+++ This bug was initially created as a clone of Bug #1644848 +++ Description of problem: An existing VM (running Fedora 28) will not start in F29. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Attempt to run a VM created under F28, using Virtual Machine Manager 2.Fail 3. Actual results: Error starting domain: internal error: process exited while connecting to monitor: 2018-10-31T17:12:46.079682Z qemu-system-x86_64: can't apply global IvyBridge-IBRS-x86_64-cpu.osxsave=on: Property '.osxsave' not found Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 111, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 66, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1344, in startup self._backend.create() File "/usr/lib64/python3.7/site-packages/libvirt.py", line 1080, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirt.libvirtError: internal error: process exited while connecting to monitor: 2018-10-31T17:12:46.079682Z qemu-system-x86_64: can't apply global IvyBridge-IBRS-x86_64-cpu.osxsave=on: Property '.osxsave' not found Expected results: VM working as before Additional info: Guest is a basic F28 server with no GUI and has worked correctly before updating the host to F29. --- Additional comment from Daniel Berrange on 2018-10-31 17:22:57 UTC --- The "osxsave" property was removed from QEMU upstream as it was never actually exposed to the guests. I expect that your existing guest has this CPU flag encoded in its XML config, as it was a previously supported flag. Fixing it should be as simple as "virsh edit $guest" as root and delete the mention of "osxsave" feature flag. Newly provisioned guests shouldn't get given this flag in the first place, only upgraded guests will suffer. --- Additional comment from Patrick O'Callaghan on 2018-10-31 21:12:35 UTC --- (In reply to Daniel Berrange from comment #1) > The "osxsave" property was removed from QEMU upstream as it was never > actually exposed to the guests. > > I expect that your existing guest has this CPU flag encoded in its XML > config, as it was a previously supported flag. > > Fixing it should be as simple as "virsh edit $guest" as root and delete the > mention of "osxsave" feature flag. > > Newly provisioned guests shouldn't get given this flag in the first place, > only upgraded guests will suffer. That solved it, thanks. Curiously, a Windows 10 guest, also inherited from F28, does not have this problem as the osxsave feature was not set. I've no idea why. --- Additional comment from Daniel Berrange on 2018-11-01 10:19:32 UTC --- Maybe the problematic guest was in fact installed under an even earlier Fedora release than the Windows guest ? In any case, while this is a genuine problem, I don't think we're going to try todo anything to automagically remove the flags on upgrade, so i'm moving this to WONTFIX. --- Additional comment from Patrick O'Callaghan on 2018-11-01 10:56:35 UTC --- (In reply to Daniel Berrange from comment #3) > Maybe the problematic guest was in fact installed under an even earlier > Fedora release than the Windows guest ? > > In any case, while this is a genuine problem, I don't think we're going to > try todo anything to automagically remove the flags on upgrade, so i'm > moving this to WONTFIX. In fact it's the oher way round. The Windows guest was installed over a year ago. The Fedora guest is only a couple of months old at most. --- Additional comment from Patrick O'Callaghan on 2019-01-04 12:23:55 UTC --- (In reply to Patrick O'Callaghan from comment #4) > (In reply to Daniel Berrange from comment #3) > > Maybe the problematic guest was in fact installed under an even earlier > > Fedora release than the Windows guest ? > > > > In any case, while this is a genuine problem, I don't think we're going to > > try todo anything to automagically remove the flags on upgrade, so i'm > > moving this to WONTFIX. > > In fact it's the oher way round. The Windows guest was installed over a year > ago. The Fedora guest is only a couple of months old at most. FYI an attempt to create a new VM triggered this error again. Since the VM XML file was never created, I had to track down the offending line in /usr/share/libvirt/cpu_map/x86_features.xml and remove it. --- Additional comment from Patrick O'Callaghan on 2019-01-05 12:57:07 UTC --- (In reply to Patrick O'Callaghan from comment #5) > (In reply to Patrick O'Callaghan from comment #4) > > (In reply to Daniel Berrange from comment #3) > > > Maybe the problematic guest was in fact installed under an even earlier > > > Fedora release than the Windows guest ? > > > > > > In any case, while this is a genuine problem, I don't think we're going to > > > try