Processor (Broadwell, 2014)
68 Haswell, Haswell-IBRS, Haswell-noTSX, Haswell-noTSX-IBRS
70 Intel Core Processor (Haswell, 2013)
71 IvyBridge, IvyBridge-IBR
73 Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
74 SandyBridge, SandyBridge-IBRS
76 Intel Xeon E312xx (Sandy Bridge, 2011)
77 Westmere, Westmere-IBRS
79 Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
80 Nehalem, Nehalem-IBRS
82 Intel Core i7 9xx (Nehalem Class Core i7, 2008)
83 Penryn Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
85 Conroe Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
87 Important CPU features for Intel x86 hosts
89 The following are important CPU features that should be used on Intel
90 x86 hosts, when available in the host CPU. Some of them require ex‐
91 plicit configuration to enable, as they are not included by default in
92 some, or all, of the named CPU models listed above. In general all of
93 these features are included if using "Host passthrough" or "Host
94 model".
95 pcid Recommended to mitigate the cost of the Meltdown (CVE-2017-5754)
97 fix.
98 Included by default in Haswell, Broadwell & Skylake Intel CPU
100 models.
101 Should be explicitly turned on for Westmere, SandyBridge, and
103 IvyBridge Intel CPU models. Note that some desktop/mobile West‐
104 mere CPUs cannot support this feature.
105 spec-ctrl
107 Required to enable the Spectre v2 (CVE-2017-5715) fix.
108 Included by default in Intel CPU models with -IBRS suffix.
110 Must be explicitly turned on for Intel CPU models without -IBRS
112 suffix.
113 Requires the host CPU microcode to support this feature before
115 it can be used for guest CPUs.
116 stibp Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in
118 some operating systems.
119 Must be explicitly turned on for all Intel CPU models.
121 Requires the host CPU microcode to support this feature before
123 it can be used for guest CPUs.
124 ssbd Required to enable the CVE-2018-3639 fix.
126 Not included by default in any Intel CPU model.
128 Must be explicitly turned on for all Intel CPU models.
130 Requires the host CPU microcode to support this feature before
132 it can be used for guest CPUs.
133 pdpe1gb
135 Recommended to allow guest OS to use 1GB size pages.
136 Not included by default in any Intel CPU model.
138 Should be explicitly turned on for all Intel CPU models.
140 Note that not all CPU hardware will support this feature.
142 md-clear
144 Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127,
145 CVE-2018-12130, CVE-2019-11091) fixes.
146 Not included by default in any Intel CPU model.
148 Must be explicitly turned on for all Intel CPU models.
150 Requires the host CPU microcode to support this feature before
152 it can be used for guest CPUs.
153 mds-no Recommended to inform the guest OS that the host is not vulnera‐
155 ble to any of the MDS variants ([MFBDS] CVE-2018-12130, [MLPDS]
156 CVE-2018-12127, [MSBDS] CVE-2018-12126).
157 This is an MSR (Model-Specific Register) feature rather than a
159 CPUID feature, so it will not appear in the Linux /proc/cpuinfo
160 in the host or guest. Instead, the host kernel uses it to popu‐
161 late the MDS vulnerability file in sysfs.
162 So it should only be enabled for VMs if the host reports
164 @code{Not affected} in the /sys/devices/system/cpu/vulnerabili‐
165 ties/mds file.
166 taa-no Recommended to inform that the guest that the host is not vul‐
168 nerable to CVE-2019-11135, TSX Asynchronous Abort (TAA).
169 This too is an MSR feature, so it does not show up in the Linux
171 /proc/cpuinfo in the host or guest.
172 It should only be enabled for VMs if the host reports Not af‐
174 fected in the /sys/devices/system/cpu/vulnerabili‐
175 ties/tsx_async_abort file.
176 tsx-ctrl
178 Recommended to inform the guest that it can disable the Intel
179 TSX (Transactional Synchronization Extensions) feature; or, if
180 the processor is vulnerable, use the Intel VERW instruction (a
181 processor-level instruction that performs checks on memory ac‐
182 cess) as a mitigation for the TAA vulnerability. (For details,
183 refer to Intel's deep dive into MDS.)
184 Expose this to the guest OS if and only if: (a) the host has TSX
186 enabled; and (b) the guest has rtm CPU flag enabled.
187 By disabling TSX, KVM-based guests can avoid paying the price of
189 mitigating TSX-based attacks.
190 Note that tsx-ctrl too is an MSR feature, so it does not show up
192 in the Linux /proc/cpuinfo in the host or guest.
193 To validate that Intel TSX is indeed disabled for the guest,
195 there are two ways: (a) check for the absence of rtm in the
196 guest's /proc/cpuinfo; or (b) the /sys/devices/system/cpu/vul‐
197 nerabilities/tsx_async_abort file in the guest should report
198 Mitigation: TSX disabled.
199 Preferred CPU models for AMD x86 hosts
201 The following CPU models are preferred for use on Intel hosts. Admin‐
202 istrators / applications are recommended to use the CPU model that
203 matches the generation of the host CPUs in use. In a deployment with a
204 mixture of host CPU models between machines, if live migration compati‐
205 bility is required, use the newest CPU model that is compatible across
206 all desired hosts.
207 EPYC, EPYC-IBPB
209 AMD EPYC Processor (2017)
210 Opteron_G5
212 AMD Opteron 63xx class CPU (2012)
213 Opteron_G4
215 AMD Opteron 62xx class CPU (2011)
216 Opteron_G3
218 AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
219 Opteron_G2
221 AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
222 Opteron_G1
224 AMD Opteron 240 (Gen 1 Class Opteron, 2004)
225 Important CPU features for AMD x86 hosts
227 The following are important CPU features that should be used on AMD x86
228 hosts, when available in the host CPU. Some of them require explicit
229 configuration to enable, as they are not included by default in some,
230 or all, of the named CPU models listed above. In general all of these
231 features are included if using "Host passthrough" or "Host model".
232 ibpb Required to enable the Spectre v2 (CVE-2017-5715) fix.
234 Included by default in AMD CPU models with -IBPB suffix.
236 Must be explicitly turned on for AMD CPU models without -IBPB
238 suffix.
239 Requires the host CPU microcode to support this feature before
241 it can be used for guest CPUs.
242 stibp Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in
244 some operating systems.
245 Must be explicitly turned on for all AMD CPU models.
247 Requires the host CPU microcode to support this feature before
249 it can be used for guest CPUs.
250 virt-ssbd
252 Required to enable the CVE-2018-3639 fix
253 Not included by default in any AMD CPU model.
255 Must be explicitly turned on for all AMD CPU models.
257 This should be provided to guests, even if amd-ssbd is also pro‐
259 vided, for maximum guest compatibility.
260 Note for some QEMU / libvirt versions, this must be force en‐
262 abled when when using "Host model", because this is a virtual
263 feature that doesn't exist in the physical host CPUs.
264 amd-ssbd
266 Required to enable the CVE-2018-3639 fix
267 Not included by default in any AMD CPU model.
269 Must be explicitly turned on for all AMD CPU models.
271 This provides higher performance than virt-ssbd so should be ex‐
273 posed to guests whenever available in the host. virt-ssbd should
274 none the less also be exposed for maximum guest compatibility as
275 some kernels only know about virt-ssbd.
276 amd-no-ssb
278 Recommended to indicate the host is not vulnerable CVE-2018-3639
279 Not included by default in any AMD CPU model.
281 Future hardware generations of CPU will not be vulnerable to
283 CVE-2018-3639, and thus the guest should be told not to enable
284 its mitigations, by exposing amd-no-ssb. This is mutually exclu‐
285 sive with virt-ssbd and amd-ssbd.
286 pdpe1gb
288 Recommended to allow guest OS to use 1GB size pages
289 Not included by default in any AMD CPU model.
291 Should be explicitly turned on for all AMD CPU models.
293 Note that not all CPU hardware will support this feature.
295 Default x86 CPU models
297 The default QEMU CPU models are designed such that they can run on all
298 hosts. If an application does not wish to do perform any host compati‐
299 bility checks before launching guests, the default is guaranteed to
300 work.
301 The default CPU models will, however, leave the guest OS vulnerable to
303 various CPU hardware flaws, so their use is strongly discouraged. Ap‐
304 plications should follow the earlier guidance to setup a better CPU
305 configuration, with host passthrough recommended if live migration is
306 not needed.
307 qemu32, qemu64
309 QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
310 qemu64 is used for x86_64 guests and qemu32 is used for i686 guests,
312 when no -cpu argument is given to QEMU, or no <cpu> is provided in lib‐
313 virt XML.
314 Other non-recommended x86 CPUs
316 The following CPUs models are compatible with most AMD and Intel x86
317 hosts, but their usage is discouraged, as they expose a very limited
318 featureset, which prevents guests having optimal performance.
319 kvm32, kvm64
321 Common KVM processor (32 & 64 bit variants).
322 Legacy models just for historical compatibility with ancient
324 QEMU versions.
325 486, athlon, phenom, coreduo, core2duo, n270, pentium, pentium2, pen‐
327 tium3
328 Various very old x86 CPU models, mostly predating the introduc‐
329 tion of hardware assisted virtualization, that should thus not
330 be required for running virtual machines.
