Re: odd behaviour of virtualized CPUs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Why?
As Sean pointed out if you have older CPUs that don't support a specific instruction set you need to restrict the capabilities in order to support live migration. "this is expected" is a bit far fetched, it is not expected but it is observed and real behaviour. I came across this when testing virtualized systems for performance with the sllr-application from primegrid which only ran with SSE-code (plain code flavour for me), not using AVX on a CPU that said to me via lscpu it was a E5-2660v2. (This was VMWare for that matter and i wrote the test app i posted and tested in KVM-qemu-virtualized on other hosts). 

Regards, Gerrit.

On 23.10.23 18:29, Jim Mattson wrote:

On Mon, Oct 23, 2023 at 8:19 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:

On Mon, Oct 23, 2023, Gerrit Slomma wrote:

Compilation with "gcc -mavx -i avx2 avx2.c" fails, due to used intrinsics
are AVX2-intrinsics.
When compiled with "gcc -mavx2 -o avx2 avx2.c" an run on a E7-4880v2 this
yields "illegal instruction".
When run on a KVM-virtualized "Sandy Bridge"-CPU, but the underlying CPU is
capable of AVX2 (i.e. Haswell or Skylake) this runs, despite advertised flag
is only avx:

This is expected.  Many AVX instructions have virtualization holes, i.e. hardware
doesn't provide controls that allow the hypervisor (KVM) to precisely disable (or
intercept) specific sets of AVX instructions.  The virtualization holes are "safe"
because the instructions don't grant access to novel CPU state, just new ways of
manipulating existing state.  E.g. AVX2 instructions operate on existing AVX state
(YMM registers).

AVX512 on the other hand does introduce new state (ZMM registers) and so hardware
provides a control (XCR0.AVX512) that KVM can use to prevent the guest from
accessing the new state.

In other words, a misbehaving guest that ignores CPUID can hose itself, e.g. if
the VM gets live migrated to a host that _doesn't_ natively support AVX2, then
the workload will suddenly start getting #UDs.  But the integrity of the host and
the VM's state is not in danger.

One could argue that trying to virtualize a Sandy Bridge CPU on
Haswell hardware is simply user error, since the virtualization
hardware doesn't support that masquerade.
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux