Bug 1787556

Summary: virt-ssbd not included on CPU mode='host-model' [rhel-7.7.z]
Product: Red Hat Enterprise Linux 7 Reporter: RAD team bot copy to z-stream <autobot-eus-copy>
Component: libvirtAssignee: Jiri Denemark <jdenemar>
Status: CLOSED ERRATA QA Contact: jiyan <jiyan>
Severity: high Docs Contact:
Priority: urgent    
Version: 7.7CC: afox, dyuan, ehabkost, jdenemar, jiyan, jortialc, jsuchane, lhuang, lmen, lmiksik, mkalinin, mvanderw, stanislav.moravec, xuzhang, yalzhang
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-4.5.0-23.el7_7.5 Doc Type: Bug Fix
Doc Text:
Cause: qemu-kvm 1.5.3 from RHEL 7 is too old to support probing for CPU features available on the host and thus libvirt does not know whether virt-ssbd feature can be emulated. Consequence: Libvirt does not enable virt-ssbd feature for domains using host-model CPU even if the feature can be emulated on the host. Fix: On AMD hosts libvirt will always try to enable virt-ssbd for domains with host-model CPU. Result: Domains with host-model CPU will benefit from virt-ssbd if it can be emulated on the host.
 Story Points: ---
Clone Of: 1745181 Environment:
Last Closed: 2020-02-04 19:29:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1745181    
Bug Blocks:    

Description RAD team bot copy to z-stream 2020-01-03 11:46:45 UTC 
This bug has been copied from bug #1745181 and has been proposed to be backported to 7.7 z-stream (EUS).
Comment 5 jiyan 2020-01-14 03:56:08 UTC 
Reproduced this bug with libvirt-4.5.0-23.el7_7.4.x86_64 and verified this bug with libvirt-4.5.0-23.el7_7.5.x86_64.

Version:
libvirt-4.5.0-23.el7_7.4.x86_64
qemu-kvm-1.5.3-167.el7_7.1.x86_64
kernel-3.10.0-1062.9.1.el7.x86_64

Steps:
# lscpu 
...
Model name:            AMD EPYC 7251 8-Core Processor
...
Flags:                 ... ssbd 

# virsh domstate generic
shut off

# virsh dumpxml generic --inactive |grep "<cpu" -A2
  <cpu mode='host-model' check='partial'>
    <model fallback='allow'/>
  </cpu>

# virsh start generic
Domain generic started

# virsh dumpxml generic |grep "<cpu" -A20
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>EPYC-IBPB</model>
    <vendor>AMD</vendor>
    <feature policy='disable' name='ht'/>
    <feature policy='disable' name='osxsave'/>
    <feature policy='require' name='cmp_legacy'/>
    <feature policy='disable' name='extapic'/>
    <feature policy='disable' name='skinit'/>
    <feature policy='disable' name='wdt'/>
    <feature policy='disable' name='tce'/>
    <feature policy='disable' name='topoext'/>
    <feature policy='disable' name='perfctr_core'/>
    <feature policy='disable' name='perfctr_nb'/>
    <feature policy='disable' name='monitor'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='arat'/>
    <feature policy='disable' name='svm'/>
  </cpu>

# ps -ef |grep generic
...-cpu EPYC-IBPB,+ht,+osxsave,+cmp_legacy,+extapic,+skinit,+wdt,+tce,+topoext,+perfctr_core,+perfctr_nb -m 1024

# virsh console generic
Connected to domain generic
Escape character is ^]

Red Hat Enterprise Linux Server 7.7 (Maipo)
Kernel 3.10.0-1062.el7.x86_64 on an x86_64

localhost login: root
Password: 
[root@localhost ~]# lscpu | grep ssbd
No output

# yum update libvirt* -y

# rpm -qa libvirt
libvirt-4.5.0-23.el7_7.5.x86_64

# system restart libvirtd

# virsh destroy generic; virsh start generic
Domain generic destroyed

Domain generic started

# virsh dumpxml generic |grep "<cpu" -A30
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>EPYC-IBPB</model>
    <vendor>AMD</vendor>
    <feature policy='disable' name='ht'/>
    <feature policy='disable' name='osxsave'/>
    <feature policy='require' name='cmp_legacy'/>
    <feature policy='disable' name='extapic'/>
    <feature policy='disable' name='skinit'/>
    <feature policy='disable' name='wdt'/>
    <feature policy='disable' name='tce'/>
    <feature policy='disable' name='topoext'/>
    <feature policy='disable' name='perfctr_core'/>
    <feature policy='disable' name='perfctr_nb'/>
    <feature policy='require' name='virt-ssbd'/>   [**ssbd is here**]
    <feature policy='disable' name='monitor'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='arat'/>
    <feature policy='disable' name='svm'/>
  </cpu>

# ps -ef |grep generic
...-cpu EPYC-IBPB,+ht,+osxsave,+cmp_legacy,+extapic,+skinit,+wdt,+tce,+topoext,+perfctr_core,+perfctr_nb,+virt-ssbd **** -m 1024 

# virsh console generic
Connected to domain generic
Escape character is ^]

Red Hat Enterprise Linux Server 7.7 (Maipo)
Kernel 3.10.0-1062.el7.x86_64 on an x86_64

localhost login: root
Password: 
Last login: Tue Jan 14 11:45:19 on ttyS0
[root@localhost ~]# lscpu | grep ssbd
Flags:                 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm art rep_good nopl extd_apicid eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw retpoline_amd ssbd ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 virt_ssbd **** arat

All the test results are as expected, move this bug to be verified.
Comment 7 errata-xmlrpc 2020-02-04 19:29:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0367