331 Syntax for configuring CPU models
333 The examples below illustrate the approach to configuring the various
334 CPU models / features in QEMU and libvirt.
335 QEMU command line
337 Host passthrough:
338 qemu-system-x86_64 -cpu host
340 Host passthrough with feature customization:
342 qemu-system-x86_64 -cpu host,-vmx,...
344 Named CPU models:
346 qemu-system-x86_64 -cpu Westmere
348 Named CPU models with feature customization:
350 qemu-system-x86_64 -cpu Westmere,+pcid,...
352 Libvirt guest XML
354 Host passthrough:
355 <cpu mode='host-passthrough'/>
357 Host passthrough with feature customization:
359 <cpu mode='host-passthrough'>
361 <feature name="vmx" policy="disable"/>
362 ...
363 </cpu>
364 Host model:
366 <cpu mode='host-model'/>
368 Host model with feature customization:
370 <cpu mode='host-model'>
372 <feature name="vmx" policy="disable"/>
373 ...
374 </cpu>
375 Named model:
377 <cpu mode='custom'>
379 <model name="Westmere"/>
380 </cpu>
381 Named model with feature customization:
383 <cpu mode='custom'>
385 <model name="Westmere"/>
386 <feature name="pcid" policy="require"/>
387 ...
388 </cpu>
389 Supported CPU model configurations on MIPS hosts
391 QEMU supports variety of MIPS CPU models:
392 Supported CPU models for MIPS32 hosts
394 The following CPU models are supported for use on MIPS32 hosts. Admin‐
395 istrators / applications are recommended to use the CPU model that
396 matches the generation of the host CPUs in use. In a deployment with a
397 mixture of host CPU models between machines, if live migration compati‐
398 bility is required, use the newest CPU model that is compatible across
399 all desired hosts.
400 mips32r6-generic
402 MIPS32 Processor (Release 6, 2015)
403 P5600 MIPS32 Processor (P5600, 2014)
405 M14K, M14Kc
407 MIPS32 Processor (M14K, 2009)
408 74Kf MIPS32 Processor (74K, 2007)
410 34Kf MIPS32 Processor (34K, 2006)
412 24Kc, 24KEc, 24Kf
414 MIPS32 Processor (24K, 2003)
415 4Kc, 4Km, 4KEcR1, 4KEmR1, 4KEc, 4KEm
417 MIPS32 Processor (4K, 1999)
418 Supported CPU models for MIPS64 hosts
420 The following CPU models are supported for use on MIPS64 hosts. Admin‐
421 istrators / applications are recommended to use the CPU model that
422 matches the generation of the host CPUs in use. In a deployment with a
423 mixture of host CPU models between machines, if live migration compati‐
424 bility is required, use the newest CPU model that is compatible across
425 all desired hosts.
426 I6400 MIPS64 Processor (Release 6, 2014)
428 Loongson-2E
430 MIPS64 Processor (Loongson 2, 2006)
431 Loongson-2F
433 MIPS64 Processor (Loongson 2, 2008)
434 Loongson-3A1000
436 MIPS64 Processor (Loongson 3, 2010)
437 Loongson-3A4000
439 MIPS64 Processor (Loongson 3, 2018)
440 mips64dspr2
442 MIPS64 Processor (Release 2, 2006)
443 MIPS64R2-generic, 5KEc, 5KEf
445 MIPS64 Processor (Release 2, 2002)
446 20Kc MIPS64 Processor (20K, 2000
448 5Kc, 5Kf
450 MIPS64 Processor (5K, 1999)
451 VR5432 MIPS64 Processor (VR, 1998)
453 R4000 MIPS64 Processor (MIPS III, 1991)
455 Supported CPU models for nanoMIPS hosts
457 The following CPU models are supported for use on nanoMIPS hosts. Ad‐
458 ministrators / applications are recommended to use the CPU model that
459 matches the generation of the host CPUs in use. In a deployment with a
460 mixture of host CPU models between machines, if live migration compati‐
461 bility is required, use the newest CPU model that is compatible across
462 all desired hosts.
463 I7200 MIPS I7200 (nanoMIPS, 2018)
465 Preferred CPU models for MIPS hosts
467 The following CPU models are preferred for use on different MIPS hosts:
468 MIPS III
470 R4000
471 MIPS32R2
473 34Kf
474 MIPS64R6
476 I6400
477 nanoMIPS
479 I7200
480
482 The HTML documentation of QEMU for more precise information and Linux
483 user mode emulator invocation.
484
486 The QEMU Project developers
487
489 2021, The QEMU Project Developers
4905.2.0 May 19, 2021 QEMU-CPU-MODELS(7)