todo anything to automagically remove the flags on upgrade, so i'm > > > moving this to WONTFIX. > > > > In fact it's the oher way round. The Windows guest was installed over a year > > ago. The Fedora guest is only a couple of months old at most. > > FYI an attempt to create a new VM triggered this error again. Since the VM > XML file was never created, I had to track down the offending line in > /usr/share/libvirt/cpu_map/x86_features.xml and remove it. Removing the line from /usr/share/libvirt/cpu_map/x86_features.xml didn't fix the problem. I'm still getting a complaint about .osxsave so presumably it's being set somewhere else. --- Additional comment from Cole Robinson on 2019-01-06 21:45:14 UTC --- Reopening. Patrick can you provide: * full virt-manager --debug output from app startup to reproducing the bug * /var/log/libvirt/qemu/$vmname.log , for the VM name you are trying to create * output of: sudo virsh domcapabilities --- Additional comment from Patrick O'Callaghan on 2019-01-07 11:16:30 UTC --- (In reply to Cole Robinson from comment #7) > Reopening. Patrick can you provide: > > * full virt-manager --debug output from app startup to reproducing the bug > * /var/log/libvirt/qemu/$vmname.log , for the VM name you are trying to > create > * output of: sudo virsh domcapabilities On a second attempt, the error refuses to show itself. I tried both with and without the change to /usr/share/libvirt/cpu_map/x86_features.xml and it made no difference. I can only assume it's because I rebooted after some system updates (though these were not to qemu or libvirt directly). Now on kernel 4.19.13-300.fc29.x86_64 if it matters. Sorry for the noise. I'll come back to this if it happens again.
According to the following info, cloned this bug: commit 2900575db892700fab8a4b8541474d9bd3444a4a Author: Christian Ehrhardt <christian.ehrhardt> Date: Thu Apr 25 11:04:29 2019 +0200 qemu: do not define known no-op features Qemu dropped cpu features for osxsave and ospke [1][2]. The reason for the instant removal is that those features were never configurable as discussed in [3]. Fortunately the use cases adding those flags in the past are rare, but they exist. One that I identified are e.g. older virt-install when used with --cpu=host-model and there always could be the case of a user adding it to the guest xml. This triggers an issue like: qemu-system-x86_64: can't apply global Broadwell-noTSX-x86_64- cpu.osxsave=on: Property '.osxsave' not found Ensure that this does no more break spawning newer qemu versions by not rendering those features into the qemu command line. Fixes: https://bugs.launchpad.net/fedora/+source/qemu/+bug/1825195
Version: kernel-4.18.0-83.el8.x86_64 qemu-kvm-4.0.0-0.module+el8.1.0+3169+3c501422.x86_64 libvirt-5.3.0-1.module+el8.1.0+3164+94495c71.x86_64 Info: # lscpu |grep Flags Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single pti ssbd mba ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts pku ospke flush_l1d # virsh domcapabilities |grep Ivy <model usable='yes'>IvyBridge-IBRS</model> <model usable='yes'>IvyBridge</model> # virsh domstate test shut off # virsh dumpxml test |grep "<cpu" -A4 <cpu mode='custom' match='exact' check='partial'> <model fallback='allow'>IvyBridge-IBRS</model> <feature policy='disable' name='osxsave'/> </cpu> # virsh start test error: Failed to start domain test error: internal error: process exited while connecting to monitor: 2019-06-25T03:48:52.835394Z qemu-kvm: can't apply global IvyBridge-IBRS-x86_64-cpu.osxsave=off: Property '.osxsave' not found # virsh domstate test shut off # virsh dumpxml test |grep "<cpu" -A4 <cpu mode='custom' match='exact' check='partial'> <model fallback='allow'>IvyBridge-IBRS</model> <feature policy='disable' name='ospke'/> </cpu> # virsh start test error: Failed to start domain test error: internal error: process exited while connecting to monitor: 2019-06-25T03:49:13.931562Z qemu-kvm: can't apply global IvyBridge-IBRS-x86_64-cpu.ospke=off: Property '.ospke' not found
