Re: Versioned CPU types in libvirt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/28/23 10:49 AM, Jonathon Jongsma wrote:
> 
> I'm currently looking at getting libvirt working with AMD's SEV-SNP
> encrypted virtualization technology. I have access to a test machine
> with an AMD EPYC 7713 processor which I can use to launch SNP guests
> with qemu, but only when I specify one of the following versioned -cpu
> values:
>  - EPYC-v4
>  - EPYC-Milan-v2
>  - EPYC-Rome-v3
> 
> From what I understand, the unversioned CPU models in qemu are supposed
> to resolve to a specific versioned CPU model depending on the machine
> type. But I'm not exactly sure how machine type influences it.
> 

At qemu level that's what I thought too, and it sounds like that was the
eventual plan, but it's not implemented yet. `qemu -cpu FOO` always maps
to `-cpu FOO-v1`. There's some info in qemu docs here, last sentence
explicitly makes this clear it may change in future

https://www.qemu.org/docs/master/about/deprecated.html#runnability-guarantee-of-cpu-models-since-4-1


Milan-v2 does add some new CPU features, but the one SNP related bit
those models change is `complex_indexing` in l3_cache cpuid, whatever
that is. Doesn't look overrideable on qemu command line, or anything
libvirt detects from host.


> I've got some libvirt patches to launch an SEV-SNP guest working now
> except for the CPU model specification. As far as I can tell, I can
> currently only specify the un-versioned model in libvirt. Is there any
> way to request a particular versioned CPU from qemu? I feel like I'm
> missing something here.
> 

The reason this fails is that SNP hardware explicitly rejects some guest
CPUID values that it deems unsafe. That `complex_indexing` bit is one of
them, but `-cpu host` triggers more. TDX seems to have a similar
mechanism, but it looks like qemu code is filtering those out for -cpu
host. Maybe qemu SNP can do the same, I'll ask AMD devs

But yes in the meantime a libvirt workaround would help

Thanks,
Cole

> I should perhaps also mention that I'm running a development version of
> qemu from Cole's copr repo[1], which could still have some related bugs
> 
> [1]
> https://copr.fedorainfracloud.org/coprs/g/virtmaint-sig/sev-snp-coconut/
> 
> Thanks,
> Jonathon
>
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux