Bug 1775134

Summary: Failed to create a VM via virt-manager or web console in RHEL8.1 snapshot-2.1 [rhel-8.1.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: Oneata Mircea Teodor <toneata>
Component: libvirtAssignee: Jiri Denemark <jdenemar>
Status: CLOSED ERRATA QA Contact: jiyan <jiyan>
Severity: high Docs Contact: Sagar Dubewar <sdubewar>
Priority: high    
Version: 8.1CC: achen35, chayang, dhsia, dyuan, jdenemar, jinzhao, jkachuck, jsuchane, kli2, knoel, kshieh, lhuang, lmanasko, lmen, mtessun, mtsai2, rbalakri, toneata, tyu1, virt-maint, xuzhang, yalzhang, yuhuang
Target Milestone: rcKeywords: Upstream, ZStream
Target Release: 8.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-4.5.0-35.1.el8 Doc Type: Bug Fix
Doc Text:
.Starting a VM on a 10th generation Intel Core processor no longer fails Previously, starting a virtual machine (VM) failed on a host model that used a 10th generation Intel Core processor, also known as Icelake-Server. With this update, `libvirt` no longer attempts to disable the `pconfig` CPU feature which is not supported by QEMU. As a result, starting a VM on a host model running a 10th generation Intel processor no longer fails.
 Story Points: ---
Clone Of: 1749672 Environment:
Last Closed: 2019-12-17 10:49:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1749672, 1756156, 1775254    
Bug Blocks:    

Comment 4 Jiri Denemark 2019-11-21 16:12:50 UTC 
*** Bug 1775254 has been marked as a duplicate of this bug. ***
Comment 7 jiyan 2019-12-02 02:31:44 UTC 
1: Test the following scenarios on the physical host with the following info:
# lscpu
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm rdt_a avx512f avx512dq rdseed adx smap avx512ifma clflushopt clwb intel_pt avx512cd sha_ni avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local wbnoinvd dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req avx512vbmi umip pku ospke avx512_vbmi2 gfni vaes vpclmulqdq avx512_vnni avx512_bitalg tme avx512_vpopcntdq la57 rdpid md_clear pconfig flush_l1d arch_capabilities

# for i in { avx512_vbmi2 avx512_vnni gfni vaes avx512_bitalg vpclmulqdq }; do lscpu |grep $i; done |wc -l
6

2: Reproduce this issue on libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3.x86_64.
Version:
libvirt-4.5.0-35.module+el8.1.0+4227+b2722cb3.x86_64
qemu-kvm-2.12.0-88.module+el8.1.0+4233+bc44be3f.x86_64
kernel-4.18.0-147.0.3.el8_1.x86_64

Steps:
# virsh domcapabilities
...
  <cpu>
    <mode name='host-passthrough' supported='yes'/>
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>Icelake-Server</model>
      <vendor>Intel</vendor>
      <feature policy='require' name='ss'/>
      <feature policy='require' name='vmx'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='avx512ifma'/>
      <feature policy='require' name='sha-ni'/>
      <feature policy='require' name='md-clear'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='ibrs-all'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='disable' name='mpx'/>
      <feature policy='disable' name='intel-pt'/>
      <feature policy='disable' name='pconfig'/> ***
    </mode>
...

# virsh domstate test
shut off

# virsh dumpxml test --inactive |grep "<cpu" -A2
  <cpu mode='host-model' check='partial'>
    <model fallback='allow'/>
  </cpu>

# virsh start test
error: Failed to start domain test
error: internal error: qemu unexpectedly closed the monitor: 2019-12-02T02:23:12.756016Z qemu-kvm: can't apply global Icelake-Server-x86_64-cpu.pconfig=off: Property '.pconfig' not found

3: Verify this issue on libvirt-4.5.0-35.1.module+el8.1.0+4931+38af3e93.x86_64.
# yum update libvirt* -y

# systemctl restart libvirtd

# rpm -qa libvirt
libvirt-4.5.0-35.1.module+el8.1.0+4931+38af3e93.x86_64

# virsh domcapabilities
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>Icelake-Server</model>
      <vendor>Intel</vendor>
      <feature policy='require' name='ss'/>
      <feature policy='require' name='vmx'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='avx512ifma'/>
      <feature policy='require' name='sha-ni'/>
      <feature policy='require' name='md-clear'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='ibrs-all'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='disable' name='mpx'/>
      <feature policy='disable' name='intel-pt'/>  *No pconfig here*
    </mode>

# virsh start test
Domain test started

# virsh dumpxml test 
...
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Icelake-Server</model>
    <vendor>Intel</vendor>
    <feature policy='require' name='ss'/>
    <feature policy='require' name='vmx'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='tsc_adjust'/>
    <feature policy='require' name='avx512ifma'/>
    <feature policy='require' name='sha-ni'/>
    <feature policy='require' name='md-clear'/>
    <feature policy='require' name='stibp'/>
    <feature policy='require' name='arch-capabilities'/>
    <feature policy='require' name='xsaves'/>
    <feature policy='require' name='rdctl-no'/>
    <feature policy='require' name='ibrs-all'/>
    <feature policy='require' name='skip-l1dfl-vmentry'/>
    <feature policy='require' name='mds-no'/>
    <feature policy='disable' name='mpx'/>
    <feature policy='disable' name='intel-pt'/>
  </cpu>

# ps -ef |grep test
...-cpu Icelake-Server,ss=on,vmx=on,hypervisor=on,tsc-adjust=on,avx512ifma=on,sha-ni=on,md-clear=on,stibp=on,arch-capabilities=on,xsaves=on,rdctl-no=on,ibrs-all=on,skip-l1dfl-vmentry=on,mds-no=on,mpx=off,intel-pt=off -m 1024

The current physical machine does not fully support icelake-server functions, I will verify this bug agagin in regression test if there will be approriate physical machine, so mark this bug as verified now.
Comment 10 errata-xmlrpc 2019-12-17 10:49:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:4274
Comment 12 Sagar Dubewar 2019-12-23 07:17:41 UTC 
Based on the discussion with Lucie, retaining the doc_text from Bug 1775137 as both the issues are identical.