This is already fixed upstream by commit 2900575db892700fab8a4b8541474d9bd3444a4a Refs: v5.3.0-77-g2900575db8 Author: Christian Ehrhardt <christian.ehrhardt> AuthorDate: Thu Apr 25 11:04:29 2019 +0200 Commit: Christian Ehrhardt <christian.ehrhardt> CommitDate: Wed May 15 09:32:52 2019 +0200 qemu: do not define known no-op features Qemu dropped cpu features for osxsave and ospke [1][2]. The reason for the instant removal is that those features were never configurable as discussed in [3]. Fortunately the use cases adding those flags in the past are rare, but they exist. One that I identified are e.g. older virt-install when used with --cpu=host-model and there always could be the case of a user adding it to the guest xml. This triggers an issue like: qemu-system-x86_64: can't apply global Broadwell-noTSX-x86_64- cpu.osxsave=on: Property '.osxsave' not found Ensure that this does no more break spawning newer qemu versions by not rendering those features into the qemu command line. Fixes: https://bugs.launchpad.net/fedora/+source/qemu/+bug/1825195 Resolves: https://bugzilla.redhat.com/1644848 [1]: https://git.qemu.org/?p=qemu.git;a=commit;h=f1a2352 [2]: https://git.qemu.org/?p=qemu.git;a=commit;h=9ccb978 [3]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg561877.html Signed-off-by: Christian Ehrhardt <christian.ehrhardt> Reviewed-by: Daniel Henrique Barboza <danielhb413> Tested-by: Daniel Henrique Barboza <danielhb413> and later updated with commit b12865260a0f24ab86ddaf3547b2f2e2c595d429 Refs: v5.4.0-221-gb12865260a Author: Jiri Denemark <jdenemar> AuthorDate: Thu Jun 6 14:39:52 2019 +0200 Commit: Jiri Denemark <jdenemar> CommitDate: Thu Jun 20 00:22:37 2019 +0200 qemu: Drop qemuFeatureNoEffect We already have virQEMUCapsCPUFilterFeatures for filtering features which QEMU does not know about. Let's move osxsave and ospke from qemuFeatureNoEffect there. Signed-off-by: Jiri Denemark <jdenemar> Reviewed-by: Ján Tomko <jtomko> commit 955fd6e7a2c8dc97e9e68d1bd9ba9d03c7d815b3 Refs: v5.4.0-222-g955fd6e7a2 Author: Jiri Denemark <jdenemar> AuthorDate: Thu Jun 6 12:33:43 2019 +0200 Commit: Jiri Denemark <jdenemar> CommitDate: Thu Jun 20 00:22:37 2019 +0200 qemu_process: Drop cleanup label from qemuProcessUpdateGuestCPU Signed-off-by: Jiri Denemark <jdenemar> Reviewed-by: Ján Tomko <jtomko> commit c145b660b8225f73db16660461077ef931730939 Refs: v5.4.0-223-gc145b660b8 Author: Jiri Denemark <jdenemar> AuthorDate: Fri Jun 7 14:07:10 2019 +0200 Commit: Jiri Denemark <jdenemar> CommitDate: Thu Jun 20 00:22:37 2019 +0200 cpu_conf: Introduce virCPUDefFilterFeatures This new internal API can be used for in place filtering of CPU features in virCPUDef. Signed-off-by: Jiri Denemark <jdenemar> Reviewed-by: Ján Tomko <jtomko> commit 0b763774a5e6eb87f109c86171631cebe012e2b3 Refs: v5.4.0-224-g0b763774a5 Author: Jiri Denemark <jdenemar> AuthorDate: Thu Jun 6 14:51:14 2019 +0200 Commit: Jiri Denemark <jdenemar> CommitDate: Thu Jun 20 00:22:37 2019 +0200 qemu: Filter CPU features in active XML Properly filter features which should not be passed to QEMU because they were never supported by QEMU or they did nothing and QEMU dropped them. Currently they are just silently ignored by the command line generator. Let's make this process more visible and clean by dropping the features from the domain's active definition in qemuProcessUpdateGuestCPU. Signed-off-by: Jiri Denemark <jdenemar> Reviewed-by: Ján Tomko <jtomko>
Hi jiri I tried to verify this bug, and found the following issue: Version: libvirt-5.5.0-1.module+el8.1.0+3580+d7f6488d.x86_64 qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64 kernel-4.18.0-112.el8.x86_64 Steps: The following scenario is tested in physical host which supports ospke flag. # virsh domstate vm1 shut off # virsh dumpxml vm1 |grep "<cpu" -A3 <cpu mode='host-model' check='partial'> <model fallback='allow'/> <feature policy='disable' name='ospke'/> </cpu> # virsh start vm1 Domain vm1 started # virsh dumpxml vm1 |grep "<cpu" -A17 <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>Cascadelake-Server</model> <vendor>Intel</vendor> <feature policy='require' name='ss'/> <feature policy='require' name='vmx'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='umip'/> <feature policy='require' name='pku'/> <feature policy='require' name='md-clear'/> <feature policy='require' name='stibp'/> <feature policy='require' name='arch-capabilities'/> <feature policy='require' name='xsaves'/> <feature policy='disable' name='mpx'/> </cpu> # ps -ef |grep vm1 qemu 60266 1 86 21:44 ? -cpu Cascadelake-Server,ss=on,vmx=on,hypervisor=on,tsc_adjust=on,umip=on,pku=on,md-clear=on,stibp=on,arch-capabilities=on,xsaves=on # virsh console vm1 Connected to domain vm1 Escape character is ^] Red Hat Enterprise Linux 8.1 Beta (Ootpa) Kernel 4.18.0-107.el8.x86_64 on an x86_64 localhost login: root Password: # lscpu |grep ospke Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves arat umip pku ospke So my question is: Even through I configure ospke/oxsave for inactive dumpxml of VM, the related conf will disappear after VM starts. But this flag will be in guest OS, does that mean the related flags will be in guest OS when the physical host supports these two flags? If not, How can I distinguish when the related flag will be in guest OS?
The flag disappears from domain XML because QEMU does not support it to be enabled or disabled on the command line. That is, there's no way to tell QEMU to explicitly enable or disable ospke. The QEMU commit which removed ospke flag says the following: OSPKE is not a static feature flag: it changes dynamically at runtime depending on CR4, and it was never configurable: KVM never returned OSPKE on GET_SUPPORTED_CPUID, and on TCG enables it automatically if CR4_PKE_MASK is set. Remove OSPKE from the feature name array so users don't try to configure it manually. I think everything works as expected here.
Verified this bug on libvirt-5.5.0-1.module+el8.1.0+3580+d7f6488d.x86_64. Version: libvirt-5.5.0-1.module+el8.1.0+3580+d7f6488d.x86_64 qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64 kernel-4.18.0-115.el8.x86_64 Steps: 1. Start a VM with the following conf; check dumpxml and qemu cmd line # virsh domstate vm1 shut off # virsh dumpxml vm1 --inactive |grep "<cpu" -A4 <cpu mode='custom' match='exact' check='partial'> <model fallback='allow'>IvyBridge-IBRS</model> <feature policy='disable' name='osxsave'/> <feature policy='force' name='ospke'/> </cpu> # virsh start vm1 Domain vm1 started # virsh dumpxml vm1 |grep "<cpu" -A17 <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>IvyBridge-IBRS</model> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='xsaveopt'/> </cpu> # ps -ef |grep vm1 qemu 40850 1 47 02:24 ? ... -cpu IvyBridge-IBRS 2. Managedsave VM and then start VM; then check VM dumpxml again # virsh managedsave vm1 Domain vm1 state saved by libvirt # virsh domstate vm1 shut off # virsh dumpxml vm1 |grep "<cpu" -A3 <cpu mode='custom' match='exact' check='partial'> <model fallback='allow'>IvyBridge-IBRS</model> <feature policy='disable' name='osxsave'/> <feature policy='force' name='ospke'/> </cpu> # virsh start vm1 Domain vm1 started # virsh dumpxml vm1 |grep "<cpu" -A17 <cpu mode='custom' match='exact' check='full'> <model fallback='forbid'>IvyBridge-IBRS</model> <feature policy='require' name='hypervisor'/> <feature policy='require' name='arat'/> <feature policy='require' name='xsaveopt'/> </cpu> # ps -ef |grep vm1 qemu 41150 1 5 02:26 ? ...-cpu IvyBridge-IBRS,hypervisor=on,arat=on,xsaveopt=on 3. Create snapshot for VM and check snapshot-dumpxml # virsh snapshot-create-as vm1 --disk-only Domain snapshot 1563258461 created # virsh snapshot-list vm1 Name Creation Time State --------------------------------------------------------- 1563258461 2019-07-16 02:27:41 -0400 disk-snapshot # virsh snapshot-dumpxml vm1 1563258461 |grep "<cpu" -A7 <cpu mode='custom' match='exact' check='partial'> <model fallback='forbid'>IvyBridge-IBRS</model> </cpu> As the test steps above shows, libvirt drops these 2 kinds of cpu features during starting VM, managedsaving VM and snapshot-creating. The test result is as expected, move this bug to be verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3723